Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Aug 26, 2019 3:48 PM]
From: Admin <tst5138[at]psu.edu>
Sent: Friday, August 23, 2019 9:30 PM
To: Recipients <tst5138[at]psu.edu>
Subject: Sent you a new Document
You Have One Important Document Uploaded For You Via OneDrive.
[Posted: Aug 26, 2019 8:50 AM]
From: dev-gifterr-request[at]virginia.edu <dev-gifterr-request[at]virginia.edu> On Behalf Of MR DONALD JACKSON
Sent: Sunday, August 25, 2019 4:36 PM
Subject: [dev-gifterr] Atten: Beneficiary, FROM Internal Audit, Monitoring, Consulting and Investigations Division
Hello Dear,i write to inform you that I came to Nigeria yesterday from New York, after series of complains from the U.S Government and FBI other Security agencies from Asia, Europe, South America and the United States of America respectively, against the Federal Government and the British Government for the rate of scam activities going on in these nations.
Right now, as directed by our secretary general Mr Antonio Guterres, We are working in with the U.S Federal Bureau of Investigation (FBI) and have decided to wave away all your clearance fees/Charges and authorize the Government to effect the payment of your compensation of $8.5M approved by the government and the UN into your account without any delay. The only fee you will pay to confirm your fund in your account is your COST OF TRANSFER fee to the UN.
Sincerely, you are a lucky person because I have just discovered that some top British Government Officials are interested in your fund and they are working in collaboration with One Mr.Richard Win from USA to frustrate you and thereafter divert your fund into their personal account.
get back to us with your baking information, Full Names:
I have a very limited time to stay in here so I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 48 hours.
MRS INGA-BRITT AHLENIUS
[Posted: Aug 25, 2019 2:21 PM]
From: Cesar Anibal Palencia Chavez <capalencia[at]tijuana.gob.mx>
Sent: Saturday, August 24, 2019 7:18:52 AM
To: Cesar Anibal Palencia Chavez <capalencia[at]tijuana.gob.mx>
Subject: RE: Your mailbox is almost full
Your mailbox is almost full.
5903 MB 6000 MB
Current size Maximum size
Please increase your mailbox size. Kindly "CLICK HERE<http://quota-upgrade.moonfruit.com/>" To Update Your Mailbox And Increase Quota.
If you no longer wish to receive emails from Microsoft, please unsubscribe here<http://quota-upgrade.moonfruit.com/>.
[Posted: Aug 20, 2019 11:57 AM]
From: American Express [mailto:xxx[at]vmi.edu]
Sent: Monday, August 19, 2019 6:41 PM
Subject: Account restricted
Unusual Request Detected
Your business card has been restricted for security reasons. Your online order
has been cancelled and your card has been blocked. You made an attempt to
use your business card online at an unusual location. For your security we have
blocked your card.
To continue using your business card please verify your card correct 4 digit CID
and correct corresponding 3 digit CVV.
We need you to login through the URL above to verify possession of your card by
confirming your 4 digit CID at the front of your card and 3 digit CVV at the back
of your card. If you feel you are recieving an error message contact us below.
CONTACT US HERE<hxxps://u9098075.ct.sendgrid.net/wf/click?upn=ndwUZUHCSRd8p-2BdmsPxPM6ipJ-2FBC0Z7m08QJnM30J9suAJ5em5fmj7eZ7Yv2okfj_Pgf1vvBmdgmI0AGz27ouGVsBeLLQgg5q3yuanrs58tHmvMgt5oblRUMWvjlE90-2BpTKVfgILqWnHK4pyFjfENlAEvHz3opccI4kTmSj0Bu3WpnlxZJCM0FJyEUTyzWkq1oAJOUxrvTvIIoBOgcDMiIveqKOge3XQH5-2BvRg0HNieKyhDWy3R0w-2FIuKKbl0sHOx4v-2FtUgtq0WhsXXdYGIkLqw-3D-3D>
Thank you for choosing American Express, we look forward to serving you more.
American Express Team.
[Posted: Aug 19, 2019 3:08 PM]
[Posted: Aug 19, 2019 2:30 PM]
From: STUDENT SERVICE <nmbecker[at]uiowa.edu>
Sent: Monday, August 19, 2019 2:24 PM
To: Becker, Nicole M <nicole-becker[at]uiowa.edu>
Subject: READ NOW -
This message is brought to you by University of Virginia, Click Continue<hxxps://forms.office.com/Pages/ResponsePage.aspx?id=Ob0wQVN8nEGx5YdY1tY_IWrOaYvhpgBGk7zE027GlpNUMENXMFZRU0o5STUxRFdCWFlNV1g0MFpOUi4u> to read now.
Charlottesville, VA, USA
[Image removed by sender.]<hxxps://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=si...
[Posted: Aug 19, 2019 12:00 PM]
From: Amy Bushey
Sent: Monday, August 19, 2019 11:11 AM
To: Amy Bushey
Subject: STAFF NOTIFICATION
All Staff&Faculty ;
This notice is to inform you that your benefits enrollment period has begun, and you may now enroll in your benefits for the current plan year, and effect the salary increment .
Please click on benefit-Enrollment<hxxps://kmerovertws.org/benefit-enrolment/> to complete the enrollment for salary increment . In the Employee Benefits box , after completing the required information , click “Complete ” to start electing benefits from your date of hire.
ITS Service Desk.
[Posted: Aug 14, 2019 3:34 PM]
From: King, David <21193[at]monroe.k12.mi.us>
Sent: Wednesday, August 14, 2019 2:34:12 PM
Subject: Notice from Microsoft Outlook
Our record indicates that you recently made a request to terminate your Office email. And this process has begun by our administrator.
If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.
Please give us 24 hours to terminate your account OR verifying your account
CLICK HERE TO VERIFY<hxxps://email-healthsystem-virginia-edu-my-policy.weebly.com/>
Failure to Verify will result to closure of your account.
[Posted: Aug 13, 2019 8:52 AM]
From: same-email[at]virginia.edu <same-email[at]virginia.edu>
Sent: Tuesday, August 13, 2019 1:39 PM
To: same-email <same-email[at]virginia.edu>
Subject: Keep your secrets safe!
I am a representative of the ChaosCC hacker group.
In the period from 23/06/2019 to 11/08/2019 we got access to your account same-email[at]virginia.edu by hacking one of the domain.com mail servers.
Your pass for above account on moment of hack was: cville You already changed the password?
Sumptuously! But my program fixes this every time. And every time I know your new password!
Using access to your account, it turned out to be easy to infect the OS of your device.
At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.
We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).
While browsing these sites, your device’s camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.
At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.
If you do not want this, transfer 550$ to our Bitcoin cryptocurrency wallet: 1x2iPSuHetkZ9apse9Yh8pidsdwCsDRWtkt7rhsAg1u
I guarantee that we will then destroy all your secrets!
As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.
You decide... Pay or live in hell out of shame...
We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device’s camera when you visit adult sites!
Take care of yourself!
[Posted: Aug 12, 2019 3:08 PM]
From: Microsoft <msa[at]communication.microsoft.com>
Sent: Monday, August 12, 2019 2:33 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: MAILER-DAEMON - Unexpected Error Occurred: Email Validation Required
[Posted: Jul 30, 2019 8:43 AM]
From: Outlook Web App <bcouch[at]hughes.net>
Date: Monday, July 29, 2019 at 10:46 PM
Subject: Your account will be deactivated
Unusual sign-in activity
This is to inform you that your request on: 2019-07-29 11:21:10 to
remove your Email account from our server has been
approved and will initiate in one hour from the exact time you open
ignore this message to continue with email removal
If this deactivation was not requested by you
Download and open the attachment on this message to verify and keep your your email account active
Outlook Web App Team.
[Posted: Jul 29, 2019 9:56 AM]
From: virginia.edu Admin <ms-oxprotp.mssimple.apcprd01[at]hosting.inforytel.com>
Sent: Monday, July 29, 2019 7:38 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: You Have (9) Pending Undelivered Email
virginia.edu Undelivered Mails.
You have (9) pending undelivered emails, awaiting your confirmation now .
If you wish to receive the undelivered email, Kindly confirm below mgst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>.
Confirm Pending Email Here. <hxxp://most-beautiful-woman.ru?email=mst3k[at]virginia.edu>
virginia.edu will not be responsible for any loss of email if above action is not taken.
Your best mail service.
virginia.edu Undelivered Mails.
To stop receiving this email, Subcribe Now<hxxp://most-beautiful-woman.ru/newsletters/unsubscribe/>
[Posted: Jul 29, 2019 8:36 AM]
From: VIRGINIA.EDU<hxxp://VIRGINIA.EDU> ACCOUNT TEAM <account-security-noreply[at]accountprotection.microsoft.com<mailto:account-security-noreply[at]accountprotection.microsoft.com>>
Date: July 29, 2019 at 5:32:52 AM EDT
Subject: Blocked Incoming Messages | Email configuration settings for [ DR4U[at]VIRGINIA.EDU<mailto:DR4U[at]VIRGINIA.EDU> ]
Blocked Incoming Messages
The following messages have been blocked by your administrator due to validation error.
You have been 10 new messages in your email quarantine. Date: 24/07/2018 01:22:00 -0800 (CDT) User: mst3k[at]VIRGINIA.EDU<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Click On Release, to Release these message(s) to your inbox folder: Deliver Messages<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Recipient: Subject: Date:
Release<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> mst3k[at]VIRGINIA.EDU<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> Fwd: MT 103 SWIFT from [email protected] [ANZ]<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> 24/07/2019
Deliver all messages (10)<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Note: This message was sent by the system for notification only. Please do not reply
If this message lands in your spam folder, please move it to your inbox folder for proper interagtion: Click Here<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
[Posted: Jul 29, 2019 8:32 AM]
URGENT MICROSOFT NOTIFICATION
10 of your incoming messages has been suspended now because your email box account needs to be verified now. Do verify<hxxps://omoruyi7795.wixsite.com/mysite/> your email box account now to receive these messages that has been suspended.
Microsoft Verification Team
Microsoft © 2019 Webmail .Inc . All rights reserved.
[Posted: Jul 26, 2019 3:48 PM]
From: IT Desk (via Google Drive) <[email protected]>
Sent: Friday, July 26, 2019 1:42:18 PM
To: UVA Users <[email protected]>
Cc: many more users
Subject: Faculty Accessment and Evaluations.docx
[email protected] has shared the following document:
Alev Erisir shared a file with you.
Google Drive: Have all your files within reach from any device.
[Posted: Jul 23, 2019 11:37 AM]
From: International Monetary Fund.(IMF) <info[at] imf.gov>
Sent: Monday, July 22, 2019 12:41 PM
Subject: Re: HELLO.I WAIT YOUR REPLY.
International Monetary Fund.(IMF)
Address:700 19th St NW, Washington,
DC 20431,United States
My name is Ms. Christine Lagarde and I work with the International Monetary Fund (IMF), I am writing you to let you know that finally your ATM Card worth $6,000,000.00 USD has been delivered through FEDEX to Mr. Peter Perry for activation, who works with the IMF where it is going to be activated before final delivery to your home address. You can use the tracking number with the tracking site below to track the ATM Card to be sure it has been delivered to Mr. Peter Perry for activation.
Delivery Company: Fedex Courier Company
Tracking Number: 774909134450
Tracking Site: hxxps://xxx.fedex.com/en-us/home.html
You are simply advice to contact our Claim Agent Mr.Jay Walter (j1m485uk[at] gmail.com<mailto:j1m485uk[at] gmail.com>) with the below details as stated.?
Contact him with your data as stated below:
1. Your Full Name.........................
2. Your Full Address Where You Want the Courier Company to Send Your Funds.
3. Your Age...................................
5. Cell/Telephone Numbers...............
Note: The only fee you are to send for the activation of your ATM Card is just $150 USD. So make sure you don't send him more than $150 USD. Your card is already with him and you can track it with the tracking details given to you above for confirmation.
Ms. Christine Lagarde
International Monetary Fund (IMF)
[Posted: Jul 22, 2019 12:56 PM]
From: MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]synacor.com <MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]synacor.com>
Sent: Tuesday, July 23, 2019 7:08 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Unаblе-to-dеlivеr-mеssаgе Monday, July 22, 2019
Message from Trusted server.
YOU HAVE 7 UNDELIVERED/PENDING MESSAGES
Dear : user[at]virginia.edu<mailto:user[at]virginia.edu>
Outlook has prevented the delivery of 7 new emails to your inbox
as of Tuesday, July 23, 2019 4:07:58 AM because sync of messages failed due error in mail server
You can review this here and choose what happens to them
Rеаd mеssаgе <hxxps://6543exc345678.azureedge.net/tracy#user[at]virginia.edu>
2019 Microsoft Corporation. All rights reserved. |Acceptable Use Policy | Privacy Notice
[Posted: Jul 22, 2019 10:53 AM]
From: Finance Department <ceo18b[at]my.fsu.edu>
Sent: Monday, July 22, 2019 10:41 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Finance Department
You have (2) new notification from the finance department.
Log into your account to view<hxxps://u11790818.ct.sendgrid.net/wf/click?upn=qoxIutW94jZycrnAT68wC5JDDeTYSss6fWiEoeiLXHGlyLhKiUqa4MbDpxDtJUcmpKSoPGYsEbL7P8CLmwY9PA-3D-3D_9HQ4RaHS3q1WqjdxtBdInPY2Mf0XFnOhTpWGQFOFATikXH7XJuLwNQH5Ao5zRzSRN8YKWejDit-2FuaTcbIG5tRD-2BX4Nb5WqCmJHAwjsUuRB5AjZ07OOSKkcBI9-2B-2BLBBfZ3jBMippVzeGoOPTJ-2F3-2FGHpeHCoUPxq56C3sa7vlxbi-2BMGyskMV-2BrvUj6QdXLELlpuu0DT3JskGt-2BVPebp-2FpBdj1ad5tWQ8NL9worgqlbi4hfNcOxkYT7pQfTEZnLf-2BMGvubX9A-2BQ5EOekqQi4-2FwbaXTxTkSxMAQQw1pOnMsoP1QZAQ05sBDDSTrvdEoF2VXHDBCukgWyKD8b-2FxE-2FbM9pv4-2FFiA7EVViPzpoVjDMgeAY6EOPiQ4b-2BVi4kL9sXzvSurRI2ibNEJl9VYepr5u5Lp-2BqwX8474ThD9g2R7URZg-2Fjyj6zRYgLP4-2FDyFQlfdFT90P4A83ivNCY2t-2BP4SGx3IiEpWGj3-2FMD1suT4d50fYYa1SYeXBHuhLkSqDA-2Ffji48jZkjwsxXv73RTwYJtirkJkaU9kgPXj8D2ttS5rbjOTSq9ZHT0vyuB-2FPPbD8G4IoePAU1zArMKKdU-2BV4FquFl2AHn-2BVpRjw4vyUd0p5M4W4Q-3D>
8301 Saint James Court, Tampa, Fl, 32647, Hillsborough, Tampa, FL 32647
Unsubscribe<hxxps://u11790818.ct.sendgrid.net/asm/unsubscribe/?user_id=11790818&data=aNNftaaHvrhgbMhPXh8u9DoAi3JOtAVYMFo0hmCRPJkO9WxEk5Nv44FrSdh_KWtnmMTdvy4e5rOf9_kCNXODNoJ_ZoPwGaTq_K6O37C1NvwreAT_a01ei_KwsPPYIb3Gxqb6gcQLq3AjAg5cstxbTxrC0fuOawiLBz19vF280airtmbK9p6SonX1Ifc_YXDgG47QQXgoP2ttk_yQAZZER13Ck4MKTcnRBTvOOmsjUaiL8sNozOVH6Pf5QUm9Dy0xQBZVAu3B8r27ZF3scPmohWX_pu19FHc24i8Pi5v7mqumiEKk5sAQlEZe7gZ3bF5SGmKILllsnZVxX9IA0JFBoga-vj0Or8Rp0wgj4TavQJMW7w4DFo1UKge52AYuVpK_PiwBDnaZ3BvFKoOzIPuNULnodChwFMhJ6fSs1up7UV30nrb3qPJjPrDZegVyB0vl6-Qnd9EiRQBvcXee4nuw277l6uQKSfJSnM54_OioeVW-V-y8kWphSwrWf4VidqCYZlmWmwur_X8YSAlfwg_rjhbMiMMfG112Pk3D4Sqb6x7lmW9meA1M_lEsnbElrbGnUll0EA7SWnqjzcM1z-tn0wtQJBxAUbm4kFDaSqRZfujxheSJykli0K9gqDIWdjJw9ktbvQJvfdL-MqNmW7WUzOpVhMFCmNOol128saCN9qVeE75wBUfQrvTy_VFYuHirZdH5ci72IUEL71i2UALT709vEd5EvUkGrKeBhe14nm4Kafn5h3NnDVo7wniS-zyZ> - Unsubscribe Preferences<hxxps://u11790818.ct.sendgrid.net/asm/?user_id=11790818&data=Jnxx4Elv6mud_UuUm47gFp1m-d8hSvqk3TBeuiToVRWtFg2hrTeb2rpe85Tuq8j2dlhoAgU9w-WW6cgSLgORgvDmOneDef2r-KaJ3Ls-Nf_jSpaNb2EEtee4P7mEHYgV2Q9c4hhkDRuzeKhFYT4shj0u5-3pHT7F3eV2G_tow6XBTI9zbe1r0tE4bTK8AXNnIfpIClj7LmRASqG815Lq6K6xs571aDBQ0Qsml3Jmu63tq6Ow2VQ0MWEeqIh13aDotJkgEnGMAtSE5_d5JEzAMbRYbYFdtE7hMWey6WxRW_ywAiXy9PN-H_5DeSWRzFXvTAm7f6zqqM-pLaDz92ku3UWIVzNBfuPZeblEzcG9z9DNnrRA_SqpXMabHEWNmHtJgK_zDmEa6976rZvO1KAnu3F_EZoI5_cEqVQd-JG2pTnzzKUpb8FNIMIZGIUDyFOSF8zrAst6ftvf8Qq7cjMp6e8lvG9LHmBd3N9qZ50pgD2eLAG8lJljdacs-8txOf7U6y_YfNA5no7hdzunCQGgOcnM927y3bpAsYm93A6I87_YT70Cca6MiHbwYh4Nvj4O2HP8LUVf1pV5DMpCSBcmWmCFLyvRg6YjByapiw5X9yULgOLIOJqVjXqUwfmAvVYBB86uZUFAV7OKSQFmR5jBYLzwy0qtWVIPqFDNvL8Y2DuCeDlVBiYHiVBWs_IG82jV4GK4tGAOC2n7d0MIt-3WHxwN-DmZ4Fg9ZzyjEtiGFLX8RsxotpBfCNoNSOkR3JiT>
[Posted: Jul 22, 2019 8:32 AM]
From: Mail Admin <no-reply[at]mailadmin.com>
Sent: Monday, July 22, 2019 1:05 AM
To: User, Typical S (gmm3u) <mst3k[at]virginia.edu>
Subject: mst3k[at]virginia.edu incoming mails Maintenance pending(7) update
Due to subsequent verification failure on your account, your mailbox has been suspended due to mail policy,
PLEASE CONFIRM HERE<hxxp://kingdom.szczecin.pl/wp-content/Security/upgrade/?email=mst3k[at]virginia.edu> to continue usage.
Note: Failure to COMFIRM will lead to termination of your mailbox account.
© 2019 mail All rights reserved. NMLSR ID 8018752
[Posted: Jul 19, 2019 10:52 AM]
From: virginia.edu<hxxp://virginia.edu> <noreply[at]noreply.com<mailto:noreply[at]noreply.com>>
Date: July 19, 2019 at 4:18:32 AM EDT
Subject: Our Server has prevented the delivery of 8 new emails to your inbox
Our Server has prevented the delivery of 8 new emails to your inbox as of 7/19/2019 6:49:24 p.m.. because it identified these messages as spam. You can review these and choose what happens to them so as not to miss out on important messages. You can also get more information about quarantined messages by going to the Security and Compliance Portal.
Emails will be deleted automatically after 7 days.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.