Search Information Security site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Mar 24, 2020 3:30 PM]

Gift card scam emails usually begin with a very brief email that appears to come from somebody you think is important, such as an associate dean, department chair, or your supervisor. 
It asks if you can do them a favor  or give "urgent help".   

If you think the email is a scam - DO NOT RESPOND - forward it to [email protected] for verification.

What follows is an actual gift card scam email sequence to help you spot when you might be the target! 

The initial email:

Date: Friday, March 20, 2020 at 9:38 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject:  Urgent!


<Actual Supervisor’s Signature>

To which the employee then replies:

Date: Friday, March 20, 2020 at 10:32 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject:  Re: Urgent!

Yes, I'm available to talk.

<Typical User’s Signature>

To which the scammer then replies:

Note: Clues that the email might be a phishing / scam email are in bold italics:

Date: Fri, Mar 20, 2020 at 10:35 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

I’m in a conference right now, can’t talk on phone.I want you to complete a task for me urgently, Let me know if you’ll be able to get it done ASAP.


<Actual Supervisor’s  Signature>

To which the employee replies to the scammer's email:

Date: Friday, March 6, 2020  at 10:46 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re[2]: Urgent!

Okay. I can certainly try depending on the nature of the request. I've got a short window this morning before my first (doc) appt. What would you like for me to assist you with?

<Typical User’s Signature>

The scammer replies with their request.

Note the sense of urgency and the unnatural sentence construction.
Date: On Fri, Mar 6, 2020 at 10:52 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

Here is what you need to do for me quick, I need iTunes gift cards, can you get some at the store right now? I will reimburse you as soon as I’m out of the meeting with any inconveniences.Let me know to advise on denominations to purchase.


<Actual Supervisor’s  Signature>

Wanting to be helpful, the employee replies to the scammer.  

Friday, March 20, 2020  at 10:57  AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay, sure. I can run to the grocery store and pick them up before my appt.. I have a meeting on Grounds in my office at 3:00. I can bring them to you right before that meeting. Would that work for you? How many do you need and in what denominations?

<Typical User’s Signature>

The scammer replies.

CLUE: Their reply ignores your suggestion to meet them (sometimes they will say they are to busy to meet you). 

Date:  Fri, Mar 20, 2020 at 10:59 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

All I need you to get is five (5) cards for $100:00 each worth of iTunes gift cards. Scratch-off the bar code and Attach me a clear pictures of the cards showing the codes to me here and keep the hard copies safe with you for me.Hope this is clear ?

<Actual Supervisor’s  Signature>

The employee replies to the scammer.  

Date: Fri, Mar 20, 2020 at 11:02 AM  
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay. I'll go grab them from wegmans now . I'll send pics of the back of each card with the barcode showing.

<Typical User’s Signature>

The employee sends the scammer the pictures of the gift cards they purchased with their own money.  

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached


(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>

The scammer thinks the employee didn’t do it right.  

Date: Fri, Mar 20, 2020 at 11:35 AM 
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

Scratch the bar code and send it here

<Actual Supervisor’s Signature>

So, the employee replies to the scammer explaining why they did follow the scammer's directions.  

Date: Friday, March 20, 2020 at 11:37 AM
From: “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

There is no scratchable barcode. The code at the bottom is the code. The person in the checkout line said this. And I don’t see anything on the card to scratch off

<Typical User’s Signature>

The scammer, trying to help the employee, sends an example of what they wanted.

CLUE: If this person was really in a meeting and really busy, how/where did they have example pictures of  gift cards with the bar code scratched off?
And note the “interesting” grammar and sentence construction.  

Friday, March 20, 2020 at 11:38 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re[3]: Re[2]: Urgent!

This am example

[Scammer includes a picture of a gift card with the barcode scratched off.]

<Actual Supervisor’s  Signature>

The scammer really wants the employee to do it the way they're expecting.  

Date:  Fri, Mar 20, 2020 at 11:40 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re[3]: Re[2]: Cards attached

Scratch the card the way it scratch in the picture I sent to you

<Actual Supervisor’s Signature>

The employee starts a NEW message to their supervisor.

The new email automatically retrieves the supervisor’s actual UVA email address (not the fake one the scammer is using). 
The employee sends the pictures of the cards again and their real supervisor asks what's this all about, as they did not ask for gift cards.

From: “Typical User, (mst3k)” <mst3k[at]>
Date: March 20, 2020 at 11:51:59 AM
To:  <<Used the actual UVA email address of the supervisor >>
Subject: Cards with barcodes showing

Sending one more time, just in case

---------- Forwarded message ---------

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached


(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>

[Posted: Mar 23, 2020 5:36 PM]

From: Virginia Support <fetch[at]>
Sent: Monday, March 23, 2020 2:51 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: Request created on 23 March, 2020 ref: #VZF5330960ZUSL
Importance: High

HI Mst3k,

Due the request that you created ID: 08255.
We need to validate you as the ownerof this email mst***[at]<mailto:mst***[at]>.
This validation valid until 24 March, 2020.


Thіs еmаіl wаs sеnt tо mst***[at]<mailto:mst***[at]>.

[Posted: Mar 20, 2020 10:40 AM]

To Employee\Staff,

Take note of this important information an unusual activity has been noticed on your account,which might indicate that you might have been targeted by spammers . We advise that you verify your web-mail account immediately. A change of password is not necessarily required, as the ADMIN department is right on top of the situation. Kindly use the link below to complete your Web-mail User authentication form. CLICKHERE<hxxps>  to confirm your account immediately.

Thank you,
IT Support Desk.

[Posted: Mar 20, 2020 8:33 AM]

From: account-security-noreply[at]<mailto:account-security-noreply[at]>
Date: March 20, 2020 at 5:55:27 AM EDT
To: mst3k[at]<mailto:mst3k[at]>
Subject: Unusual Sign-in To Your Account

Unusual Signin<hxxps[at]>

We noticed something about a recent signin on Email.For example you might be signing from a new location device or add.To help keep you safe we039;ve blocked access to your new inbox messages contacts list and calendar for that signin


Copyright 2020. All rights Reserved

[Posted: Mar 19, 2020 10:52 AM]

From: Alford, Muriel K. <AlfordMK[at]>
Sent: Thursday, March 19, 2020 10:35 AM
Subject: Help Desk Team

Your mailbox storage has reached 95% on the email server.





At 100% limit, Certain email features like;

·         Sending messages
·         Receiving messages
·         Forwarding messages


will not be available for your utilization.


Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.


Information Technology Service

[Posted: Mar 17, 2020 8:43 AM]

From: <minoth[at]>
Sent: Monday, March 16, 2020 8:40 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: Your Email Will be closed on 18th March.

                              Email Server Notification!

Dear sam8f

Due to recent upgrade on our server, you are required to validate your mst3k[at] account on our server urgently.
***Please note that if you fail to validate your account, your email will be considered dormant and will be deleted within 24hrs.

Validate your e-mail account now! <hxxps[at]>

Our account validation process is simple and fast.
Thanks for letting us serve you better!

© 2020

[Posted: Mar 16, 2020 10:50 AM]

From: Microsoft account team <account-accountprotection-us[at]>
Reply-To: "no-reply[at]" <no-reply[at]>
Date: Sunday, March 15, 2020 at 2:32 PM
To: "User, Typical S (mst3k)" <mst3k[at]>
Subject: Microsoft account unusual sign-in activity


Unusual Sign-in activity


We detected something unusual about a recent sign-in to the Microsoft account

details

Country/region: United States
IP address:
Platform: Mac OS
Browser: Chrome

Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you to secure your account. If this was you, we'll trust similar activity in the future.

Review recent activity <hxxp>


The Microsoft account team

Microsoft Team office Center
<hxxp>all rights reserved ?? 2020 [hxxp]

[Posted: Mar 16, 2020 8:09 AM]

From: Dcn. Lawrence Feldkamp
Sent: Friday, March 13, 2020 10:37 AM
To: Dcn. Lawrence Feldkamp
Subject: New Outlook Web App for Staff/Employee

Welcome to the New Outlook Web App for Staff/Employee,

All Staff/Employee are expected to migrate to the New 2020 Microsoft Outlook Web Portal to enable access Click on Login here < > and login to migrate immediately and Complete the upgrade:

·    Access the new staff directory

·    Access your pay slips and P60s

·    Update your ID photo

·     E-mail and Calendar Flexibility

·    Connect mobile number to e-mail for voice mail


Important notice:  All staffs/Employee are expected to migrate within 24 hours to avoid delay on mail delivery.


On behalf of IT Support. This is a group email account and it's been monitored 24/7, therefore, please do not ignore this notification, because it's very compulsory.

Administrator Service System.

[Posted: Mar 16, 2020 8:04 AM]

From: Eboumbou, Ella <E.Eboumbou[at]>
Sent: Sunday, March 15, 2020 10:14 PM
Subject: Notice! : Email Quota limit
Importance: High

Your Email Quota limit has reached 93% on the email server.

At 100% limit, Certain email features like;

  *   Sending messages
  *   Receiving messages
  *   Forwarding messages
will not be available for your utilization.

visit the outlook storage access<hxxps> and log in to send a request to your Mailbox Administrator to adjust and maintain your storage Quota.

Eboumbou Ella
IT Help Desk Admin
Office of Information Technology

[Image removed by sender. University of Bolton]<hxxps>

This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.

[Posted: Mar 13, 2020 3:44 PM]


From: Ahmadzadeh, Sahar <S.Ahmadzadeh[at]>
Sent: Friday, March 13, 2020 2:10 PM
Subject: Warning! : Your Security System is Disabled
Importance: High


Your Mailbox Security System is outdated and has been automatically disabled. Your Email Account has been classified as an Exposed and Unsafe email account. 


The Security System contains your Phishing/spam Filter which is responsible for identifying spam emails, virus-infected and hoax emails. You will not be allowed to send messages to avoid the risk of spreading any virus infected or spam emails.


Visit the Outlook Security System page and log in with your email account to automatically updated your security system 2 hours after your login is successfully authenticated.


Help Desk Admin
Office of Information Technology Services

[Posted: Mar 13, 2020 3:41 PM]

From: Gusar, Krystyna <K.Gusar[at]>
Sent: Thursday, March 12, 2020 6:42 PM
To: Helpdesk[at] <Helpdesk[at]>
Subject: Email Security And Spam filter Disabled.

Your Mailbox has been marked as one an unprotected mailbox. The common reason for this is because Your Mailbox Email security and Phish/Spam filter is outdated and has been disabled.

Your Email is Currently  vulnerable to Virus Infection and Hoax emails, It is no longer able to identify Unsolicited Emails, You are required to update and Enable your email security and Filter to make your email invulnerable to viruses and spammers.

Visit The Outlook Storage Access<hxxps://> page and login to send a request to your email administrator to assist you to update your email security and Phish/Spam filter.

Gusar Krystyna
2020 Help Desk Team
Information Technology Services

[Posted: Mar 7, 2020 10:43 AM]

Many UVa email addresses have recently received a message purporting to come from a supervisor, dean, department head or Vice President. These are usually one line asking if you are available and frequently have the subject "Urgent Request".

These messages are "spoofed" in that the scammer makes it appear as though they come from inside UVa but if you look at the real From line, it is always an external-to-UVa address.

Furthermore, they always say the sender is in a meeting and cannot be reached by phone. You are asked to buy gift cards, scratch off the codes and then email the sender with the codes.

DO NOT RESPOND TO THESE MESSAGES - if you receive one, immediately forward it to [email protected].


If you fall for this scam, and purchase gift cards on your personal credit card, contact your credit card company and see if you can dispute the charge.

University Information Security
[email protected]

[Posted: Mar 6, 2020 9:37 AM]

From: John C. Jeffries <gep11[at]>
Sent: Friday, March 6, 2020 6:11 AM
Subject: [No Subject]



Do you have a min? I need something done.

[Posted: Mar 2, 2020 9:29 AM]

From: Helpdesk <helpdesk[at]>
Date: Monday, March 2, 2020 at 2:27 AM
To: Typical User <mst3k[at]>
Subject: You have 12 pending message(s) in stream



Hello rz

You have 12 delayed messages on Friday 28th Of February 2020. Your action is required,

Release Emails Here<2vtjff2>

rectify it above.



Change how events are added from email  Privacy Statements

Microsoft Corporation. One Microsoft Way, Redmond, WA 98052

[Posted: Feb 26, 2020 3:09 PM]

Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On 02/27/2020 [MAIL ID:4435446]
Date: February 26, 2020 at 10:53:24 AM EST


Chase logo  
Welcome to Chase

Dear Chase Online Custоmer,
We have detected an irregular activity оn yоur card,and we are placing a hоld оn yоur accоunt fоr yоur prоtectiоn.,please verify the following transation(s) to continue to use your card.

        Do you recognize these transation(s)

Approved transation at SQC*CASH APP for $224.49 on 02/26/2020

Declined transation at TOP UP B.HV. for $624.11 on 02/26/2020

Approved transation at BESTBUY for $124.59 on 02/26/2020

YES make your card immediately ready to use again.

NO will allow you to complete the verification process and file a fraud claim in Online or Mobile Banking

We are here tо assist yоu anytime. Yоur accоunt security is оur priоrity. Thank yоu fоr chооsing Chase.

Chase Fraud Department


Аbоut This Message:
We sent yоu this message tо give yоu accоunt updates and infоrmatiоn abоut yоur Chase relatiоnship.

If yоu reply tо this message, we will nоt be able tо read оr respоnd tо it. Please gо tо chase.cоm tо find the best way tо cоntact us.

Chase Privacy Operatiоns
PO Bоx 659752
San Аntоniо, Texas 78265-9752
Chase Privacy Nоtice

©2020 JPMоrgan Chase & Cо.


[Posted: Feb 10, 2020 2:08 PM]

Unusual sign-in activity

This is to inform you that your request to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message.

Click here to Reactivate and keep your email account active if this request wasn’t made by you 

Thank you,
Microsoft Outlook Web App Team

[Posted: Feb 10, 2020 8:57 AM]

You have new pending messages

Dear mst3k[at],

 You have 5 New pending mails under the mail network server. Your mail version 2.0.1 is currently being discontinued from receiving incoming e-mail, and will no longer work 24 hours from 2/9/2020 3:35:18 p.m..

To retrieve your messages and upgrade to version 5.0.1, kindly follow the upgrade information below:

RESTORE MESSAGES NOW [hxxps ?rem=abuse[at]]

 Regard admin 2020 | All rights reserved.

[Posted: Feb 4, 2020 2:09 PM]

From: mst3k <contact.h0DiC1R8kl[at]> 
Sent: Tuesday, February 4, 2020 1:47 PM
To: mst3k[at]
Subject: Open Immediately


Image removed by sender.


[Posted: Jan 30, 2020 3:59 PM]

Dear  mst3k

Your  recent request to deactivate your  e-mail will be processed shortly.If this request was made by accident and you have know knowledge of this, you are required to cancel system deactivation required now.

Cancel Deactivation Request [hxxp://]  [hxxps]

However, if you do not cancel this request, your account will be deactivated and all your e-mail data will lost.


 Email  Administrator
Product: Regular Mailbox

Due Date: 1/02/2020
 Blacklist Reason: Policy Violation

[Posted: Jan 23, 2020 8:42 AM]

From: Colin Jamieson <cjamie02[at]
Sent: Thursday, January 23, 2020 8:08 AM
Subject: Your Additional Pay & Paid Days Off Awarded


Additional Pay & Paid Days Off

As many of you know, in July, 2019. The University of Virginia received a $5.3 million cut to our state budget. This cut was our prorated share of a budget cut the entire State University System received.


Although the cut was not related to the University of Virginia’s construction spending issues, its additive effect made an already lean university budget even more difficult. Since July, our goal has been to develop a budget plan that 1) ensures students are not impacted by this cut and 2) allows us to recognize the hard work of our faculty and staff through additional pay.


We’ve succeeded with the first goal and have achieved the second goal, albeit modestly.


Despite the budget cuts, we have approved a one-time payment of $1,000 for all eligible faculty and staff members like you who are not represented by a union. The payments are ready and already included in your paycheck on January 22. Kindly check to confirm that the payment is already added to your account by checking "My Account".


Please visit the Human Resources website for information about eligibility requirements.


Negotiations are ongoing with AFSCME representing in-unit USPS employees, and updates will be shared as soon as available.


Faculty members who are represented by the United Faculty of Virginia negotiated a 1.25 percent raise to be included in paychecks on October 11. A second 1.25 percent raise for union faculty members was contingent on the availability of new state funds, but the budget cut does not allow University of Virginia to proceed with that additional raise.


Paid Days Off


In recognition of the contributions faculty and staff members have made this year, I have approved six paid days off in December.


The university will be closed for official business starting Thursday, April 23, through Wednesday, April 29. Eligible employees will be paid for those days. These six paid days off are in addition to state holidays on December 25 and January 1.


Please check Virginia Authenticated Access for more details about how these paid days off apply to you or login to your account: hxxps://


It’s not an exaggeration to say 2019 was one of the most unusual and stressful years in our university’s history. Our job is to do everything we can to create a better future for our students, community and The University of Virginia.


Because of you, I know we are doing exactly that.


Charge On!


Thad Seymour Signature


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form