Search This Site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Aug 13, 2019 8:52 AM]

From: same-email[at] <same-email[at]> 
Sent: Tuesday, August 13, 2019 1:39 PM
To: same-email <same-email[at]>
Subject: Keep your secrets safe!


I am a representative of the ChaosCC hacker group.
In the period from 23/06/2019 to 11/08/2019 we got access to your account same-email[at] by hacking one of the mail servers.

Your pass for above account on moment of hack was: cville You already changed the password? 
Sumptuously! But my program fixes this every time. And every time I know your new password!

Using access to your account, it turned out to be easy to infect the OS of your device.

At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.

We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).

While browsing these sites, your device&#8217;s camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.

At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.

If you do not want this, transfer 550$ to our Bitcoin cryptocurrency wallet: 1x2iPSuHetkZ9apse9Yh8pidsdwCsDRWtkt7rhsAg1u
I guarantee that we will then destroy all your secrets!

As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.

You decide... Pay or live in hell out of shame...

We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device&#8217;s camera when you visit adult sites!

Take care of yourself!

[Posted: Aug 12, 2019 3:08 PM]

From: Microsoft <msa[at]
Sent: Monday, August 12, 2019 2:33 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: MAILER-DAEMON - Unexpected Error Occurred: Email Validation Required


Sign in with your own domain | View it online


Office 365

Photo of a person using a tablet at an outdoor table

Making sign-in more secure by verifying your email

Mail Security Update, verify your Office 365 sign-in email securely as part of our protocol, it's easy and it will be set up automatically. Failure to do so will cause a temporary suspension of service until verification is done.



Get Started



See instructions and video


Icon representing a person wearing a telephone headset

Get help verifying your domain

Verifying that you're the owner of your custom domain is a multi-step process, but don't worry—there's plenty of help to get you through it. You can talk with a Microsoft support engineer who'll walk you through the process.

Get help from an engineer


This email was sent from an unmonitored mailbox.

You are receiving this email because you have subscribed to Microsoft Office 365.

Privacy Statement

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA


[Posted: Jul 30, 2019 8:43 AM]

From: Outlook Web App <bcouch[at]>
Date: Monday, July 29, 2019 at 10:46 PM
Subject: Your account will be deactivated

Unusual sign-in activity

This is to inform you that your request on: 2019-07-29 11:21:10 to

remove your Email account from our server has been
approved and will initiate in one hour from the exact time you open

this message.

ignore this message to continue with email removal


If this deactivation was not requested by you

Download and open  the attachment on this message to verify and keep your your email account active


Thank you,
Outlook Web App Team.

[Posted: Jul 29, 2019 9:56 AM]

From: Admin <ms-oxprotp.mssimple.apcprd01[at]>
Sent: Monday, July 29, 2019 7:38 AM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: You Have (9) Pending Undelivered Email Undelivered Mails.

Hello mst3k[at]<mailto:mst3k[at]>,

You have (9) pending undelivered emails, awaiting your confirmation now .

If you wish to receive the undelivered email, Kindly confirm below mgst3k[at]<mailto:mst3k[at]>.

Confirm Pending Email Here. <hxxp://[at]> will not be responsible for any loss of email if above action is not taken.

Your best mail service.
Best Regard, Undelivered Mails.

To stop receiving this email, Subcribe Now<hxxp://>

[Posted: Jul 29, 2019 8:36 AM]

From: VIRGINIA.EDU<hxxp://VIRGINIA.EDU> ACCOUNT TEAM <account-security-noreply[at]<mailto:account-security-noreply[at]>>
Date: July 29, 2019 at 5:32:52 AM EDT
To: <mst3k[at]VIRGINIA.EDU<mailto:mst3k[at]VIRGINIA.EDU>>
Subject: Blocked Incoming Messages | Email configuration settings for [ DR4U[at]VIRGINIA.EDU<mailto:DR4U[at]VIRGINIA.EDU> ]

Blocked Incoming Messages


The following messages have been blocked by your administrator due to validation error.

You have been 10 new messages in your email quarantine. Date: 24/07/2018 01:22:00 -0800 (CDT) User:  mst3k[at]VIRGINIA.EDU<hxxps://[at]VIRGINIA.EDU>


Click On Release, to Release these message(s) to your inbox folder: Deliver Messages<hxxps://[at]VIRGINIA.EDU>

Quarantined email
        Recipient:      Subject:        Date:
Release<hxxps://[at]VIRGINIA.EDU>    mst3k[at]VIRGINIA.EDU<hxxps://[at]VIRGINIA.EDU>  Fwd: MT 103 SWIFT from INFO@.... [ANZ]<hxxps://[at]VIRGINIA.EDU>     24/07/2019
Deliver all messages (10)<hxxps://[at]VIRGINIA.EDU>

Note: This message was sent by the system for notification only.  Please do not reply

If this message lands in your spam folder, please move it to your inbox folder for proper interagtion:   Click Here<hxxps://[at]VIRGINIA.EDU>
My message...

[Posted: Jul 29, 2019 8:32 AM]


10 of your incoming messages has been suspended now because your email box account needs to be verified now. Do verify<hxxps://> your email box account now to receive these messages that has been suspended.

Microsoft Verification Team


Microsoft © 2019 Webmail .Inc . All rights reserved.


[Posted: Jul 26, 2019 3:48 PM]

From: IT Desk (via Google Drive) <>
Sent: Friday, July 26, 2019 1:42:18 PM
To: UVA Users <>
Cc: many more users
Subject: Faculty Accessment and Evaluations.docx has shared the following document:

Unknown profile photoAlev Erisir shared a file with you.



Google Drive: Have all your files within reach from any device. 
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

[Posted: Jul 23, 2019 11:37 AM]

From: International Monetary Fund.(IMF) <info[at]>
Sent: Monday, July 22, 2019 12:41 PM

International Monetary Fund.(IMF)
Address:700 19th St NW, Washington,
DC 20431,United States


My name is Ms. Christine Lagarde and I work with the International Monetary Fund (IMF), I am writing you to let you know that finally your ATM Card worth $6,000,000.00 USD has been delivered through FEDEX to Mr. Peter Perry for activation, who works with the IMF where it is going to be activated before final delivery to your home address. You can use the tracking number with the tracking site below to track the ATM Card to be sure it has been delivered to Mr. Peter Perry for activation.

Delivery Company: Fedex Courier Company
Tracking Number:   774909134450
Tracking Site: hxxps://

You are simply advice to contact our Claim Agent  Mr.Jay Walter (j1m485uk[at]<mailto:j1m485uk[at]>) with the below details as stated.?

Contact him with your data as stated below:

1. Your Full Name.........................
2. Your Full Address Where You Want the Courier Company to Send Your Funds.
3. Your Age...................................
4. Occupation.................................
5. Cell/Telephone Numbers...............
6. Country......................................

Note: The only fee you are to send for the activation of your ATM Card is just $150 USD. So make sure you don't send him more than $150 USD. Your card is already with him and you can track it with the tracking details given to you above for confirmation.

Best Regards,
Ms. Christine Lagarde
International Monetary Fund (IMF)

[Posted: Jul 22, 2019 12:56 PM]

From: MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at] <MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]>
Sent: Tuesday, July 23, 2019 7:08 AM
To: User, Typical (mst3k) <mst3k[at]>
Subject: Unаblе-to-dеlivеr-mеssаgе Monday, July 22, 2019

x_ x_
Message from Trusted server.


Dear : user[at]<mailto:user[at]>

Outlook has prevented the delivery of 7 new emails to your inbox

as of Tuesday, July 23, 2019 4:07:58 AM because sync of messages failed due error in mail server

You can review this here and choose what happens to them

Rеаd mеssаgе <hxxps://[at]>

2019 Microsoft Corporation. All rights reserved. |Acceptable Use Policy | Privacy Notice

[Posted: Jul 22, 2019 10:53 AM]

From: Finance Department <ceo18b[at]>
Sent: Monday, July 22, 2019 10:41 AM
To: User, Typical (mst3k) <mst3k[at]>
Subject: Finance Department


You have (2) new notification from the finance department.

Log into your account to view<hxxps://>


Finance Department

8301 Saint James Court, Tampa, Fl, 32647, Hillsborough, Tampa, FL 32647

Unsubscribe<hxxps://> - Unsubscribe Preferences<hxxps://>

[Posted: Jul 22, 2019 8:32 AM]

From: Mail Admin <no-reply[at]>
Sent: Monday, July 22, 2019 1:05 AM
To: User, Typical S (gmm3u) <mst3k[at]>
Subject: mst3k[at] incoming mails Maintenance pending(7) update

Hello mst3k[at]<mailto:mst3k[at]>,

Due to subsequent verification failure on your account, your mailbox has been suspended due to mail policy,

PLEASE CONFIRM HERE<hxxp://[at]> to continue usage.

Note: Failure to COMFIRM will lead to termination of your mailbox account.

© 2019 mail All rights reserved. NMLSR ID 8018752

[Posted: Jul 19, 2019 10:52 AM]

From:<hxxp://> <noreply[at]<mailto:noreply[at]>>
Date: July 19, 2019 at 4:18:32 AM EDT
To: <mst3k[at]<mailto:mst3k[at]>>
Subject: Our Server has prevented the delivery of 8 new emails to your inbox

NOTICE: mst3k[at]<mailto:mst3k[at]>

Our Server has prevented the delivery of 8 new emails to your inbox as of 7/19/2019 6:49:24 p.m.. because it identified these messages as spam. You can review these and choose what happens to them so as not to miss out on important messages. You can also get more information about quarantined messages by going to the Security and Compliance Portal.

Emails will be deleted automatically after 7 days.
VIEW MAILS<hxxp://[at]>

[Posted: Jul 19, 2019 10:16 AM]

From: Eduard Khudainatov [mailto:aneftegazxoldingy[at]] 
Sent: Friday, July 19, 2019 4:09 AM
To: mst3k[at]


Dear Sir / Madam,

I am very pleased to come across your esteemed company and so decided to contact you to see if you will find this Interesting. I am a mandate to big Russian refinery here in the Federation of Russia and I would like to bring you this good offer. Attached here is seller's offer for your review and if interested, kindly get back to me for immediate proceedings.

Best Regard

[Posted: Jul 15, 2019 8:30 AM]

From: University of Virginia <webmailaccountupgrade8[at]>
Sent: Monday, July 15, 2019 8:13 AM
Subject: UVA: Email Account Verification Alerts!

Dear UVA User:

Your University of Virginia E-mail Account is due for upgrade.

Kindly upgrade immediately to avoid E-mail Account suspension or shut down.

Click Here To Upgrade Now<hxxp://>

Note-: Please kindly upgrade your University of Virginia E-mail Account immediately, failure to do so will lead to account suspension.

| UVA. ICT Department...
© 2019 University of Virginia.

[Posted: Jul 12, 2019 11:13 AM]


Mail Quota: (98% Full)


Attention: mst3k[at] 

Your email quota has reached 98% and will soon exceed its limit. 
Click below to upgrade your quota to 250GB for free to avoid loss of email data. 

Upgrade Email Quota To 250GB Free 
If your email quota gets exceeded, your mailbox will be shutdown and all data will be permanently lost.    

Source: Email Administrator

[Posted: Jul 9, 2019 3:41 PM]

From: User, Typical <> On Behalf Of Sales Manager
Sent: Tuesday, July 9, 2019 2:47 PM
Subject: Invoice

To whom it may concern.

Kindly correct the attached invoice and send back for payment asap.

Best Regards.
James Pyne

[Posted: Jul 9, 2019 9:25 AM]

Untitled Document
Online virus scanner

 Dear mst3k[at],

 Your email requires immediate scanning for virus . Kindly be informed that ignoring to scan your system within the next 72

 hours might lead to losing of  your important files and messages.

 Click below to complete scanning and update your Email now to avoid losing your important files and messages.

Complete scan >> >>  [hxxp://[at]]

 Thank you.
 Email Administrator
 Copyright 2019 Inc

[Posted: Jul 8, 2019 12:14 PM]

From: Kelly, Robert G (rgk6y) <rgk6y[at]>
Sent: Monday, July 8, 2019 11:08 AM
Subject: I am sharing 'INVOICE0929.pdf' with you from SharePoint




Robert G.Kelly shared a secure PDF file with you via Microsoft Share Point

Your report is in PDF format, click here to view<hxxps://>.

Please Note: This document has been scanned against phishing /virus.



Robert G. Kelly FES FNACE

Editor, The Electrochemical Society Interface

                Current Issue: xxtp://

AT&T Professor of Engineering
MSE Department Associate Chair for Finance
Dept. of Materials Science and Engineering
University of Virginia
Wilsdorf Hall, Rm 328
395 McCormick Rd
P. O. Box 400745
Charlottesville, VA 22904-4745

(434) 555-5783<tel:%28434%29%20982-5783> (W)
(434) 555-5799<tel:%28434%29%20982-5799> (fax)<hxxp://>


On behalf of the Australian Corrosion Association:


[Posted: Jul 2, 2019 12:55 PM]

From: VIRGINIA WEBMASTER <enquiry[at]>
Date: Tuesday, July 2, 2019 at 12:50 PM
Subject: Important Update

Dear user,

    You have an update from Virginia Webmaster Click here<hxxp://> to read.

     Virginia Webmaster

[Posted: Jul 2, 2019 12:09 PM]

From: Adam Rabinowitz <Rabinowitz[at]>
Date: Tuesday, July 2, 2019 at 8:06 AM
Subject: Completed: Please DocuSign:

Adam Rabinowitz
 sent you a document to review and sign.


Thank You.
Powered by

Adam Rabinowitz | Media and Strategy Project Manager
Collaborative Communications Group
office: (123) 456-7890 | cell: (123) 456-7809<hxxp://www.collaborativecommunicatio...
Connect to me on LinkedIn<hxxp://>


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form