Search Information Security site


Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jan 29, 2019 11:33 AM]

Greetings From Mrs Lizzy Raphael 

I'm contacting you based on your good profiles I read and for a good reasons, I am in search of a property to buy in your country as I intended to come over to your country for investment, Though I have not meet with you before but I believe that one has to risk confiding in someone to succeed sometimes in life.

My name is Mrs Lizzy Raphael. My late husband deals on Crude Oil with Federal Government of Sudan and he has a personal Oil firm in Bentiu Oil zone town and Upper Nile city. What I have experience physically, I don't wish to experience it again in my life due to the recent civil Ethnic war cause by our President Mr. Salva Kiir and the rebel leader Mr Riek Machar, I have been Under United Nation refuge camp in chad to save my life and that of my little daughter.

Though, I do not know how you will feel to my proposal, but the truth is that I sneaked into Chad our neighboring country where I am living now as a refugee.
I escaped with my little daughter when the rebels bust into our house and killed my husband as one of the big oil dealers in the country, ever since then, I have being on the run.

I left my country and move to Chad our neighboring country with the little ceasefire we had, due to the face to face peace meeting accord coordinated by the US Secretary of State, Mr John Kerry and United Nations in Ethiopia (Addis Ababa) between our President Mr Salva Kiir and the rebel leader Mr Riek Machar to stop this war.

I want to solicit for your partnership with trust to invest the $8 million dollars deposited by my late husband in Bank because my life is no longer safe in our country, since the rebels are looking for the families of all the oil business men in the country to kill, saying that they are they one that is milking the country dry.

I will offer you 20% of the total fund for your help while I will partner with you for the investment in your country.
If I get your reply.

I will wait to hear from you so as to give you details.
With love from
Mrs Lizzy Raphael

[Posted: Jan 29, 2019 10:49 AM]

Good Day,

I am Collin Smith, a solicitor.

I am the personal attorney/sole executor to the late Mr. Mark Spencer, hereinafter referred to as 'my client’. The late Mr. Mark Spencer has worked as an independent oil magnate in my country and unfortunately he died in a car crash with his immediate family on the 5th of Nov 2002. Since the death of my client in Nov, 2002; I have written several letters to the embassy of your country with intent to locate any of his extended relatives to receive the sum of $5.5Million that my client has deposited with a local bank in my country. We are now in 2019, this means 17 years that I have not succeeded to locate any member of his family. I am about to go for retirement and I want to introduce you to the bank as the cousin of the late Mr. Mark Spencer and you will receive the payment. Please tell me how you want us to share that money. This project is risk free because nobody show up after 17 years and I am planning to fold up my law firm after you have received the payments; in addition you are not requested to travel down to the bank. Waiting to hear from you

Collin Smith

[Posted: Jan 21, 2019 6:44 PM]

From: MARTINEZ, GILBERT H. <ghmartinez[at]>
Sent: Monday, January 21, 2019 9:46 AM

Your Outlook Mailbox Will Expire Today 21/01/2019 

This to notify you that we are currently updating the windows Service agreement and privacy Statement.
Please Keep Your Security Information Updated.

Do not Ignore!

Update Now

 NOTE: Your Outlook Email Address Will be Disabled if Not Updated.

Thank You for using our services

[Posted: Jan 18, 2019 11:49 AM]

From: Kelli Johnson <kjohnso2[at]>
Date: Friday, January 18, 2019 at 10:58 AM
To: Kelli Johnson <kjohnso2[at]>
Subject: Outlook Up Date

All Staffs  are expected to migrate to the New 2019 Microsoft Outlook Web portal to access the below, click here<hxxps://> to migrate:

·    Access the new staff directory
·    Access your pay slips and P60s
·    Update your ID photo
·     E-mail and Calendar Flexibility
·    Connect mobile number to e-mail for voicemail

Important notice:  All staffs  are expected to migrate within 24 hours to avoid delay on mail delivery.

On behalf of IT Support. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory.

Admin Team.

[Posted: Jan 18, 2019 9:40 AM]

Dear Customers ,


Someone just tried to log in to your account from other device on January, 18 2019


Please following this step:

1. Download or view this attachment.

2. Confirm your identity.


Thank You

Apple Team,

[Posted: Jan 17, 2019 9:44 PM]

Email Alert

Your mst3k[at] has been compromised due to our recent server update.
This will lead to your account delete from our sever and all data will be lost.

To help keep you safe, Re-activate Email below to prevent your account.


Email Support Team

[Posted: Jan 17, 2019 3:51 PM]

Email Alert

Your has been compromised due to our recent server update.
This will lead to your account delete from our sever and all data will be lost.

To help keep you safe, Re-activate Email below to prevent your account.

Re-Activate [hxxps://]

Email Support Team

[Posted: Jan 17, 2019 2:12 PM]

 We need to make sure your contact information is up to date,
   login and verify the information is accurate.
   Active Directory services<hxxp://>
   We need to have this list updated within 24hrs, so please make this a priority.
   Thank You

[Posted: Jan 16, 2019 3:06 PM]

From: Teresa Reeves <treeves[at]>
Sent: Wednesday, January 16, 2019 2:26 PM
Subject: W-9 as requested


Here you go.


Teresa Reeves
Billing Coordinator
Tier 1 Service Desk
DME Tennessee LLC
An Alana Healthcare Company
Office (877) 640-9795
Fax (877) 626-5321


Confidentiality Notice:
This message may contain privileged or confidential information or attachments. It
is intended for the exclusive use of the persons and entities to which it is addressed.
If you are not an intended recipient, please notify the sender by return email that you
received it in error; do not print the message and attachments; and immediately delete
all copies from your computer files. Thank You.

[Posted: Jan 16, 2019 11:24 AM]

From: "" <order[at]> on behalf of "" <order[at]>
Date: Wednesday, January 16, 2019 at 9:42 AM
To: Typical User <mst3k[at]>
Subject: order

Order Confirmation
Order #102-8021288-0054930<hxxp://>

Hi John Gwynn,

Thank you for shopping with us. We confirmation that your item has shipped. Your order details are available on link below. The payment details of your transaction can be found on the order invoice<hxxp://>.

Your estimated delivery date is:
Thursday, January 17, 2019 - Saturday, January 19, 2019
Your shipping speed:
Express <hxxp://> [Order details] <hxxp://> <hxxp://>

Payment Summary

Order #102-8021288-0054930<>

Item Subtotal:


Shipping & Handling:


Total Before Tax:


Estimated Tax:


Order Total:


Thank you for shopping with us.

The payment for your invoice is processed by Amazon Payments, Inc. P.O. Box 81226 Seattle, Washington 98108-1226. If you need more information, please contact (866) 215-5005


[Posted: Jan 16, 2019 9:32 AM]

From: mst3k[at] <mst3k[at]>
Sent: Wednesday, January 16, 2019 1:38 PM
To: User, Typical  (mst3k)
Subject: High danger. Your account was attacked.


As you may have noticed, I sent you an email from your account.
This means that I have full access to your acc: On moment of crack password: dndsfuin sdfu.

You say: this is my, but old password!
Or: I will change my password at any time!

Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!

I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence from e-mail and messangers.

Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $749 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1KeCBKUgQDyyMpaXhfpRi2qUvdtdtsT44o

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

[Posted: Jan 16, 2019 9:08 AM]

Date: Tuesday, January 15, 2019 at 10:52 PM
To: Typical User <mst3k[at]>
Subject: DHL Shipment Successful Air Waybill No:0090392223




A Parcel meant for you arrived at the POST office last week. Our courier was unable to deliver the parcel to your address.

To receive the Parcel, you should go to our nearest DHL Office and take with you your mailing label.

Sign in<hxxps://[at]> and print your mailing label. You will be required to show it at our nearest DHL office to receive the parcel. Follow Here<hxxps://[at]> to sign in

Thank you for using DHL Express. We look forward to providing you exceptional service and fast, reliable delivery at the best possible rates. Have questions? For your convenience, we offer you a choice in contacting Customer Service:

For online Customer Service, follow here<hxxps://[at]>.


To speak with a Customer Service Representative, call us at any of our offices using a touchtone phone.

*20% off savings valid on DHL Express export services purchased online with a major credit card. All services may not be available in all areas and are subject to DHLÌs terms and conditions as published at<hxxps:// and/or as set forth on the waybill of the country of origin.
©2018 DHL Express, Inc. All rights reserved.


[Posted: Jan 16, 2019 8:35 AM]

From: Office365 Invoice Portal <invoice[at]>
Sent: Tuesday, January 15, 2019 8:14 PM
To: mst3k[at]
Subject: You have electronic invoice(s) available in the Office365 document/invoice Portal.

Dear Sir/Madam,

You have electronic invoice(s) available in the Office365 document/invoice Portal.

                eInvoice        Traffic Invoice#        Stations(s)     Buyer   Date
View<hxxp://>       Download<hxxp://>   E25925  IN-1181225925   WFGY-FM JD'S Contruction        01/15/2019

The Office365 Portal<hxxp://> is a service provided by Office365. Click the links above to directly view or download.

[Posted: Jan 15, 2019 9:58 AM]

From: grandesempresas.corporativo.1[at] <grandesempresas.corporativo.1[at]>
Sent: Monday, January 14, 2019 5:56 PM
To: User, Typical (mst3k)
Subject: New invoice 01/15/2019


The attached document gives details of the claim that we will make.
Please note that you do not need to make deductions for november.

I have enclosed a copy of the invoice for your reference, you can download \/ view using this link:


Thank you for being a valued customer and using Sarah Puhr.

Sarah Puhr
Direct #: 803-072-5998
872-824-3490 x671

[Posted: Jan 15, 2019 9:55 AM]

From: "User, Typical (nll8s)" <mst3k[at]>
Date: Tuesday, January 15, 2019 at 9:44 AM
Subject: Apply Now !!!


 Congratulations to all new Innovation students on your admission into the UNIVERSITY OF VIRGINIA  . And also welcome back to all the returning student. Note that there is a BIG career showcase happening soon.

See the info below:
Career Showcase is for ALL students, not just Business and Engineering students. There are internship, part-time, and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click  here<hxxps://>  to start Applying.

[Posted: Jan 13, 2019 12:02 PM]

From: Aministrator message [mailto:server[at]]
Sent: Saturday, January 12, 2019 5:22 PM
To: User, Typical (mst3k) <mst3k[at]>

Dear mst3k[at]<mailto:mst3k[at]>,

You have reached your E-Mail storage bandwidth limit. Most of your incoming mails will be placed on hold.


After re-validating your email account all your incoming emails on hold will deliver to your mailbox.

Email Account Server {C} 2019


This message is auto-generated from E-mail<> security server, and replies sent to this email can not be delivered.

[Posted: Jan 11, 2019 4:05 PM]

From: ADMIN <rmoore[at]>
Sent: Friday, January 11, 2019 3:08 PM
Subject: Account Update

Your Email Access have been restricted, An Attempt has been made to sign-In your account from a new computer, If you do not validate your account within 24 Hours, You will not be able to send or receive new mail until you re-validate your mailbox.prior to maintain your INBOX. CLICK HERE<hxxps://> to Verify.

Warm Regards,
Webmail Administrator

[Posted: Jan 10, 2019 7:47 PM]

From: "Houle, Robert Andrew (rah2rb)" <rah2rb[at]<mailto:rah2rb[at]>>
Date: January 10, 2019 at 6:43:26 PM EST
To: "User, Typical (mst3k)" <mst3k[at]>
Subject: BIG Career Showcase!


 Congratulations to all new Innovation students on your admission into the  University of  Virginia . And also welcome back to all the returning student. Note that there is a BIG career showcase happening soon.

See the info below:
Career Showcase is for ALL students, not just Business and Engineering students. There are internship, part-time, and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click   here<hxxps://>  to start Applying.

[Posted: Jan 8, 2019 3:36 PM]

From: UVa Payroll <adriana.luna[at]>
Sent: Tuesday, January 8, 2019 3:30 PM
To: mst3k[at]
Subject: Payroll is available!

1 New Information Regarding Your 2018 Payroll


Copyright © 2018 University of Virginia

[Posted: Dec 13, 2018 3:51 PM]

From: Zoey Copper <niko[at]>
Sent: Thursday, December 13, 2018 2:11 PM
To: User, Typical (mst3k)
Subject: Think twice 


There is the explosive device (Tetryl) in the building where your company is conducted. My recruited person built an explosive device according to my instructions. It can be hidden anywhere because of its small size, it is not able to damage the building structure, but in case of its explosion there will be many wounded people.
My recruited person keeps the building under the control. If any suspicious activity, panic or cop is noticed he will power the device.
I would like to offer you a transaction. 20.000 $ is the cost for your safety. Pay it to me in BTC and I guarantee that I have to call off my recruited person and the bomb won't explode. But do not try to fool me- my warranty will become actual only after 3 confirmations in blockchain network. 

Here is my btc address - 15qH84uLC49CmC6jRE958Qjcf9WRZ

You have to pay me by the end of the workday. If the workday is over and people start leaving the building the bomb will explode.
Nothing personal this is just a business, if you don’t send me the money and the bomb explodes, other companies will send me a lot more, because this isnt a single incident.
To stay anonimous I will no longer visit this email account. I check my wallet every 40 min and if I see the transaction I will give the command to my recruited person to leave your district.

If an explosive device blows up and the authorities see this letter-
We arent terrorists and do not assume any liability for acts of terrorism in other places.


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form