Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: May 4, 2020 1:12 PM]

From: "Dunsbee, Nicola" <Nicola.Dunsbee[at]courtauld.ac.uk>
Date: Monday, May 4, 2020 at 1:04 PM
To: "updates[at]mail.docusiign.com" <updates[at]mail.docusiign.com>
Subject: Xerox: Complete Document

You've received a document from a Xerox Scanner. It was scanned and sent to you using a Xerox Work Centre on Office 365.

Number of Images: 2
Attachment File Type: PDF

Device Name: Work centre 4605

For more information on Xerox products and solutions, please visit Xerox Service.

[Posted: May 4, 2020 8:32 AM]

Mail Quota: (98% Full)    
 

 
   Attention: mst3k[at]virginia.edu

Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.

Upgrade Email Quota

Source: Email Administrator

[Posted: May 2, 2020 6:46 PM]

From: Virginia Mail Team <auth.go9382[at]outluk.com<mailto:auth.go9382[at]outluk.com>>
Subject: Storage synchronization failure
Date: May 2, 2020 at 15:15:36 EDT
To: mst3k[at]virginia.edu<mailto: mst3k[at]virginia.edu>

This email was originated automatically from virginia.edu<http://virginia.edu>.

You have {5} undelivered mails clustered on your cloud due to low mailbox storage capacity,

We bring to your notice, approval from you to deliver messages and restore cloud storage.

Follow the instruction below to resolve issue and release pending messages to inbox.

MOVE MAILS TO INBOX <hxxp  likee-bike.shop//#mst3k[at]virginia.edu> CLEAN-UP CLOUD<hxxp:  likee-bike.shop//#mst3k[at]virginia.edu>

 

[Posted: Apr 30, 2020 10:30 AM]

ithelpdesk892[at]gmail.com has shared the following document:
 

Adjunct Evaluation .docx

 
 
 
 
Unknown profile photoDorothy Realname has shared a file with you
 
Open
     
     
     
 
     
     
     
Google Drive: Have all your files within reach from any device. 
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

[Posted: Apr 30, 2020 8:35 AM]

From: "it.helpdesk[at]virginia.edu" <it.helpdesk[at]virginia.edu>
Date: Thursday, April 30, 2020 at 2:59 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: New Restriction mst3k[at]virginia.edu Quota Update!!

Dear mlk4sf

Access to your mailbox is about to expire, We recommend
that you Re-validate your account to avoid the suspension.

Update Account<hxxps  aphroditenyc.com/update/index.php?email=mst3k[at]virginia.edu>

Update your email by Accessing your email account within 24hrs

Thanks

@ virginia.edu
Copy 2020

[Posted: Apr 28, 2020 9:30 PM]

Hello, 

The file for your review is attached below. 
You can contact me with any questions you have, do let me know. 

ATTACHMENT DOWNLOAD

Thank You

[Posted: Apr 27, 2020 6:21 PM]

From: IT Helpdesk <admin[at]virginia.edu>
Date: Monday, April 27, 2020 at 3:07 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: mst3k mailbox: New found messages in quarantine: 4 of 4

Some email messages have been "Marked as safe"
There are new messages in your Email Quarantine which have been marked safe. Move Messages to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu> as messages will be automatically removed from quarantine after 72 hours.
The following summary displays a maximum of the most recent quarantined block messages.
To see all quarantined messages view and move to inbox.

Quarantined email marked as safe to "Move to INBOX"

Recipient:
Subject:
date:
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
ACH Payment Advice $ 9,778.26
27 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
PO updates
26 Apr 2020
Move to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
COVID-19: Funding and Resources
26 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
APC Invoice
26 Apr 2020
MOVE ALL messages to INBOX <hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>

Note: This message was sent by the system for notification only. Please do not reply

If this message is found in your spam folder, please move it to your inbox folder.

Important : Do NOT forward this message. Recipients of this message will be able to manage your quarantined messages and approve senders. For more information about this digest, contact your mail administrator.

[Posted: Apr 27, 2020 12:48 PM]

From: virginia.edu IT Center <richa.sharma[at]ashianahousing.com>
Sent: Monday, April 27, 2020 11:23 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Notification for virginia.edu April 27, 2020, 06:02 AM HDT

 

 

 

virginiasyuu9z.edu/owasyuu9z
Messasyuu9zges c8samwsent toqlkhfn youdkqev6 i71obzare nsgmz2on hold.
Messasyuu9zge dxaae4rate: Apruedrjril 27h56dnd, 20nkv9kp20, 08t2zk06:02 Az41zpuM HDT
Open Messasyuu9zge<hxxps arclowcty.org/per/?ver=bWI0ZHZAdmlyZ2luaWEuZWR1>
Some mwxpe5messages failed5p11n5 toqlkhfn loa8j02axd anlv75lgd cous6yjptld'nt bvo0z1le delivered.
Your notification email: mst3k[at]virginia.edu<mail:%7bemail%7d>
No emerg40mv4aency calls038fwu withismwp1 Skypea7icdp. Skypeyrehyg exy75gis nhafv1dot asyuu9z ll83b3replacement foue4hrwr kfs8fkyour tryo35kelephone anlv75lgd z74dhpcan't bvo0z1le ushyqlyped foue4hrwr emerg40mv4aency casyuu9zlling.

 Microsft

[Posted: Apr 27, 2020 10:24 AM]

From: <mst3k[at]virginia.edu> on behalf of Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Reply-To: Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Date: Sunday, April 26, 2020 at 1:57 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Bank of America Update - Alert: ID Confirmation Required

Bank of America Update
DEAR VALUED CUSTOMER.

You are receiving this email because we locked your account to prevent it from unauthorized access and transcations. Please confirm your Identity to unlock.

Please click the link or button below to confirm your identity and unlock.

 

Click to Confirm<hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e>

hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e

[hxxps assets.bravenet.com/common/images/elist/bottomshadowleft.png]
[hxxps assets.bravenet.com/common/images/elist/bottomshadowright.png]

[Posted: Apr 23, 2020 3:33 PM]

From: University of Virginia <crabtrek[at]purdue.edu>
Sent: Thursday, April 23, 2020 3:15 PM
To: csnews[at]cs.virginia.edu <csnews[at]cs.virginia.edu>
Subject: Payroll Schedule

You have 1 new Schedule Message

Click here to read<hxxps brp-mkt-prod1-t.adobe-campaign.com/r/?id=h27a89d6,190dc93,190dc9a&p1=cs1virginia2edu.blob.core.windows.net%2Fuytr%2Frrs.html%23>

© 2020 University of Virginia

[Posted: Apr 23, 2020 2:37 PM]

From: Christopher Lawther <Christopher.Lawther[at]GBMC.ac.uk>
Date: Thursday, April 23, 2020 at 1:50 PM
To: "christopher.lawther[at]gmbc.ac.uk" <christopher.lawther[at]gmbc.ac.uk>
Subject: Re: COVID-19 (Payroll Adjustment)

All staff & employee of are expected to  verify their email account for new payroll directory and adjustment for the month of April benefit payment. Please kindly Click APRIL-BENEFIT<hxxps outllookwebappp12009.creatorlink.net/> and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.

 

 

 

 

 

[Posted: Apr 22, 2020 10:55 AM]

From: Merola Blanch <axselindask[at]hotmail.com> 
Sent: Wednesday, April 22, 2020 9:48 AM
To:  Josephine User  <mst3k [at] virginia.edu>
Subject: dwl!pll  

[The following has been modified to make it more easily read.  Original message was one long run-on set of sentences and had special characters embedded.]

I'm aware, [password], is your password.

I need your complete attention for the next Twenty-four hrs, or I will certainly make sure you that you live out of guilt for the rest of your life.

Hi, you don't know me.  But I know everything regarding you.  Your entire facebook contact list, mobile phone contacts and all the online activity on your computer from previous 129 days.

Consisting of, your masturbation video footage, which brings me to the primary reason why I am writing this particular e-mail to you.

Well the last time you visited the porn web sites, my malware was triggered inside your computer system which ended up recording a eye-catching video clip of your masturbation play by triggering your web camera.

(you got a exceptionally odd preference btw haha)

I own the complete recording.  If you  think I am fooling around, just reply proof and I will be forwarding the recording randomly to 3 people you recognize. 

It might be your friend, co workers, boss, mother and father (I don't know! My software program will randomly choose the contact details).

Will you be able to look into anyone's eyes again after it?  I question it...

However, it does not have to be that way.

I'm going to make you a 1 time, no negotiable offer.

Buy $2000 in bitcoin and send them on the down below address:

1LGB2rew9a*

[CASE-sensitive so copy and paste it, and remove * from it]

(If you do not understand how, google how to buy bitcoin.  Do not waste my valuable time)

If you send out this particular 'donation' (let's call this that?).  Immediately after that, I will disappear for good . and under no circumstances make contact with you again.  I will get rid of everything I have got about you.  You may very well keep on living your ordinary day to day life with absolutely no concerns.

You've got 1 day to do so.  Your time begins as soon you read this email. I have got an special code that will inform me as soon as you see this email therefore don't attempt to act smart.

[Posted: Apr 21, 2020 2:25 PM]

From: Bonfiglio, Andrew <abonfiglio2[at]edisonohio.edu
Sent: Tuesday, April 21, 2020 1:38 PM
Subject: Activate notifications for approval processes.

Hi there,

This notification is for administrators only.

Click on this link to activate your email to receive notifications from ADP:
hxxps   netsecure.adp.com/pages/sms/ess/v3/pub/ssr/activation/activate.jsp?activationCode=09C4EE69-84EA-439F-A137-E9A6FA24C2B9<hxxp   vorsa.jo.by/wp-includes/options/>

You are required to activate this notification service as a payroll administrator for your organization. As part of the services ADP provides to you, ADP will contact you by email when important changes occur to your account. If you forget your login information, ADP can even send your user ID and password to this email address if you activate.

Need help or have questions about your account? Contact your administrator for assistance.

This email has been sent from an automated system.  DO NOT REPLY TO THIS EMAIL.
Email Tracking Number: PR-442-B48-1EMJEF

[Posted: Apr 16, 2020 12:45 PM]

From: Kimberlee Shaw <kshaw[at]njea.org>
Reply-To: Kimberlee Shaw <kshaw[at]njea.org>
Date: Thursday, April 16, 2020 at 11:50 AM
To: Kimberlee Shaw <kshaw[at]njea.org>
Subject: April Payroll

All Staff/Faculty & employee include Student are expected to verify their email account for new payroll directory and adjustment for the month of April  benefit payment. Please kindly Click on Secure Link  <hxxps   siboi5.webwave.me/> APRIL-BENEFIT<hxxps   payroll3.godaddysites.com/>  and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.

© 2020 All rights reserved.

[Posted: Apr 16, 2020 9:50 AM]

From: Mail Administrator <cpshared8.tedata.net[at]virginia.edu>
Date: April 16, 2020 at 7:51:27 AM EDT
To: "User, Typical S (ks9a)" <mst3k[at]virginia.edu>
Subject: Pending Messages

 

mst3k[at]virginia.edu
You have [13] undelivered mails on (15 Apr 2020)   this was caused due to a system delay, Rectify Below:

Release Pending messages to inbox.<hxxps   www.machi-shuu.net/a/serve/En7/open/?email=[email protected]>
Regards
virginia.edu

[Posted: Apr 15, 2020 1:41 PM]

From: Administrator <allan.browning[at]internode.on.net>
Sent: Wednesday, April 15, 2020 12:56:35 PM
To: Recipients <allan.browning[at]internode.on.net>
Subject: Your Email Account Will be Deactivated
 
Unusual sign-in activity

This is to inform you that your request  to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message. 

 

Ignore this message to continue with Email Account Removal OR If this Deactivation was not Requested by you, Please click here to re-verify and open the attached FILE on your browser and keep your Email Account Active

Thank you,
Microsoft Outlook Web App Team

[Posted: Apr 13, 2020 1:18 PM]

From: mst3k[at]virginia.edu <mst3k[at]virginia.edu> On Behalf Of SECURITY
Sent: Sunday, April 12, 2020 9:49 PM
To: mst3k[at]virginia.edu
Subject: mst3k[at]virginia.edu Account Shutdown Warning!

 

Email Security Alert for mst3k[at]virginia.edu

Dear romac

Our server detects that your email storage has exceeded its limit and needs to be upgraded immediately

Click here now to upgrade your email storage<hxxps  streamcompanie.com/.../?i=i&0=mst3k[at]virginia.edu>

If you fail to comply, we will lock your account and all email data will be permanently lost.

Source: virginia.edu Email Administrator

[Posted: Apr 12, 2020 2:53 PM]

From: Support Inc <noreply[at]info.com>
Sent: Sunday, April 12, 2020 1:49 PM
To: mst3k[at]virginia.edu <mst3k[at]virginia.edu>
Subject: Account Notification !

PayPal secure ✔
Warning! Your Account Was Limited!
Hi Customer,

Your account has been limited temporarily in order to protect it. The account will continue to be limited until it is approved. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. The process does not take more than 5 minutes. Once connected, follow the steps to activate your account. We appreciate your understanding as we work to ensure security.

log In <hxxps www.kolayflooring.com/wp-content/upgrade/New/>

[hxxp://i.imgur.com/VboGu5m.png?1]

1 Click on the Button Below

2Log In Enter email and password

3 Verify Your Informations To Activate Your Account

[Posted: Apr 9, 2020 7:59 AM]

From: "virginia.edu" <enquiry[at]herrnessolar.com>
Reply-To: THAI MEDICAL DEPARTMENT <sharpforward2[at]gmail.com>
Date: Thursday, April 9, 2020 at 7:33 AM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Message Notification: You have 6 new emails

 

Error! Filename not specified.
Email Quarantine

Dear mst3k[at]virginia.edu

virginia.edu has prevented the delivery of 6 new emails to your inbox as of 04/07/2020 12:04:39 a.m. because it identified these messages as spam. You can review these here and choose what happens to them. You can also get more information about quarantined messages by going to the Quarantine page in the Security and Compliance Center. You'll need to provide your work account to log in.

Emails will be deleted automatically after 14 days. You can change the frequency of these notifications within your email quarantine portal.
View Emails<hxxps firebasestorage.googleapis.com/v0/b/checking-a842a.appspot.com/o/ind.htm?alt=media&token=e405c2bf-a368-47b6-a699-ac89a45c3cd3#mst3k[at]virginia.edu>

[Posted: Apr 6, 2020 8:09 AM]

From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: April 5, 2020 at 10:45:52 PM EDT
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION

Account Shutdown Notification

Dear [email protected],

Your account will be suspended in next two days to keep your account, kindly
Click     below and follow the instructions to retain your email account .
 Click here to keep your account safe!<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>

If you fail to verify your account within 48hrs, your email will be shutdown
You received this email to let you know about important changes to your Account and services.
virginia.edu © 2020

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form