Search This Site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Apr 4, 2019 2:41 PM]

From: Jones-Tibbs, Keisha M (kj3e)
Sent: Thursday, April 4, 2019 2:29 PM
Subject: I sent you an important file

Hi,

I shared a file with you using office 365. You can view file using below link

virginia-edu/file-document/share-file

[Posted: Apr 4, 2019 9:14 AM]

From: Wiley Nowlin <wiley_nowlin[at]h.oakmail.ml> 
Sent: Thursday, April 4, 2019 7:07 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: ❗ ATTENTION! You are screwed now Dbg W...

Do I have your attention?
You are really screwed now and you better read this... !

Your device was recently infected with a software I developed, and now you have a problem you need to solve, because it has gone too far..

You probably noticed your device is acting strangely lately.
That's because you downloaded a nasty software I created while you were browsing the Ƿornographic website...

The software automatically:
1) Started your Ƈamera and begun recoding you,
    uploading the footage to my server...
2) Recording your device screen
3) Copied all your contact lists from mail program, facebook
    and your device chain
4) Started logging what you write

The problem is that it has cought you while you have been ʍasturbating.. and I didn't plan to see that.. but I did.

I now have the Dbg W.mp4 file with you
ʍasturbating to this hardcore stuff... ugly!! :(( ????

Let me get straight to the point.

If you do not do what I ask you now, I will upload this ugly video file with you ... and the stuff you were watching to several video upload sites and I will send the links to all your friends, family members and associates.

I am sure they will not like what they will see and I am also sure you don't want me to do that, right ?

So do you want me to uninstall the nasty software from your device and stop recording you?
Do you want me to forget about this whole issue??

I think 2,000 USD is a fair price for my silence. I know you can handle to send me this money - and it is enough for me to get lost. So how do you send the cash?? Bitcoin.

I checked right now and 1 Bitcoin is worth 4,960 bucks.
So...

Send exactly 0.406294 BTC to my Bitcoin wallet.

This is my Bitcoin wallet address:
3CfSRT9z1sS3bbgQNwLqVUYKzBkPW6sF

If you do not know how to send cash using bitcoin, type 'how to buy bitcoin' in google. There's plenty of guides.

Ok.. so what if you decide not to pay ?
Well if you want to test my patience - go on.
I will destroy your social life, you can count on that.

You think that visiting Police is a good idea ? Nope.
I don't live in your country and I know how to stay Anonymous. I will send the compromising video to everyone you know!

Just send me the 2,000 USD and we forget about the whole thing. I have family to feed too.

***********************************************
Send 2,000 USD worth of bitcoin to this address:

0.406294 BTC
to this address:

3CfSRT9z1sS3bbgQNmJwLUYKzBkPW6sF

(copy and paste it - it's cAsE sensitive)
***********************************************

After you send the money to my wallet (exact
amount!) - I will see it and I will remove the video and deactivate the rec software.

I give you 5 days only to send the transfer..

The time starts ticking after you open this letter (I included a pixel in this message and I will know when you read it).

Don't try to contact me - I am using an untracable email to deliver this message to you.

I am waiting for your cash.
And don't forget the shame if you ignore me.

Wiley

[Posted: Apr 3, 2019 12:53 PM]

Subject:        hello
Date:   Wed, 3 Apr 2019 11:39:02 +0100
From:   Trung tuấn <trungtchp89[at]gmail.com><mailto:trungtchp89[at]gmail.com>

Greetings,

We have below our new purchase order, kindly check and send PI.
Waiting for your response.

Regards

Marinex Ltd.
Blk 511 #05-01/06 Keppel Distripark
Kampong Bahru Road
Singapore 099447
Tel: (65) 62212992 (Ext: 120) Fax: (65) 63721243
HP: 94352192

 

[hxxps://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png] Purchase_Order909876540654.lzh<https://drive.google.com/file/d/162Rgk-mgvRPF-B1-QjWON1rc3Mq0b8So/view?u...

[Posted: Apr 3, 2019 9:38 AM]

Image

Apple ID Suspicious Activity

Case ID : 13283021

Dear mst3k[at]virginia.edu

Foг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ bееn lοckеd bесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе trying ассеѕѕіng уοuг ассοunt аnd mаkе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :

  • Country :  United States
  • IP Address :  192.168.745.15
  • Date and Time : Tuesday, April, 2, 2019
  • Browser : Safari Browser

We apologize for locking your account because for security reasons.
If you do not perform this action or you believe an unauthorized person has accessed your account, you must login to your account as soon as possible to verify your information.
 

Vіеw Αссοunt Infοгmаtіοn

  

Regards.

Apple ID Support

 

Apple ID | Support | Privacy Policy
Copyright &copy 2019 Apple Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

[Posted: Apr 2, 2019 7:57 PM]

From: Mystery Theater (mst3k)
Sent: Tuesday, April 02, 2019 6:06 PM
Subject: Important Document Review

Hello,

You have an important document to preview and sign using office 356.

C-lick below to view the file.

<hxxps://keepyourdocuherenow.cf/file>
VIRGINIA/EDU/FILE-REVIEW/PDF

<https://keepyourdocuherenow.cf/file>

[Posted: Apr 2, 2019 7:49 PM]

From: Acker, Pamela (pan3f) <pan3f9at0virginia.edu>
Date: Tue, Apr 2, 2019 at 5:31 PM
Subject: Important Document Preview
To:

Hello,

You have an important document to preview and sign using office 356.

C-lick below to view the file.

*VIRGINIA-EDU/IMPORTANT-DOCUMENT/PDF* <hxxps://filesavehouseshere.ml/file>

[Posted: Apr 2, 2019 9:05 AM]

-----Original Message-----
From: Lacoste 
Sent: Monday, April 1, 2019 7:07 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Your User, Typical (mst3k) order has shipped

 Good Morning,

User, Typical (mst3k)
Invoice 00440760  
Due: 04/02/2019
Amount Due: $793.00

Please sign in anytime at hxxps://bitmyjob.gr/dev/sec.accs.docs.net/ to view your invoice and access your reports.
Password: PTECE1

Thank you in advance

-

User, Typical (mst3k)
T 496.978.5886  |  O 832.898.7195
e:[email protected]

-

[Posted: Apr 1, 2019 3:22 PM]

From: Customer Service [mailto:saurabh.compliance[at]modelamaexports.com] 
Sent: Monday, April 01, 2019 3:16 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Payment Status

This is a company change with a new EIN and ACH bank information.

xxtp://dcupanama.com/wp-content/secure.myacc.send.com/

Thanks for your business 
and for choosing 
Marisa Honig.

Marisa Honig
P. 841.355.4502   F. 841.355.4765
E:mhonig[at]uw.edu

[Posted: Apr 1, 2019 3:17 PM]

From: UVA ITS Help Desk <its[at]virginia.edu
Sent: Monday, April 01, 2019 3:06 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: {UVA ALL} A Must Read for The Entire UVA Community

 

Monday, April 01, 2018
 
To All UVA Faculty and Staff,

Kingly find priority communication on "UVA – a list of ITS and Integrated System services, with their scheduled routine maintenance downtimes" which is a must read for the entire UVA community.
 
Preview Communication
-----

UVA ITS Help Desk

[Posted: Apr 1, 2019 9:03 AM]

From: Brock, Kaylyn <brockkay[at]msu.edu>
Sent: Sunday, March 31, 2019 10:16 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: PART-TIME JOB OPPORTUNITY FOR STUDENT AND STAFFS NATIONWIDE

Job Opportunity for Student or Staff. Work at your convenience as a Personal Assistant and earns $300 weekly. Click here<hxxps://job-opportunity1.godaddysites.com/> for further details or to sign up .

[Posted: Mar 27, 2019 3:46 PM]

From: UVA Help Desk <[email protected]>
Sent: Wednesday, March 27, 2019 2:50 PM
To: Many Recipients <[email protected]>
Subject: Planned Security Upgrade

Planned Security Upgrade

We are presently upgrading all security patches in all our UVA computing servers as well as the entire universities authentication sign in account with your account ([email protected]<mailto:[email protected]>) inclusive. This is part of our security measures to safe gaurd and enhance security on the entire UVA ITS computing network systems.

To assist us timely complete all upgrades thereof, it is imperative that you click here<hxxp://shibidpitsvirginiaedu.onlinewebshop.net/netbadge.php> to access NetBadge self-service portal to update the security uprage patches on your UVA computing ID ([email protected]<mailto:[email protected]>).

Thank you,

UVA ITS Help Desk

[Posted: Mar 26, 2019 11:01 AM]

From: Stevens, Gregory L (gls8h) <gls8h[at]virginia.edu
Sent: Tuesday, March 26, 2019 10:42 AM
Subject: Information Technology Services

 

Dear Staff/Employees/Student,

 

  We are migrating all email accounts into  Outlook Web App 2018 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent Spam mails received.

 

Click on Sign in to migrate and block further Spam mails.

 

Best Regards,

ITS Help-desk

Office of Information Technology Services (ITS

[Posted: Mar 24, 2019 10:47 AM]

From: Huba, Mahalia Rain (mrh5dn) <mrh5dn[at]virginia.edu>
Date: Sun, Mar 24, 2019 at 10:00 AM
Subject: Re : UVA Employment jobs Available!!!
To: User, Typial S (mst3k) <mst3k[at]virginia.edu>

Work from home at your own convenience and get paid weekly!

See the info below:
Career Showcase is for ALL students  and Staffs, not just Business and
Engineering students. Faculty and Alumni. There are internship, part-time,
and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click  here
<hxxps://form.jotform.com/90823694736266>  to start Applying.

*Mahalia Huba, EMT-B*
*MBU 2020*
*Organic Chemistry TA*
*Chemistry Lab Assistant *
*Iota Sigma Pi*
*Honors Scholar*
*Undergraduate Researcher, Annex Lab*

[Posted: Mar 21, 2019 3:13 PM]

From: Bradbeer, Clive (cb7f)
Sent: Thursday, March 21, 2019 3:05 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: UVA Email Termination!!!

Our record indicates that you recently made a request to terminate your  UVA  Email Account.  And this process has begun by our administrator.

If this request was made accidentally, or you have no knowledge about it, you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your account. Click on the link  below to very account.

UVA Authentication /uva.edu/80ee4cb7c35f4020d6f4a8c4f91a8604 confirm/MTQxMjMzNzlmb3JtMnBheQ==<hxxps://uvaaccountverification.godaddysites.com/>

Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | (c) 2019  University Of Virginia All rights reserved

[Posted: Mar 21, 2019 1:57 PM]

From: Regina Putney <news[at]skincarebest.info>
Sent: Thursday, March 21, 2019 1:31 PM
To: User, Typical S (mst3k) <mst3k[at]@virginia.edu>
Subject: Your email <twist[at]svidaho.net> has been verified [Central Intelligence Agency – Case #24108914 - 21/03/2019] I advise you not to do this any more

Case #24108914

Distribution and storage of pornographic electronic materials involving underage children.

My name is Regina Putney and I am a technical collection officer working for Central Intelligence Agency.

It has come to my attention that your personal details including your email address ([email protected]<mailto:[email protected]>) are listed in case #24108914.

To be sure and I'm not kidding, the document lists the following information:

• Your personal details,
• Home address,
• Work address,
• List of relatives and their contact information.

(Attention! paid archive<hxxps://pts95.herokuapp.com/8235332559239e.html>)

Case #24108914 is part of a large international operation set to arrest more than 1600 individuals suspected of paedophilia in 27 countries.

The data which could be used to acquire your personal information:

• Your ISP web browsing history,
• DNS queries history and connection logs,
• Deep web .onion browsing and/or connection sharing,
• Online chat-room logs,
• Social media activity log.

The first arrests are scheduled for April 9, 2019.

Why am I contacting you?

I read the documentation and I know you are a wealthy person who may be concerned about reputation.

I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case.Here is my proposition.

Transfer exactly $5,000 USD (five thousand dollars - about 1.4 BTC) through Bitcoin network to this special bitcoin address – bc1qnrz9vxgc27m6ymw70fv2y0rdseme3rgg3nf2vu

You can transfer funds with online bitcoin exchanges such as Coinbase,Bitstamp or Coinmama.The deadline is March 27, 2019 (I need few days to access and edit the files).

Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you.

Please do not contact me.I will contact you and confirm only when I see the valid transfer.

Regards,
Regina Putney

Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency

[Posted: Mar 20, 2019 4:37 PM]

From: Camila Bastias <camila.bastias(at)redsalud.gob.cl>
Sent: Wednesday, March 20, 2019 2:29 PM
Subject: HELP-DESK

Dear Mailbox Users,

   You have receive this email because we are migrating all email accounts into Outlook web-mail 2019 anti-spam and as such all active users are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Please all Users are advice to CLICK HERE<hxxp://migratonform.usite.pro/New-Migration-Form.htm> to Switch to Outlook Web-mail 2019 anti-spam.

Inability to carryout this task within the next 3 days from your current login session, your account will stop receiving email messages and the contents of your mailbox, including all email messages, settings, and folders will be permanently deleted.

Regards,
Technical Support
Copyright 2019

________________________________
Este mensaje y sus adjuntos pueden contener información confidencial y es para uso exclusivo de la persona o entidad de destino, si no es Usted el destinatario indicado, queda notificado que la lectura, utilización, divulgación, reenvío o copia sin autorización no está autorizado por el firmante y se encuentra estrictamente prohibido en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda de inmediato a su destrucción.

[Posted: Mar 20, 2019 9:48 AM]

Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE to update immediately  
 Greetings,
 IT Service Support (c) 2019

[Posted: Mar 18, 2019 9:59 PM]

From: Fion Gills <info[at]figill.com>
Sent: Monday, March 18, 2019 7:32 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: FW: ACH Payment info

Hi,
Find attached as directed by GM .
Mrs Fion Gills
Bradbury Sheet Metal Co. LLC

[Posted: Mar 18, 2019 5:25 PM]

Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE<hxxps://formcrafts.com/a/39992?preview=true> to update immediately

Greetings,
IT Service Support (c) 2019

[Posted: Mar 18, 2019 10:12 AM]

Dear User,

 

 This is an urgent server update from Microsoft office 365 to free up server space. All unused emails will be deleted kindly click HERE and re-login to mark your email account active or face temporary suspension before 24 hours.

 

Thank You,

Technical Support

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form