Search This Site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Mar 7, 2022 1:53 PM]

From: Ticket #9540234 <>
Sent: Sunday, March 6, 2022 3:35:21 PM
To: UVA User <>
Subject: Payroll Notifications for on 07 Mar 2022
Dear mst3k,
Messagstretchpantse from Payroll Manager
Your payroll is pending verification.
Please checbandlimitsk statunloadenus belodevolatilizedw
Check status here
Copyright © 2022.  |  THE UNIVERSITY OF VIRGINIA  |  All Rights Reserved

[Posted: Feb 24, 2022 8:52 PM]

From: Package Info <noreply [at]>
 Subject: Service Update for 24th Feb #GEESQ-24-14295109
 Date: February 24, 2022 at 3:11:38 PM EST
 To: "mst3k [at]" <mst3k [at]
 Your services has been renewed
 This emails confirms the renewal of your services with G-Squad. We are glad to inform you that your plan with us has been renewed for $395.49. Please review the summary of your renewal:
 Renewal ID
 Renewal date
 24-Feb-2022 09:15:55 EST
 Registered Email – confirmed <    
 Description    Users    Qty    Amount
 Geek Secure Premium
 04    01    395.49 USD
 Subtotal    395.49 USD
 Total    395.49 USD
 Payment    395.49 USD
 Method used
 Credit/Debit Card
 Issues with this Email?
 You have 24Hrs. from the date of the renewal to cancel your plan.
 Help-Desk: +1 (xxx) 300-0118
 Please do not reply to this email. To get in touch, reach Help-Desk
 Not sure why you received this email? Learn more


[Posted: Feb 24, 2022 9:00 AM]

From: Mail Admin <NOREPLY [at]> 
Sent: Wednesday, February 23, 2022 7:27 PM
To: User, Typical S (mst3k) <mst3k [at]>
Subject: Email Security Alert!!!






Security Update Notification


Dear mst3k [at]


Concerning the recent security breaches on our host server as reported by provider, We have taken measures to strengthen our server security to prevent future breaches. We urge you to use the "Take action" button to enroll on our newly updated security system to avoid breach of email data.

Take action


You received this email to let you know about important changes to your Account and services.

© 2022 LLC





Vision :  To be a leading world-class manufacturer of preferred sugar and associated products. 
Mission :  Sustainable production of Sugarcane, manufacture and market of quality sugar and associated products for the delight of Customers .

Help save paper and consider our environment - do you need to print this e-mail? 
SonySugar is committed to keeping the World Green by Keeping it on the Screen.

[Posted: Feb 18, 2022 10:41 AM]

From: "Garland, Maran K (mkg9d)" <mkg9d [at]>
Date: Friday, February 18, 2022 at 10:16 AM
To: "User, Typical (mst3k)" <mst3k [at]>
Subject: Personal Assistant Position

Dear Student Faculty and Staff,

  There is an open position a business executive is currently out of the states for conference and business purposes he is in need of a very honest person to assist him during this period.


Monitor Calls and reply to emails.

Receive and make payment to business clients.

Flight booking.

Payment : $400

Location: USA

Applicants must be 18 and above.

CLICK HERE<hxxp://> To submit an application.

Maran K. Garland

[Posted: Feb 18, 2022 10:39 AM]

From: "Lewis, Tanika (tl9jh)" <tl9jh [at]>
Date: 18 February 2022 at 14:26:04 GMT
To: Typical User <mst3k [at]>
Subject: UVA Employment

Work remotely at your convenience from home or school this semester. Students and staff of  UNIVERSITY OF VIRGINIA  are qualified to apply, and payment is $400 weekly! Kindly CLICK HERE<hxxps://> to submit an application.


[Posted: Jan 26, 2022 4:45 PM]

A critical vulnerability (CVE-2021-4034) has been identified that requires the immediate attention of most Linux users. Please prioritize this issue.  

Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it,  are on our webpage: Critical vulnerability in most default Linux installations

We want to make sure that finding and fixing this vulnerability is high priority for all Linux administrators.  Linux users who are not administrators should contact their administartor to make sure it is being fixed.

Thank you for helping to keep everyone’s data and information at UVA secure.  

[Posted: Jan 18, 2022 5:15 PM]

Multiple people at UVA have reported that they have received a text message that looks something like the one below.

This is "smishing" - it's like "phishing" but over SMS text  so it's called "smishing
So treat it like a phishing email - Don't click on the link. 
Notice the weird writing, such as putting parenthesis around the "3" and not making "virus" plural.
The link is a odd as well, not a well-known link shortener, and if you hovered on it, it doesn't go where it states.
So ignore this text!

Your browsing history showed visits to unsecured websites. Now you have (3) virus on your device. Clean your phone <> ASAP

[Posted: Dec 29, 2021 8:41 AM]

From: <info [at]>
Sent: Wednesday, December 29, 2021 5:59:55 AM
To: User, Typical S <mst3k [at]>
Subject: virginia.edu_Notification:(Wednesday, December 29, 2021) WEBMAIL

Hello mst3k,

Your mst3k [at] password is set to Expire today,

Wednesday, December 29, 2021

You can change your password or continue using same password below

Keep Same Password <hxxp://> Support

[Posted: Dec 13, 2021 4:15 PM]

If you and/or your folks are not already working on finding/remediating the Apache log4j Java vulnerability (CVE-2021-44228), please prioritize this issue.  It is a critical zero-day exploit.

When this vulnerability is exploited, the bad guy can run commands on your computers or servers,  steal data, and/or use your computers to laterally pivot to other computers or servers. 

Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it are on our webpage: Action Needed: Critical Vulnerability in Widespread Java Logging Library

We want to make sure that finding and fixing this vulnerability is high priority for everyone. 

Thank you for helping to keep everyone’s data and information at UVA secure.  

[Posted: Nov 18, 2021 4:07 PM]

From: Virginia -053100 <kazash [at]> 
Sent: Thursday, November 18, 2021 3:36 PM
To: Typical User mst3k [at]>
Subject: Covid Test#56470
Importance: High

Attached copy of your test result.

[Posted: Nov 13, 2021 7:32 PM]

From: "John William Betts, III" <jwb286 [at]>
Date: November 13, 2021 at 1:05:15 PM EST
Subject: University Payroll Services invited you to view the files "Regarding 2021 payroll schedule "on Payroll Services.



University Payroll Services invited you to view the files "Regarding your 2021 payroll schedule "on Payroll Services.

View file<hxxps://>

University Payroll Services

[Posted: Nov 5, 2021 3:04 PM]

From: IT HelpDesk <no-reply [at]>
Date: Friday, November 5, 2021 at 2:58 PM
To: Typical User <mst3k [at]>
Subject: Urgent Action Required!

Hi mst3k,

Due to new terms of our user agreement, we inform you that we made recent updates in our website to ensure safety while using our services. Follow the link below to update your mailbox and follow the steps to check your email.


Update Account



Should you have any questions, do not hesitate to contact me.

Helpdesk Team

[Posted: Nov 1, 2021 3:14 PM]

From: IT Help Desk
Sent: Monday, November 1, 2021 3:00 PM
To: Recipients
Subject: Security alert
Your virginia edu account will be De-activated shortly

To stop De-activation Click Here and Log In

IT Help Desk.

[Posted: Oct 1, 2021 4:50 PM]

More Zero-Day flaws in the Chrome web browser for Windows, Macintosh, and Linux computers

More zero-day flaws have been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaws (CVE-2021-37975 and CVE-2021-37976) are a high and medium severity flaw (respectively) on the CVSS vulnerability-rating scale.  Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the system or obtain sensitive information. 

Google has released an emergency Chrome fix to address these two zero-day vulnerabilities (version  94.0.4606.71). Most Chrome browser will auto-updated and the update requires the browser to be restarted.
Considering the disclosed vulnerabilities, you should update your Chrome browser to the latest version (at least 94.0.4606.71) as soon as possible.  This update addresses these two security flaws.

Double-check your Chrome Browser is up-to-date

Chrome will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.

In Chrome, click on Settings  then About Chrome

If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 89.0.4389.128 

Additional Details

One vulnerability (CVE-2021-37975) could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
The other vulnerability (CVE-2021-37976) could allow a remote attacker to obtain sensitive information, caused by an information leak in core.  By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

(References:, and ).

Please see the Chrome Security Page and the Chrome Releases webpages for more information.

[Posted: Sep 27, 2021 10:30 AM]

Text Message starting a Gift Card Scam

Multiple people at UVA have reported that they have received a text message that looks like this: 

This is the beginning of a gift card scam!

Do NOT reply to this text message. 

If you're concerned that it is legitimate request from your "<UVA leader>" (e.g., your dean, department chair) then email or call that person using the contact information you already have.

Please report "smishing" (SMS phishing) to us by emailing

Learn more about gift card scams and how to avoid them by reading our past Security Tips at "Don't Get Gift Card Scammed" and "Gift Card Scams

[Posted: Sep 25, 2021 3:25 PM]

Many hundreds of email messages are coming in with this type of format:

From: Department Chair  < @< @>>
Subject: Send me your available text number that I can reach you at
Date: September 25, 2021 at 2:40:33 PM EDT
To: typicaluser @<mailto:typicaluser @>

Department Chair
Dean and professor
School of Scam Science

Even if they seem to come from your chair, department head or supervisor, they are a scam - DELETE them.

Your supervisor does not need to ask for your cell phone number, nor do they need you to buy gift cards for them - the latter violates UVA policy.

[Posted: Sep 23, 2021 2:23 PM]

Subject:     Document shared with you: "EVALUATION.DOC.XX.docx"
Resent-From:     mst3k [at]
Date:     Wed, 22 Sep 2021 23:18:27 +0000
From:     Christina Grieco (via Google Docs)
<drive-shares-dm-noreply [at]>
Reply-To:     Christina Grieco <christina.grieco [at]>
To:     mst3k [at]

christina.grieco [at]
<mailto:christina.grieco [at]> shared a document
Unknown profile photo
christina.grieco [at]
<mailto:christina.grieco [at]> added you as a viewer.
Verify your email to securely view this document. You will need to
verify your email every 7 days. Learn more
FWD:Jennifer L. West shared a file request using one drive.




Use is subject to the Google Privacy Policy

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because
<mailto:christina.grieco [at]> shared a document with you
from Google Docs.
Delete visitor session
Logo for Google Docs <hxxps://>

[Posted: Sep 23, 2021 2:20 PM]

NOTE: Similar "order confirmation" phishing messages are VERY common - just delete it if it looks unfamiliar.


From: PayPal@Team <jeandfwade [at]>
Sent: Wednesday, September 22, 2021 1:55 PM
To: User, Typical S <mst3k> <mst3k [at]>
Subject: Your Order Confirmation




Dear Member,

You sent an automatic payment to ExpressVPN. Here are the details.


Automatic Payment Details:

Automatic payment number:                     K-9D3NB62

Amount to be paid each time:                  $229.99 USD

Billing Cycle:                                                  Quarterly

Payment Start:                                              22 Sep 2021

Next payment Due:                                      21 Dec 2021

Next Payment Amount:                              $229.99 USD

Pay with Money from:                                 PayPal


To change or cancel your agreement with ExpressVPN, log in to your PayPal account, go to your profile,

And click My Money and update your agreement in the “My preapproved Payments” section.


Do you confirm this payment?

Support: 1-xxx-341-0706

[Posted: Jul 26, 2021 8:32 AM]

From: mst3k [at] <mst3k [at]> on behalf of <direct [at]>
Date: Monday, July 26, 2021 at 7:21 AM
To: mst3k [at] <mst3k [at]>
Subject: mst3k [at] Email Account Password Update
Secure Messaging

Dear mst3k [at]

Kindly inform your password to mst3k [at] expires today.

Please kindly use the below button to continue with the same password.

Proceed To Keep Same Password<hxxps:// [at]>

Further messages might be prevented if any of the above actions are not performed.
This email was sent from Mail Center.

Copyright © 2021  Inc. All rights reserved.

[Posted: Jul 12, 2021 8:26 AM]

From: Mail Administrator <mailadmin [at]>
Date: Monday, July 12, 2021 at 4:02 AM
To: Typical User <mst3k [at]>
Subject: Action Requested: Mail Box Full

Dear mst3k [at],
Your message mailbox is almost full.

Current size

Maximum size

Your mailbox might be closed or unavailable. Kindly activate<hxxps:// [at]> to update your mailbox storage.

No further action is necessary, this is just a notification for your account safety, just follow the
above link and sign back in to increase storage limit and continue your usage.

Admin Team


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form