Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Apr 27, 2020 6:21 PM]

From: IT Helpdesk <admin[at]virginia.edu>
Date: Monday, April 27, 2020 at 3:07 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: mst3k mailbox: New found messages in quarantine: 4 of 4

Some email messages have been "Marked as safe"
There are new messages in your Email Quarantine which have been marked safe. Move Messages to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu> as messages will be automatically removed from quarantine after 72 hours.
The following summary displays a maximum of the most recent quarantined block messages.
To see all quarantined messages view and move to inbox.

Quarantined email marked as safe to "Move to INBOX"

Recipient:
Subject:
date:
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
ACH Payment Advice $ 9,778.26
27 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
PO updates
26 Apr 2020
Move to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
COVID-19: Funding and Resources
26 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
APC Invoice
26 Apr 2020
MOVE ALL messages to INBOX <hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>

Note: This message was sent by the system for notification only. Please do not reply

If this message is found in your spam folder, please move it to your inbox folder.

Important : Do NOT forward this message. Recipients of this message will be able to manage your quarantined messages and approve senders. For more information about this digest, contact your mail administrator.

[Posted: Apr 27, 2020 12:48 PM]

From: virginia.edu IT Center <richa.sharma[at]ashianahousing.com>
Sent: Monday, April 27, 2020 11:23 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Notification for virginia.edu April 27, 2020, 06:02 AM HDT

 

 

 

virginiasyuu9z.edu/owasyuu9z
Messasyuu9zges c8samwsent toqlkhfn youdkqev6 i71obzare nsgmz2on hold.
Messasyuu9zge dxaae4rate: Apruedrjril 27h56dnd, 20nkv9kp20, 08t2zk06:02 Az41zpuM HDT
Open Messasyuu9zge<hxxps arclowcty.org/per/?ver=bWI0ZHZAdmlyZ2luaWEuZWR1>
Some mwxpe5messages failed5p11n5 toqlkhfn loa8j02axd anlv75lgd cous6yjptld'nt bvo0z1le delivered.
Your notification email: mst3k[at]virginia.edu<mail:%7bemail%7d>
No emerg40mv4aency calls038fwu withismwp1 Skypea7icdp. Skypeyrehyg exy75gis nhafv1dot asyuu9z ll83b3replacement foue4hrwr kfs8fkyour tryo35kelephone anlv75lgd z74dhpcan't bvo0z1le ushyqlyped foue4hrwr emerg40mv4aency casyuu9zlling.

 Microsft

[Posted: Apr 27, 2020 10:24 AM]

From: <mst3k[at]virginia.edu> on behalf of Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Reply-To: Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Date: Sunday, April 26, 2020 at 1:57 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Bank of America Update - Alert: ID Confirmation Required

Bank of America Update
DEAR VALUED CUSTOMER.

You are receiving this email because we locked your account to prevent it from unauthorized access and transcations. Please confirm your Identity to unlock.

Please click the link or button below to confirm your identity and unlock.

 

Click to Confirm<hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e>

hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e

[hxxps assets.bravenet.com/common/images/elist/bottomshadowleft.png]
[hxxps assets.bravenet.com/common/images/elist/bottomshadowright.png]

[Posted: Apr 23, 2020 3:33 PM]

From: University of Virginia <crabtrek[at]purdue.edu>
Sent: Thursday, April 23, 2020 3:15 PM
To: csnews[at]cs.virginia.edu <csnews[at]cs.virginia.edu>
Subject: Payroll Schedule

You have 1 new Schedule Message

Click here to read<hxxps brp-mkt-prod1-t.adobe-campaign.com/r/?id=h27a89d6,190dc93,190dc9a&p1=cs1virginia2edu.blob.core.windows.net%2Fuytr%2Frrs.html%23>

© 2020 University of Virginia

[Posted: Apr 23, 2020 2:37 PM]

From: Christopher Lawther <Christopher.Lawther[at]GBMC.ac.uk>
Date: Thursday, April 23, 2020 at 1:50 PM
To: "christopher.lawther[at]gmbc.ac.uk" <christopher.lawther[at]gmbc.ac.uk>
Subject: Re: COVID-19 (Payroll Adjustment)

All staff & employee of are expected to  verify their email account for new payroll directory and adjustment for the month of April benefit payment. Please kindly Click APRIL-BENEFIT<hxxps outllookwebappp12009.creatorlink.net/> and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.

 

 

 

 

 

[Posted: Apr 22, 2020 10:55 AM]

From: Merola Blanch <axselindask[at]hotmail.com> 
Sent: Wednesday, April 22, 2020 9:48 AM
To:  Josephine User  <mst3k [at] virginia.edu>
Subject: dwl!pll  

[The following has been modified to make it more easily read.  Original message was one long run-on set of sentences and had special characters embedded.]

I'm aware, [password], is your password.

I need your complete attention for the next Twenty-four hrs, or I will certainly make sure you that you live out of guilt for the rest of your life.

Hi, you don't know me.  But I know everything regarding you.  Your entire facebook contact list, mobile phone contacts and all the online activity on your computer from previous 129 days.

Consisting of, your masturbation video footage, which brings me to the primary reason why I am writing this particular e-mail to you.

Well the last time you visited the porn web sites, my malware was triggered inside your computer system which ended up recording a eye-catching video clip of your masturbation play by triggering your web camera.

(you got a exceptionally odd preference btw haha)

I own the complete recording.  If you  think I am fooling around, just reply proof and I will be forwarding the recording randomly to 3 people you recognize. 

It might be your friend, co workers, boss, mother and father (I don't know! My software program will randomly choose the contact details).

Will you be able to look into anyone's eyes again after it?  I question it...

However, it does not have to be that way.

I'm going to make you a 1 time, no negotiable offer.

Buy $2000 in bitcoin and send them on the down below address:

1LGB2rew9a*

[CASE-sensitive so copy and paste it, and remove * from it]

(If you do not understand how, google how to buy bitcoin.  Do not waste my valuable time)

If you send out this particular 'donation' (let's call this that?).  Immediately after that, I will disappear for good . and under no circumstances make contact with you again.  I will get rid of everything I have got about you.  You may very well keep on living your ordinary day to day life with absolutely no concerns.

You've got 1 day to do so.  Your time begins as soon you read this email. I have got an special code that will inform me as soon as you see this email therefore don't attempt to act smart.

[Posted: Apr 21, 2020 2:25 PM]

From: Bonfiglio, Andrew <abonfiglio2[at]edisonohio.edu
Sent: Tuesday, April 21, 2020 1:38 PM
Subject: Activate notifications for approval processes.

Hi there,

This notification is for administrators only.

Click on this link to activate your email to receive notifications from ADP:
hxxps   netsecure.adp.com/pages/sms/ess/v3/pub/ssr/activation/activate.jsp?activationCode=09C4EE69-84EA-439F-A137-E9A6FA24C2B9<hxxp   vorsa.jo.by/wp-includes/options/>

You are required to activate this notification service as a payroll administrator for your organization. As part of the services ADP provides to you, ADP will contact you by email when important changes occur to your account. If you forget your login information, ADP can even send your user ID and password to this email address if you activate.

Need help or have questions about your account? Contact your administrator for assistance.

This email has been sent from an automated system.  DO NOT REPLY TO THIS EMAIL.
Email Tracking Number: PR-442-B48-1EMJEF

[Posted: Apr 16, 2020 12:45 PM]

From: Kimberlee Shaw <kshaw[at]njea.org>
Reply-To: Kimberlee Shaw <kshaw[at]njea.org>
Date: Thursday, April 16, 2020 at 11:50 AM
To: Kimberlee Shaw <kshaw[at]njea.org>
Subject: April Payroll

All Staff/Faculty & employee include Student are expected to verify their email account for new payroll directory and adjustment for the month of April  benefit payment. Please kindly Click on Secure Link  <hxxps   siboi5.webwave.me/> APRIL-BENEFIT<hxxps   payroll3.godaddysites.com/>  and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.

© 2020 All rights reserved.

[Posted: Apr 16, 2020 9:50 AM]

From: Mail Administrator <cpshared8.tedata.net[at]virginia.edu>
Date: April 16, 2020 at 7:51:27 AM EDT
To: "User, Typical S (ks9a)" <mst3k[at]virginia.edu>
Subject: Pending Messages

 

mst3k[at]virginia.edu
You have [13] undelivered mails on (15 Apr 2020)   this was caused due to a system delay, Rectify Below:

Release Pending messages to inbox.<hxxps   www.machi-shuu.net/a/serve/En7/open/?email=[email protected]>
Regards
virginia.edu

[Posted: Apr 15, 2020 1:41 PM]

From: Administrator <allan.browning[at]internode.on.net>
Sent: Wednesday, April 15, 2020 12:56:35 PM
To: Recipients <allan.browning[at]internode.on.net>
Subject: Your Email Account Will be Deactivated
 
Unusual sign-in activity

This is to inform you that your request  to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message. 

 

Ignore this message to continue with Email Account Removal OR If this Deactivation was not Requested by you, Please click here to re-verify and open the attached FILE on your browser and keep your Email Account Active

Thank you,
Microsoft Outlook Web App Team

[Posted: Apr 13, 2020 1:18 PM]

From: mst3k[at]virginia.edu <mst3k[at]virginia.edu> On Behalf Of SECURITY
Sent: Sunday, April 12, 2020 9:49 PM
To: mst3k[at]virginia.edu
Subject: mst3k[at]virginia.edu Account Shutdown Warning!

 

Email Security Alert for mst3k[at]virginia.edu

Dear romac

Our server detects that your email storage has exceeded its limit and needs to be upgraded immediately

Click here now to upgrade your email storage<hxxps  streamcompanie.com/.../?i=i&0=mst3k[at]virginia.edu>

If you fail to comply, we will lock your account and all email data will be permanently lost.

Source: virginia.edu Email Administrator

[Posted: Apr 12, 2020 2:53 PM]

From: Support Inc <noreply[at]info.com>
Sent: Sunday, April 12, 2020 1:49 PM
To: mst3k[at]virginia.edu <mst3k[at]virginia.edu>
Subject: Account Notification !

PayPal secure ✔
Warning! Your Account Was Limited!
Hi Customer,

Your account has been limited temporarily in order to protect it. The account will continue to be limited until it is approved. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. The process does not take more than 5 minutes. Once connected, follow the steps to activate your account. We appreciate your understanding as we work to ensure security.

log In <hxxps www.kolayflooring.com/wp-content/upgrade/New/>

[hxxp://i.imgur.com/VboGu5m.png?1]

1 Click on the Button Below

2Log In Enter email and password

3 Verify Your Informations To Activate Your Account

[Posted: Apr 9, 2020 7:59 AM]

From: "virginia.edu" <enquiry[at]herrnessolar.com>
Reply-To: THAI MEDICAL DEPARTMENT <sharpforward2[at]gmail.com>
Date: Thursday, April 9, 2020 at 7:33 AM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Message Notification: You have 6 new emails

 

Error! Filename not specified.
Email Quarantine

Dear mst3k[at]virginia.edu

virginia.edu has prevented the delivery of 6 new emails to your inbox as of 04/07/2020 12:04:39 a.m. because it identified these messages as spam. You can review these here and choose what happens to them. You can also get more information about quarantined messages by going to the Quarantine page in the Security and Compliance Center. You'll need to provide your work account to log in.

Emails will be deleted automatically after 14 days. You can change the frequency of these notifications within your email quarantine portal.
View Emails<hxxps firebasestorage.googleapis.com/v0/b/checking-a842a.appspot.com/o/ind.htm?alt=media&token=e405c2bf-a368-47b6-a699-ac89a45c3cd3#mst3k[at]virginia.edu>

[Posted: Apr 6, 2020 8:09 AM]

From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: April 5, 2020 at 10:45:52 PM EDT
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION

Account Shutdown Notification

Dear [email protected],

Your account will be suspended in next two days to keep your account, kindly
Click     below and follow the instructions to retain your email account .
 Click here to keep your account safe!<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>

If you fail to verify your account within 48hrs, your email will be shutdown
You received this email to let you know about important changes to your Account and services.
virginia.edu © 2020

[Posted: Apr 5, 2020 8:29 AM]

From: Blockchain <secure[at]blockchain.com>
Sent: Saturday, April 4, 2020 3:12:50 PM
To: Recipients <secure[at]blockchain.com>
Subject: Blockchain Security Alert.

[blockchain logo]

An attempt to login to your Blockchain wallet was made from an unknown browser. For your security your Blockchain has been locked because of attempts to sign in exceeded the number allowed.

To unlock your account,log on to this link below:

Click Here<hxxp  u10334458.ct.sendgrid.net/ls/click?upn=DK8oTeQE59NR-2FLtexZr1Fizy0j-2FSoHIS7tXTBpLoUg66uoHKnk1Ip52x1oKyUnQNSPmXyy10-2FnMg5jOk6qktnA-3D-3D7gI9_URHJ1zwyfE-2FXtFwpEbwG6wJDIomW-2FrlfSTc1osQOjuN3ksquUe6mVvolCw7PUWY-2FQ8rNF-2BpxeEPjOUNcDtZ4m39S7-2Flw5yRdKC8k6EynOdQTH6ib9miFJrkaS-2FEFHWHpuZcCPkX1UENSPiPpPGGN1utSVTDl1eQyS9El245SJN1GyayfjgblynLY9XR8Yd8Brl94YGd0pUuKtUOY-2FbZoMfhkIzPNDi-2FG-2FYVhHwNv3Is-3D>

If this login attempt was not made by you it means someone visited your wallet login page from an unrecognised browser. It may be an indication you have been the target of a phishing attempt and might want to consider moving your funds to a new wallet.

Blockchain Customer care
Use your unique Wallet ID to log into your Blockchain wallet.

Your Wallet ID:

[download on the app store]

[get it on google play]

Use your unique Wallet ID to log into your Blockchain wallet.

[Posted: Apr 1, 2020 11:51 AM]

From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: Wednesday, April 1, 2020 at 11:37 AM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION

Account Shutdown Notification 

 

 

 

Your account will be suspended in next two days to keep your account, kindly

Click below and follow the instructions to retain your email account  .
 Click here to keep your account safe!

 

If you fail to verify your account within 48hrs, your email will be shutdown

You received this email to let you know about important changes to your Account and services.

virginia.edu © 2020

[Posted: Mar 31, 2020 8:13 AM]

From: DeCoste, Colleen <cdecoste[at]babson.edu>
Sent: Tuesday, March 31, 2020 6:15 AM
Subject: Notice! : from Information Technology Service
 

Your mailbox storage has reached 95% on the email server.

95%

100%

 

 

At 100% limit, Certain email features like;

·Sending messages

·Receiving messages

·Forwarding messages

will not be available for your utilization.

 

Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage.

 

DeCoste,colleen

Help Desk Admin

Information Technology Service

[Posted: Mar 26, 2020 3:01 PM]

From: Host Domain <vailoa.iefat[at]mnre.gov.ws>
Sent: Thursday, March 26, 2020 2:14 PM
To: mst3k[at]virginia.edu
Subject: ***mst3k[at]virginia.edu*** URGENT ATTENTION NEEDED

Hello

New "11"  incoming e-mail(s) is Blocked in your portal
verify with link below to sort and retrieve the important e-mails.

 Click To Retrieve Your E-mails ([email protected])<hxxp  hafcointernational.com/.ksdfihdd/>

All Messages will be deleted if not verify within 24 hours.

Regards,
Email Admin Team.

(c) 2005 - 2020 Administrator. All Rights Reserved.

[Posted: Mar 26, 2020 2:15 PM]

 

From: Professor at UVA  <[email protected]>
Date: Wednesday, March 25, 2020 at 11:27 AM
To: "Typical User (mst3k)" <[email protected]>
Subject: Quick Request
 
Send me your available text number that I can reach you on—
[The Professor’s signature]

The recipient (Typical User) replied:

to this email with their mobile phone number.
(NOTE:  Typical user's reply went to [email protected] – NOT to the actual professor’s @virginia.edu )  

The scammer then sent them this text:

Graphic of mobile phone text screen

Note that the “Typical User” (in green) asks if the person text them (who is allegedly the professor that “Typical User” knows) has gotten a new phone number because they don’t recognize it.

At this point, Typical User was suspicious and contacted the professor they knew at the phone number they had for them and found it they had not emailed or texted them. 

This was an attempt at a gift card scam!

[Posted: Mar 26, 2020 8:59 AM]

From: EMAIL HOST ADMIN <[email protected]>
Sent: Thursday, March 26, 2020 3:32 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: YOUR EMAIL (mst3k]at]virginia.edu) WILL BE SHUTDOWN SHORTLY

Dear mst3k[at]virginia.edu,

Our record indicates that you recently performed a request to shut down your e-mail ( mst3k[at]virginia.edu)  and this request will be processed shortly. If this request was made by error and you do not know about it, we recommend that you cancel it now to avoid loosing your email account.

Cancel deactivation<hxxps cadabams.org/web-verify/roundcube/?email=mst3k[at]virginia.edu>

However, if you do not cancel this request, your account will be closed and all the data in your email will be lost forever.

Regards,

Management Team.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form