Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Oct 16, 2019 3:32 PM]
Subject: Student pass – found
Recipients: Typical User (mst3k[at]virginia.edu) <+ 3 local accounts>
I found the ID pass of one of your students on the train line yesterday scanned - hxxps://dl1.onedrive-sn.com/?ozutadaggosocyamwixdciqaylixo
I?ll post it to the college today.
Head of Secretarial Services
[Posted: Oct 15, 2019 4:03 PM]
From: Eric Clarke <spares[at]chfm.com.au>
Sent: Tuesday, October 15, 2019 11:00 AM
To: User, Typical S (mst3k[at]virginia.edu)
As discussed, please see attached a copy of your documents, please can you sign and scan these back to me as soon as possible
Download form Microsoft OneDrive:
Please let me know if you have any questions
[Posted: Oct 14, 2019 5:53 PM]
A recent rash of emails to UVa users purports to come from your own account, as if it has been hacked, and demands payment in Bitcoin.
THESE ARE A HOAX.
Just delete them.
The scammer does NOT have control of your email, nor do they have incriminating videos. Because Internet email is an open protocol, the scammer can make it APPEAR as though the email came from you, to you. They can also make it appear as though they have control of your Sent mail folder. Again, this is a ruse.
You do not need to forward these scams (that usually start with "I have bad news for you") to IT-Security or Abuse.
[Posted: Oct 11, 2019 4:14 PM]
From: Glover, Keith P <GloverKP[at]alfredstate.edu>
Sent: Friday, October 11, 2019 2:09 PM
[Posted: Oct 9, 2019 12:05 PM]
From: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Sent: Wednesday, October 9, 2019 11:41 AM
To: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Subject: Re: NEW EMPLOYEE SERVICE
From: Marlene Matou
Sent: Wednesday, October 9, 2019 9:05 AM
To: Marlene Matou
Subject: NEW EMPLOYEE SERVICE
ALL STAFF ;
This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness. These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW EMPLOYEE SERVICE<hxxps://schedulepayroll.000webhostapp.com/> to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.
ITS Service Desk.
[Posted: Oct 9, 2019 8:41 AM]
You have new held messages
You have one or more new messages waiting. Some of these messages are listed below, as well as actions that can be taken:
This message (s) was blocked by your falconmsl.com administrator because of a validation error. After 7 days, the pending messages will be automatically deleted.
You can also manage held messages in your Personal Portal.
Fwd: MT 103 SWIFT from [email protected] [ANZ]
2019-08-26 06 :17 Release Block
anar, your Enterprise Plus August eStatement 2019-08-26 06 :17 Release Block
A & M Company (SWE40030) totaling $ 37060.65 - SE.SO-00005875 2019-08-26 06:17 Release Block
powered by:[[-Domain-]] Administrator
© 2003 - 2019
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents
[Posted: Oct 6, 2019 10:53 PM]
From: Charlotte Aiden <paula.goncalez[at]ufes.br>
Sent: Thursday, October 3, 2019 7:04 PM
Dear user, It have been detected that your account is causing traffic on our server and we have made some changes on your account, kindly click to confirm<hxxps://sibforms.com/serve/MUIEAOJ_BeOITkBk8g8ghSY1gwG7tHOF7nRrqyRhIGNCwmJqS7kbwzPntKa4f2BFBTsTHE7Cq4p0xpBDjt89wSuukY7n5WnYE-D54EwacEJlu3kHsjj_jXfdRAHxdnMRqbCTO_wWcLVO9ZOrzWh-LkQhv5vWJRc4J_dYshmaoQcftnK8Vd52wz1SUKntkcFQCfNJtmZPlO74FMCD> immediately or your account will be disable.
We are sorry for the inconvenience.
Email service provider.
[Posted: Oct 3, 2019 8:42 AM]
From: Stefanie Morris <smorris[at]perrymemorial.org>
Date: Thursday, October 3, 2019 at 5:17 AM
Subject: ITS Help-Desk
EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
We are migrating all email accounts into Outlook Web App 2019 and as such all active Account Holders are to validate their Email for upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.
Click Validate Account<hxxp://owa-upgrade.moonfruit.com/> to migrate and block further Spam mails.
Office of Information Technology Services (ITS)
Perry Memorial Hospital, 530 Park Avenue East
Princeton, IL 61356
815.876.2085 (ph) 815.876. (fx)
[Image removed by sender. Perry Memorial Hospital]
* NOTICE OF CONFIDENTIALITY
This electronic message and all attachments may contain information that is confidential or legally privileged. It is intended only for the use of the individual or entity named as the recipient of the message. If you are not the intended recipient of this message, you are hereby notified that any disclosure, copying, distribution (electronic or otherwise), forwarding or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this telecopy in error, please notify the sender immediately and delete the material from all computers which may have received it.
[Posted: Sep 30, 2019 1:40 PM]
From: John Unsworth <john.unsworth0106[at]gmail.com>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: URGENT REQUEST
[Posted: Sep 30, 2019 9:21 AM]
From: Sandra Steckler <sandra.steckler[at]ndus.edu>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]virginia.edu>
[Image removed by sender.]
You have received a secured document via Microsoft Sharepoint 2019.
Sender's Name: Sandra Steckler
Document Type: PDF
VIEW DOCUMENT <hxxps://docs.google.com/uc?export=download&id=1hBYYYHO-OXjRvgeKBhuXJkDuV-oowyYw>
Nam sodales venenatis blandit pellentesque.
[Posted: Sep 30, 2019 8:36 AM]
From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)kmda.gov.ua>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)microsoft.net" <No-reply(at)microsoft.net>
Subject: A lot of your incoming messages has been suspended
MICROSOFT VERIFICATION NEEDED
A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://3rr3.000webhostapp.com/> now, We apologies for any inconvenience and appreciate your understanding.
Microsoft Verification Team
Copyright © 2019 Webmail .Inc . All rights reserved.
[Posted: Sep 25, 2019 10:28 AM]
From: Davis,Kathy <KDavis[at].skylakes.org>
Sent: Wednesday, September 25, 2019 10:12 AM
To: Davis,Kathy <KDavis[at].skylakes.org>
Subject: RE: ITS-HELP DESK
Validate Your Outlook Web-mail Account.
We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail.
We apologize for any inconvenience
Ensuring Cyber security is our priority
© Copyright 2019 Web-Mail
[Posted: Sep 25, 2019 9:49 AM]
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: [email protected] was hacked.
My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.
10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]virginia.edu)
I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.
I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.
Send the amount to my bitcoin address:
I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.
Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!
Your time has already started...
[Posted: Sep 23, 2019 12:58 PM]
From: HELP DESK [nicioesoa[at]outlook.com]
Sent: Monday, September 23, 2019 12:01 PM
Subject: Invoice 748393
Here's your medical subscription invoice
View your bill: INV-748393<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
The amount will be debited from your credit card on 30th September 2019.
Need help updating your payment details or understanding how our medical bills work? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need help with your online subscription invoice? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need a question answered about your medical bill? Ask it here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
The Medical Billing Team
INFORMATION HELP DESK
[Posted: Sep 23, 2019 11:19 AM]
From: Typical User <office_356[at]precisiontruck.com>
Reply-To: Typical User<office_356[at]precisiontruck.com>
Date: Monday, September 23, 2019 at 10:32 AM
Subject: quick task
Hello, i need you to run a quick task for me please, are you available?
[Posted: Sep 20, 2019 3:30 PM]
From: [email protected] <[email protected]>
Sent: Friday, September 20, 2019 1:25 PM
To: UVA User (mst3k) <[email protected]>
Subject: Your personal data is at risk. Change passwords now!
I am a representative of the WannaCry hacker group.
In the period from 24/06/2019 to 15/09/2019 we got access to your account [email protected] by hacking one of the virginia.edu mail servers.
You already changed the password?
Sumptuously! But my program fixes this every time. And every time I know your new password!
Using access to your account, it turned out to be easy to infect the OS of your device.
At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.
We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).
While browsing these sites, your device's camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.
At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.
If you do not want this, transfer 700$ to our Bitcoin cryptocurrency wallet: 1
I guarantee that we will then destroy all your secrets!
As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.
You decide... Pay or live in hell out of shame...
We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device's camera when you visit adult sites!
Take care of yourself!
[Posted: Sep 17, 2019 12:22 PM]
From: ADMIN TEAM <janis[at]ntpie.lv>
Reply-To: "[email protected]" <noreply[at]ntpie.lv>
Date: Tuesday, September 17, 2019 at 12:09 PM
To: Recipients <janis[at]ntpie.lv>
Subject: MAIL VERIFICATION.
This is a courtesy notice from Admin Team, your account has been limited and will be disconnected after 48 hours.
To avoid exceeding quota and continue receiving emails, please click on VERIFY EMAIL below( Mail Quota) .
We apologize for any inconvenience and appreciate your understanding.
Web - Services 2019.
[Posted: Sep 16, 2019 11:14 AM]
From: IT - Service <ynobuko[at]med.kyushu-u.ac.jp>
Sent: Monday, September 16, 2019 4:04 PM
To: [email protected][at]alid.edu
Subject: Re: Validate
You have reached the storage limit of your mailbox. Please visit the link below to restore access your email. To validate, click here<hxxps://ee54567.wufoo.com/forms/s1l3u1gl1rvyq7y/> Webmaster Webmail system
[Posted: Sep 16, 2019 9:11 AM]
From: Microsoft Support <office365-team[at]verification.microsoft.com>
Sent: Friday, September 13, 2019 5:58 PM
To: User, Typical S (mst3k)
Subject: Your account will shut down in 48 hours
Your Office365 access will be removed in 24 hour "account will be blocked"
if you do not verify your mailbox, we will be force to block your account in 24H
if you want to continue using your email account please Verify
<hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office>Microsoft Security Essentials
Microsoft Teams office 365 <hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office> all rights reserved © 2019
[Posted: Sep 4, 2019 4:02 PM]
Sent: Wednesday, September 4, 2019 12:16 PM
To: Typical User (mst3k) <mst3k[@]virginia.edu>
Subject: Your account has been tepmorarily suspended
Your account has been temporarily suspended
We are unable to verify your account Office365 or Your account will be blocked.
as a result your account will not renew and will be suspended.
if you'd like to renew your email ,please fill out the account verification form at least
24 hours from now , if you don't verify your informations your account will be suspended.
please do not respond to this email as replies are not monitored.
Microsoft Security Essentials
Microsoft Teams office 365 all rights reserved © 2019
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.