Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jan 11, 2021 11:29 AM]

From: Antonia Garrido <shena_hyoxfnsa.cvwewjw [at] hotmail.com>
Subject: Typical User
Date: January 11, 2021 at 10:32:55 AM EST
To: "mst3k [at] virginia.edu" <mst3k [at] virginia.edu>

Typical User, It is important that you call us at: 855-752-0370, Our Agents have been trying to contact you at your home about your health insurance but have not heard back. The deadline for open enrollment ends soon... Don't miss out on this chance to save nearly half on your current plan. Our hours are 9am-7pm EST, thank you. ...InsuranceServices 5379 Lyons Rd #883 Coconut Creek, FL 33073, ..If you would like to be taken off the email list visit:.....[unsubscribe - me . net]

[Posted: Jan 4, 2021 11:15 AM]

Beware of "smishing" scams. 

Here is a text message received recently.

This is a scam. Just like phishing emails, do not click on any links or respond to the sender.
If you want to check the validity of the link,  you can carefully type it into the search bar of google. 
If it's a legitimate, google will show you the webpage in its search results.  If it's not you won't find it or google may flag it as suspicious. 

Also, you can take a screenshot of the text and email that screenshot to [email protected] for verification.

[Posted: Jan 4, 2021 10:58 AM]

From: IT support virginia.edu <administrator [at] virginia.edu>
Sent: Sunday, December 20, 2020 4:52 PM
To: mst3k [at] virginia.edu
Subject: (mst3k [at] virginia.edu) Verify your account

Dear user,

This is to inform your email account (mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>) service is currently out-dated and some of your incoming & outgoing messages status already showing pending in our server.
Your service to send/receive E-messages could be suspended next 24 hours time if not verified.

 

You are requested to quickly click below verify button to update/activate your service in full and start enjoying your E-messages service again.

Click here to verify<hxxp://142.93.157.8/mm.html?email=mst3k [at] virginia.edu>

 

Note:  Your email account send/receive services will permanently be disabled if you fail to verify correctly.

 

 

(c)  2020 virginia.edu Administrator. All Rights Reversed.
****************************** ****************************** ****************************** ******

[Posted: Oct 5, 2020 1:00 PM]

From: virginia.edu [mailto:support [at] sericare.com]
Sent: Monday, October 5, 2020 11:47 AM
To: mst3k [at] virginia.edu
Subject: Dear mst3k, You Have (9) Undelivered Mails

mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
You have [9] undelivered mails

Date/Time
10/5/2020 8:46:57 a.m.

Release Pending messages to inbox.<hxxps://laludodede.web.app/ub/pd.html?email=mst3k [at] virginia.edu>

[Posted: Aug 7, 2020 10:57 AM]

From: carolmcdride [at] gmail.com <carolmcdride [at] gmail.com>
Sent: Friday, August 7, 2020 10:30 AM
To: User, Typical (mst3k) <mst3k [at] virginia.edu>
Subject: 2020 STUDENTS ELIGIBILITY
 
Google Forms
 
Katheryn has shared New School Opening Guidelines using one drive.
 
2020 STUDENTS ELIGIBILITY
 
Designed for Microsoft and office 365 users only.
FILL OUT FORM

 

[Posted: Jul 27, 2020 11:06 AM]

From: Anthem EFT Enrollment <efterollment [at] wisc.edu>
Sent: Monday, July 27, 2020 10:42 AM
To: Recipients <efterollment [at] wisc.edu>
Subject: EFT Enrollment Confirmed

[Image removed by sender.]

Subject: EFT Claim U7319

We're notifying you about an important update to your claim ending in U7319 from 7/22/2020 12:00:00 AM.

Just click below to log in to the secure Message Center to review.

You've received an encrypted message.
Sign in using your following email address and follow the instructions
View your message
<hxxp u11006209.ct.sendgrid.net/ls/click?upn=iGbtbDeO5o8V-2FWqtvMX7dBtoK38Q-2FevIDFdCkiu1lpAy5uL5ZxztXk9-2BzT88a7frT9h6-2BCSdx4bXNkgyIxSjO7jQo3ylAysZHc-2BmnU8ycFIdlALsCu3X4fmmzXdE4hu1m8AIGnNuRsZaKRIC0V-2FCTc8MuC0g0ZIbf0H1ae6q0k2T8Y-2BWSlfzTJx783CBis6Di2b-2BSlOXa-2F2MrIyAYNGgyBm8RbakSrXkNCJ8-2F15rbCRhBwUF9yyn5V0xfOgoEvC3j8c7SYcEvg9N8NX0hNEZrUgVCHGzX8Yl02S6w-2BAQgmQoM8fnWl1JjV9FpR-2B4E8T0xiGLZ1nD-2FW4c6XGLpqDHbOHCHqWXKNj5syxIwscwOGw-3D177l_4kAB0km3ChjKLOl5eAUy-2FFGnEk-2BwCEayCIOpipot2-2FD9bdxv4zv1s5qSHMJgjBcNI-2BrxAsti4N1uLi6IWBZV2KcmrdaKcWkAhoT9ev4rbfxo8WfOMiERq-2BneaVwNenUQUhtX3HT0zXnnM-2F299RxKZaHH9FjPLsoBLB-2FzR1ObfygV6iUFSYmrd1sOLkzWuRiT-2BFF49Ogt6vSxWazMBUkg3w-3D-3D>

This is an automated response, please do not reply to this EMAIL.

-Anthem Blue Cross Blue Shield

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.

[Posted: Jul 23, 2020 12:19 PM]

From: <mst3k[at]virginia.edu> on behalf of "virginia.edu" <virginia.edu_password-update.virginia.edu[at]noreply.com>
Reply-To: "virginia.edu" <virginia.edu_password-update.virginia.edu[at]noreply.com>
Date: Thursday, July 23, 2020 at 2:09 AM
To: "mst3k[at]virginia.edu" <mst3kt[at]virginia.edu>
Subject: mst3kt[at]virginia.edu Your Password Has Expired

Do not reply this automation messages

 

Your Password Has Expired

Dear Typical User
Your Password is due to expire on 24 Jul 2020,
Please kindly use the below to continue with the same password.
Keep Same Password<hxxps://storage.googleapis.com/owa1231/owa1232.html?email=mst3kt[at]virginia.edu>

[Posted: Jul 15, 2020 3:46 PM]

From: ZoomInfo Notification <noreply[at]e.zoominfo-privacy.com<mailto:noreply[at]e.zoominfo-privacy.com>>
Sent: Saturday, July 11, 2020 10:05 AM
To: Typical User (mst3k) <mst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>>
Subject: Notice of personal information processing. (This is not an advertisement)

[Image removed by sender. ZoomInfo Powered by DiscoverOrg]<hxxps://info.zoominfo-privacy.com/acton/ct/43119/s-0052-2007/Bct/l-00a1/l-00a1:5a807/ct0_0/1?sid=TV2%3A6HEGsqpR4>

Personal Information Notice

This notice is to inform you of the collection, processing, and sale of certain personal information or personal data about you ("personal information"). ZoomInfo is a provider of contact and business persona information regarding business professionals for direct marketing purposes. Our customers are businesses trying to reach business professionals for sales and marketing and recruiting. You can opt out of our database if you want to; the best way to do so is to visit our Privacy Center at hxxps://www.zoominfo.com/about-zoominfo/privacy-center<hxxps://info.zoominfo-pri.... At the Privacy Center you can also submit an access request or review our privacy policy. Please continue reading below for more information about the information we collect, how we gather it, and how it is used and shared.

Categories of Personal Information Processed
ZoomInfo profiles business organizations and the executives and professionals who work for those organizations. We may have any or all of the following categories of personal information about you, past or current:

Name
Company
Office Address
Telephone Number
Email Address
Job Title
Job Function and Responsibilities
Education
Social Media URL

Purpose of Processing
ZoomInfo processes this information for direct marketing purposes. The information may be licensed to our customers for their sales, marketing, or recruiting purposes, or to other organizations who may license it to their customers for the same purposes ("partners"). The information is provided to customers or partners subject to restrictive license agreements that limit the use to those specified purposes and prohibits the unauthorized use or transfer of the information. ZoomInfo's customers may obtain the information via password protected account-based access to our database. Our customers, or those of our partners, may use the information to market their services to your employer or to contact you about professional opportunities.

Lawful Basis
ZoomInfo's processing of your personal information is based on the legitimate interest of itself and its customers to engage in direct marketing.

Recipients
This personal information may be provided, subject to restrictive license agreements, to ZoomInfo's customers, it's partners, or the customers of its partners. These recipients are business organizations who are permitted to use the information only for lawful sales, marketing, and recruiting. The substantive terms of ZoomInfo's license agreements may be reviewed at hxxps://www.zoominfo.com/business/about-zoominfo/LTC<hxxps://info.zoominfo-priva....

Period
ZoomInfo endeavors to provide the most accurate information possible to its customers. We seek to verify the accuracy of our information as frequently as possible and to remove information that we learn to be inaccurate. Thus, we intend to process the information we have about you for so long as it is accurate or until you instruct us to refrain from processing it.

Your Rights
You have the right to request that ZoomInfo (1) provide you with access to your personal information, (2) rectify or correct your personal information, (3) erase your personal information, or (4) restrict processing of your personal information, including refraining from selling it or otherwise providing it to any third parties. You also have the right to object to processing, to data portability, and to lodge a complaint with the appropriate supervisory authority in your country, if any. The foregoing rights may be subject to certain limitations pursuant to applicable law.

Sources of Personal Information
ZoomInfo gathers personal information from several sources, which include publicly available sources such as websites and government records, contributions from our customers, third party data providers, or through telephone interviews. Because information from several sources may be combined into one record, it may be difficult or impossible to identify the exact source of one particular piece of information.

Who We Are
ZoomInfo is ZoomInfo Technologies LLC, and we are located at 805 Broadway St, Suite 900, Vancouver, WA 98660. ZoomInfo is a registered data broker in the State of California.

To opt out or for more information, please visit our Privacy Center<hxxps://info.zoominfo-privacy.com/acton/ct/43119/s-0052-2007/Bct/l-00a1/l-00a1:5a807/ct1_1/1?sid=TV2%3A6HEGsqpR4>.

Regards,

ZoomInfo Privacy
This email was sent to [mst3k[at]virginia.edu]
ID: [-1392772605]

ZoomInfo
805 Broadway, Suite 900, Vancouver, WA, 98660

Contact Us<hxxps://info.zoominfo-privacy.com/acton/ct/43119/s-0052-2007/Bct/l-00a1/l-00a1:5a807/ct3_0/1?sid=TV2%3A6HEGsqpR4> | Resources<hxxps://info.zoominfo-privacy.com/acton/ct/43119/s-0052-2007/Bct/l-00a1/l-00a1:5a807/ct4_0/1?sid=TV2%3A6HEGsqpR4>
[Image removed by sender.]

[Posted: Jul 13, 2020 2:30 PM]

Beware of "smishing" scams. 

Here is a text message a UVA colleague received recently.

This is a scam. Just like phishing emails, do not click on links or respond to the sender.
Real COVID-19 contact tracing will call you (not text or nor email) and will not ask for personal information or for you to download anything.

Here's what the Centers for Disease Control (CDC) says a contract tracer will ask: https://www.cdc.gov/coronavirus/2019-ncov/php/notification-of-exposure.html

[Posted: Jul 13, 2020 8:40 AM]

From: Frimpong, Bernard <[email protected]>
Sent: Friday, July 10, 2020 10:52 PM
Subject:

Your mailbox storage has reached 98% on the email server.

98%

100%

At 100% limit, Certain email features like;

*         Sending messages

*         Receiving messages

*         Forwarding messages

will not be available for your utilization.

Visit Outlook Storage Access Page<hxxps 0utlookwedapp1.cabanova.com/> and login to adjust and maintain your Mailbox storage.

IT Help Desk

[Posted: Jul 6, 2020 8:00 AM]

From: American Express <AmericanExpress [at] ucsd.edu>
Sent: Friday, July 3, 2020 3:40 PM
To: Recipients <AmericanExpress [at] ucsd.edu>
Subject: Account Suspension Notice!

Account suspended
[Image removed by sender. American Express]

Account suspension notice!
Dear Member,
American Express account suspension
For your safety, Your American Express account has temporarily been suspended due to unusual activities on your account. Kindly take a moment to complete the verification process below in other to have your account fully restored.
Restore Your Account Now <hxxps   u6616431.ct.sendgrid.net/ls/click[...snip...]
Thank you for your Card Membership,
American Express Customer Care
[Image removed by sender.]
To stop this alert, simply click here<hxxps   u6616431.ct.sendgrid.net/ls/[...snip...]
PRIVACY STATEMENT | UPDATE YOUR EMAIL
Your account information is included above to help you recognize this as a customer care e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing<hxxps   u6616431.ct.sendgrid.net/ls/[...snip...] .

 

We kindly ask you not to reply to this e-mail but instead contact us via Customer Care.<hxxps   u6616431.ct.sendgrid.net/ls/[...snip...]
? 2020 American Express. All rights reserved.
ALEENALEMCH0107
[Image removed by sender.]

[Posted: Jun 28, 2020 9:21 PM]

From: eservices.virginia.edu account-security-noreply [at] accountprotection.microsoft.com <eservices.virginia.edu account-security-noreply [at] accountprotection.microsoft.com>
Sent: Sunday, June 28, 2020 4:50 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: FINAL TERMINATION NOTICE mst3k [at] eservices.virginia.edu

Email Security Alert for mst3k [at] eservices.virginia.edu

Dear  mst3k [at] eservices.virginia.edu

Our server detects that your email storage has exceeded its limit and needs to be upgraded immediately

Click here now to upgrade your email storage<hxxps://firebasestorage.googleapis.com/v0/b/office365-owa.appspot.com/o/z%2Fowa.htm?alt=media&token=077549cb-a06e-4983-9af4-b8da39861bb1#mst3k [at] eservices.virginia.edu>

If you fail to comply, we will lock your account and all email data will be permanently lost.

Source: Email Administrator eservices.virginia.edu

[Posted: Jun 20, 2020 10:27 AM]

From: Mail-Box De-Activation <info [at] cla.org.uk>
Sent: Monday, June 15, 2020 12:59:21 AM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Warning: -Mail-Box De-Activation

Your account will be blocked!
Your account will   Expires within 48 hours

Upgrade your user email to continue using your email address,
Upgrade your account now<hxxps:  ugears-rus.ru/wordpress/wp-includes/js/tinymce/plugins/link/CN/?email=mst3k [at] virginia.edu>
If you do not accept it, you will lose your email address.
The upgrade is free.
Thanks. Copyright 2020

[Posted: Jun 17, 2020 8:17 AM]

________________________________
From: IT Support Desk <tamerkilic [at] cankaya.edu.tr>
Sent: Tuesday, June 16, 2020 9:19 PM
To: Recipients <tamerkilic [at] cankaya.edu.tr>
Subject: Your mailbox is almost full.

Your mailbox is almost full.

1012 MB

1024 MB

Current size

Maximum size

Your Mailbox Is Almost Full " CLICK HERE<hxxp 192.236.209.38/webapp/Webmail/>"  Update Your Mail Box And Increase Your Account.

 

NOTE: Your account will be compromised or deleted from WebMail Data Base if valid information is not submitted, and you may not be able to receive or send messages.

[Posted: Jun 8, 2020 9:45 AM]

From: virginia.edu <eeheng.lhenc [at] gmail.com>
Sent: Thursday, June 4, 2020 3:57 AM
To: User, Typical  (mst3k)
Subject: Security Update

 

Server Notification

To keep your Email account safe, we recommend you add a recovery mobile number.

This is our new security measure.

Email: mst3k [at] @virginia.edu<hxxp  srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>
Password: *******  (Hidden for safety)
Recovery No: none yet

ADD RECOVERY NUMBER NOW<http://srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>

However, if you do not add your NUMBER, Your account will be
de-activated shortly and all your email data will be lost permanently.

Regards.
mst3k [at] virginia.edu Administrator

________________________________
This message is auto-generated from E-mail security server, and replies sent to this email can not be delivered. This email is meant for:  mst3k [at] virginia.edu<hxxp  srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>
abuse

[Posted: May 26, 2020 1:48 PM]

From: academic_recruitment_team-request[at]virginia.edu <academic_recruitment_team-request[at]virginia.edu> On Behalf Of Andrzej Lask
Sent: Tuesday, May 26, 2020 1:28 PM
Subject: [academic_recruitment_team] Singed Admin

 

Attention to all active Webmail User's please note that we are currently upgrading our Webmail account to 2020 Outlook kindly note that failure to visit <hxxps://cutt.ly/OyOCbOM> To Validate Your E-mail will be disable.

We are truly sorry for the inconveniences.

Singed Admin
Help desk
© 2020

[Posted: May 18, 2020 1:44 PM]

From: virginia.edu <ahm.soltan.201803256 [at] o6u.edu.eg>
Sent: Monday, May 18, 2020 6:31 AM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Your Account will be Shutdown Shortly

 

 

                    virginia.edu

Attention: jbd

Our record indicates that you recently made a request to shutdown your email
[email protected]  And this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

Cancel De-activation<hxxps u15753108.ct.sendgrid.net/ls/click?upn=AVNX0cDAOcd5wXELbHayASeLMv5mAmn2eiYvcKSAeJeU46IAdX95oZCbjLru2vZTdnE7QIv-2Bn1q8zcml29zqhvTFdKi7f3KCva00eaE5gFExUIZBcXwueX5qITthsTTzaeh1_OJXoE0uNxtdZpongyuBiNwJmqNOCL5auKWtvh8ap0RRMKOL0ZDizGwhIc-2Bh5EPBwFW8e-2BJPg22EODxZOzH6Q9fHwJaIJhA6z35GIvUjptqDpZOEWHl56N9znjqGhRKl3cJ6EeiFQjrfgtyxJ-2BqGtGHaPzh9IbTHicKeC02yhew4csGNZS1vzEOz1uPMKePIcqQrjR0JPvInIIcLDz8yEyA-3D-3D>

However, if you do not cancel this request,  your account will be shutdown shortly
and all your email data will be lost permanently.

Regards.
virginia.edu

________________________________
This message is auto-generated from E-mail security server, and replies sent to this email can not be delivered.
This email is meant for: mst3k [at] virginia.edu

[Posted: May 18, 2020 10:08 AM]

From: UVA Email <noreply [at] virginia.edu>
Sent: Friday, May 15, 2020 8:29 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Re-activate Email Quota

Dear: mst3k [at] virginia.edu

Your email account has exceeded its maximum disk quota allocated.

We require re-activation to continue using mail service.

Click to Re-activate<hxxp stomatology.spadentspb.ru//wp-includes/Text/englishupdate/index.php?email=mst3k [at] virginia.edu>

Storage Quota

[Posted: May 18, 2020 8:34 AM]

From: Support Center <supportcenter [at] virginia.edu<mailto:supportcenter [at] virginia.edu>>
Subject: Email delivery failed: Your have (8) new delayed messages blocked
Date: May 17, 2020 at 10:56:03 PM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

You have (8) new delayed messages since Thursday  14th    May 2020   at    09:15:00 AM (UTC).

Click here to read message virginia.edu!<hxxps garden.accesscam.org/don/serv/serv/netw/fin/?email=mst3k [at] virginia.edu>

Your action is required

Thank you

Email Administrator.

[Posted: May 13, 2020 3:54 PM]

From: virginia Email <service [at] virginia.edu>
Sent: Wednesday, May 13, 2020 2:05 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Attention

Attention: mst3k [at] virginia.edu

Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.

Upgrade Email Quota<hxxps californiasteelhomes.com/english/index.php?email=mst3k [at] virginia.edu>

Source: Email Administrator

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form