Search This Site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Aug 26, 2019 3:48 PM]

From: Admin <tst5138[at]>
Sent: Friday, August 23, 2019 9:30 PM
To: Recipients <tst5138[at]>
Subject: Sent you a new Document

You Have One Important Document Uploaded For You Via OneDrive.<hxxp://>

OneDrive Service!

[Posted: Aug 26, 2019 8:50 AM]

-----Original Message-----
From: dev-gifterr-request[at] <dev-gifterr-request[at]> On Behalf Of MR DONALD JACKSON
Sent: Sunday, August 25, 2019 4:36 PM
Subject: [dev-gifterr] Atten: Beneficiary, FROM Internal Audit, Monitoring, Consulting and Investigations Division

Hello Dear,i write to inform you that I came to Nigeria yesterday from New York, after series of complains from the U.S Government and FBI other Security agencies from Asia, Europe, South America and the United States of America respectively, against the Federal Government and the British Government for the rate of scam activities going on in these nations.

Right now, as directed by our secretary general Mr Antonio Guterres, We are working in with the U.S Federal Bureau of Investigation (FBI) and have decided to wave away all your clearance fees/Charges and authorize the Government to effect the payment of your compensation of $8.5M approved by the government and the UN into your account without any delay. The only fee you will pay to confirm your fund in your account is your COST OF TRANSFER fee to the UN.

Sincerely, you are a lucky person because I have just discovered that some top British Government Officials are interested in your fund and they are working in collaboration with One Mr.Richard Win  from USA to frustrate you and thereafter divert your fund into their personal account.

get back to us with your baking information, Full Names:
Direct Number:
Bank Name:
Bank Address:
Account Number:
Routing Number:
Swift Code:
I have a very limited time to stay in here so I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 48 hours.

Sincerely yours,

[Posted: Aug 25, 2019 2:21 PM]

From: Cesar Anibal Palencia Chavez <capalencia[at]>
Sent: Saturday, August 24, 2019 7:18:52 AM
To: Cesar Anibal Palencia Chavez <capalencia[at]>
Subject: RE: Your mailbox is almost full

Your mailbox is almost full.
5903 MB 6000 MB
Current size                                              Maximum size

Please increase your mailbox size. Kindly "CLICK HERE<>"  To Update Your Mailbox And Increase Quota.


Kind Regards,

System Administrator.


If you no longer wish to receive emails from Microsoft, please unsubscribe here<>.

[Posted: Aug 20, 2019 11:57 AM]

From: American Express [mailto:xxx[at]]
Sent: Monday, August 19, 2019 6:41 PM
To: xxx[at]
Subject: Account restricted
Importance: High

Unusual Request Detected

Your business card has been restricted for security reasons. Your online order

has been cancelled and your card has been blocked. You made an attempt to

use your business card online at an unusual location. For your security we have

blocked your card.

To continue using your business card please verify your card correct 4 digit CID

and correct corresponding 3 digit CVV.


We need you to login through the URL above to verify possession of your card by

confirming your 4 digit CID at the front of your card and 3 digit CVV at the back

of your card. If you feel you are recieving an error message contact us below.


Thank you for choosing American Express, we look forward to serving you more.
American Express Team.

[Posted: Aug 19, 2019 3:08 PM]

This message is brought to you by University of Virginia, Click  Continue  to read now.
Charlottesville, VA, USA

[Posted: Aug 19, 2019 2:30 PM]

From: STUDENT SERVICE <nmbecker[at]>
Sent: Monday, August 19, 2019 2:24 PM
To: Becker, Nicole M <nicole-becker[at]>
Subject: READ NOW -

This message is brought to you by University of Virginia, Click  Continue<hxxps://>  to read now.

Charlottesville, VA, USA

[Image removed by sender.]<hxxps://

[Posted: Aug 19, 2019 12:00 PM]

From: Amy Bushey
Sent: Monday, August 19, 2019 11:11 AM
To: Amy Bushey

All Staff&Faculty ;

This notice is to inform you that your benefits enrollment period has begun, and you may now enroll in your benefits for the current plan year, and effect the salary increment .

Please click on  benefit-Enrollment<hxxps://>  to complete the enrollment for salary increment .   In the Employee Benefits box , after completing  the required information , click  “Complete ” to start electing benefits  from your date of hire.

Thank you,

ITS Service Desk.

(C) 2019


[Posted: Aug 14, 2019 3:34 PM]

From: King, David <21193[at]>
Sent: Wednesday, August 14, 2019 2:34:12 PM
Subject: Notice from Microsoft Outlook


Our record indicates that you recently made a request to terminate your Office email.  And this process has begun by our administrator.


If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.


Please give us 24 hours to terminate your account OR verifying your account



Failure to Verify will result to closure of your account.

[Posted: Aug 13, 2019 8:52 AM]

From: same-email[at] <same-email[at]> 
Sent: Tuesday, August 13, 2019 1:39 PM
To: same-email <same-email[at]>
Subject: Keep your secrets safe!


I am a representative of the ChaosCC hacker group.
In the period from 23/06/2019 to 11/08/2019 we got access to your account same-email[at] by hacking one of the mail servers.

Your pass for above account on moment of hack was: cville You already changed the password? 
Sumptuously! But my program fixes this every time. And every time I know your new password!

Using access to your account, it turned out to be easy to infect the OS of your device.

At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.

We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).

While browsing these sites, your device&#8217;s camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.

At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.

If you do not want this, transfer 550$ to our Bitcoin cryptocurrency wallet: 1x2iPSuHetkZ9apse9Yh8pidsdwCsDRWtkt7rhsAg1u
I guarantee that we will then destroy all your secrets!

As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.

You decide... Pay or live in hell out of shame...

We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device&#8217;s camera when you visit adult sites!

Take care of yourself!

[Posted: Aug 12, 2019 3:08 PM]

From: Microsoft <msa[at]
Sent: Monday, August 12, 2019 2:33 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: MAILER-DAEMON - Unexpected Error Occurred: Email Validation Required


Sign in with your own domain | View it online


Office 365

Photo of a person using a tablet at an outdoor table

Making sign-in more secure by verifying your email

Mail Security Update, verify your Office 365 sign-in email securely as part of our protocol, it's easy and it will be set up automatically. Failure to do so will cause a temporary suspension of service until verification is done.



Get Started



See instructions and video


Icon representing a person wearing a telephone headset

Get help verifying your domain

Verifying that you're the owner of your custom domain is a multi-step process, but don't worry—there's plenty of help to get you through it. You can talk with a Microsoft support engineer who'll walk you through the process.

Get help from an engineer


This email was sent from an unmonitored mailbox.

You are receiving this email because you have subscribed to Microsoft Office 365.

Privacy Statement

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA


[Posted: Jul 30, 2019 8:43 AM]

From: Outlook Web App <bcouch[at]>
Date: Monday, July 29, 2019 at 10:46 PM
Subject: Your account will be deactivated

Unusual sign-in activity

This is to inform you that your request on: 2019-07-29 11:21:10 to

remove your Email account from our server has been
approved and will initiate in one hour from the exact time you open

this message.

ignore this message to continue with email removal


If this deactivation was not requested by you

Download and open  the attachment on this message to verify and keep your your email account active


Thank you,
Outlook Web App Team.

[Posted: Jul 29, 2019 9:56 AM]

From: Admin <ms-oxprotp.mssimple.apcprd01[at]>
Sent: Monday, July 29, 2019 7:38 AM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: You Have (9) Pending Undelivered Email Undelivered Mails.

Hello mst3k[at]<mailto:mst3k[at]>,

You have (9) pending undelivered emails, awaiting your confirmation now .

If you wish to receive the undelivered email, Kindly confirm below mgst3k[at]<mailto:mst3k[at]>.

Confirm Pending Email Here. <hxxp://[at]> will not be responsible for any loss of email if above action is not taken.

Your best mail service.
Best Regard, Undelivered Mails.

To stop receiving this email, Subcribe Now<hxxp://>

[Posted: Jul 29, 2019 8:36 AM]

From: VIRGINIA.EDU<hxxp://VIRGINIA.EDU> ACCOUNT TEAM <account-security-noreply[at]<mailto:account-security-noreply[at]>>
Date: July 29, 2019 at 5:32:52 AM EDT
To: <mst3k[at]VIRGINIA.EDU<mailto:mst3k[at]VIRGINIA.EDU>>
Subject: Blocked Incoming Messages | Email configuration settings for [ DR4U[at]VIRGINIA.EDU<mailto:DR4U[at]VIRGINIA.EDU> ]

Blocked Incoming Messages


The following messages have been blocked by your administrator due to validation error.

You have been 10 new messages in your email quarantine. Date: 24/07/2018 01:22:00 -0800 (CDT) User:  mst3k[at]VIRGINIA.EDU<hxxps://[at]VIRGINIA.EDU>


Click On Release, to Release these message(s) to your inbox folder: Deliver Messages<hxxps://[at]VIRGINIA.EDU>

Quarantined email
        Recipient:      Subject:        Date:
Release<hxxps://[at]VIRGINIA.EDU>    mst3k[at]VIRGINIA.EDU<hxxps://[at]VIRGINIA.EDU>  Fwd: MT 103 SWIFT from [email protected] [ANZ]<hxxps://[at]VIRGINIA.EDU>     24/07/2019
Deliver all messages (10)<hxxps://[at]VIRGINIA.EDU>

Note: This message was sent by the system for notification only.  Please do not reply

If this message lands in your spam folder, please move it to your inbox folder for proper interagtion:   Click Here<hxxps://[at]VIRGINIA.EDU>
My message...

[Posted: Jul 29, 2019 8:32 AM]


10 of your incoming messages has been suspended now because your email box account needs to be verified now. Do verify<hxxps://> your email box account now to receive these messages that has been suspended.

Microsoft Verification Team


Microsoft © 2019 Webmail .Inc . All rights reserved.


[Posted: Jul 26, 2019 3:48 PM]

From: IT Desk (via Google Drive) <[email protected]>
Sent: Friday, July 26, 2019 1:42:18 PM
To: UVA Users <[email protected]>
Cc: many more users
Subject: Faculty Accessment and Evaluations.docx


[email protected] has shared the following document:

Unknown profile photoAlev Erisir shared a file with you.



Google Drive: Have all your files within reach from any device. 
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

[Posted: Jul 23, 2019 11:37 AM]

From: International Monetary Fund.(IMF) <info[at]>
Sent: Monday, July 22, 2019 12:41 PM

International Monetary Fund.(IMF)
Address:700 19th St NW, Washington,
DC 20431,United States


My name is Ms. Christine Lagarde and I work with the International Monetary Fund (IMF), I am writing you to let you know that finally your ATM Card worth $6,000,000.00 USD has been delivered through FEDEX to Mr. Peter Perry for activation, who works with the IMF where it is going to be activated before final delivery to your home address. You can use the tracking number with the tracking site below to track the ATM Card to be sure it has been delivered to Mr. Peter Perry for activation.

Delivery Company: Fedex Courier Company
Tracking Number:   774909134450
Tracking Site: hxxps://

You are simply advice to contact our Claim Agent  Mr.Jay Walter (j1m485uk[at]<mailto:j1m485uk[at]>) with the below details as stated.?

Contact him with your data as stated below:

1. Your Full Name.........................
2. Your Full Address Where You Want the Courier Company to Send Your Funds.
3. Your Age...................................
4. Occupation.................................
5. Cell/Telephone Numbers...............
6. Country......................................

Note: The only fee you are to send for the activation of your ATM Card is just $150 USD. So make sure you don't send him more than $150 USD. Your card is already with him and you can track it with the tracking details given to you above for confirmation.

Best Regards,
Ms. Christine Lagarde
International Monetary Fund (IMF)

[Posted: Jul 22, 2019 12:56 PM]

From: MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at] <MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]>
Sent: Tuesday, July 23, 2019 7:08 AM
To: User, Typical (mst3k) <mst3k[at]>
Subject: Unаblе-to-dеlivеr-mеssаgе Monday, July 22, 2019

x_ x_
Message from Trusted server.


Dear : user[at]<mailto:user[at]>

Outlook has prevented the delivery of 7 new emails to your inbox

as of Tuesday, July 23, 2019 4:07:58 AM because sync of messages failed due error in mail server

You can review this here and choose what happens to them

Rеаd mеssаgе <hxxps://[at]>

2019 Microsoft Corporation. All rights reserved. |Acceptable Use Policy | Privacy Notice

[Posted: Jul 22, 2019 10:53 AM]

From: Finance Department <ceo18b[at]>
Sent: Monday, July 22, 2019 10:41 AM
To: User, Typical (mst3k) <mst3k[at]>
Subject: Finance Department


You have (2) new notification from the finance department.

Log into your account to view<hxxps://>


Finance Department

8301 Saint James Court, Tampa, Fl, 32647, Hillsborough, Tampa, FL 32647

Unsubscribe<hxxps://> - Unsubscribe Preferences<hxxps://>

[Posted: Jul 22, 2019 8:32 AM]

From: Mail Admin <no-reply[at]>
Sent: Monday, July 22, 2019 1:05 AM
To: User, Typical S (gmm3u) <mst3k[at]>
Subject: mst3k[at] incoming mails Maintenance pending(7) update

Hello mst3k[at]<mailto:mst3k[at]>,

Due to subsequent verification failure on your account, your mailbox has been suspended due to mail policy,

PLEASE CONFIRM HERE<hxxp://[at]> to continue usage.

Note: Failure to COMFIRM will lead to termination of your mailbox account.

© 2019 mail All rights reserved. NMLSR ID 8018752

[Posted: Jul 19, 2019 10:52 AM]

From:<hxxp://> <noreply[at]<mailto:noreply[at]>>
Date: July 19, 2019 at 4:18:32 AM EDT
To: <mst3k[at]<mailto:mst3k[at]>>
Subject: Our Server has prevented the delivery of 8 new emails to your inbox

NOTICE: mst3k[at]<mailto:mst3k[at]>

Our Server has prevented the delivery of 8 new emails to your inbox as of 7/19/2019 6:49:24 p.m.. because it identified these messages as spam. You can review these and choose what happens to them so as not to miss out on important messages. You can also get more information about quarantined messages by going to the Security and Compliance Portal.

Emails will be deleted automatically after 7 days.
VIEW MAILS<hxxp://[at]>


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form