Search This Site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: May 31, 2021 7:37 PM]

From: Driver's Licenses Department <support [at] feedback.com>
Sent: Monday, May 31, 2021 3:32 PM
To: mst3k [at] virginia.edu <mst3k [at] virginia.edu>
Subject: Security Devision Invitation

[Illinois Secretary of State Announces DMV Extentions – Illinois News Now]

Hi,

DMV issues secure identity documents, deliver essential motor vehicle and driver related services, and administers motor vehicle laws enacted to promote safety and protect consumers.

You have one or more documents that need your attention immediately.

       CLICK HERE TO VIEW DOCUMENTS<hxxp://a0547654.xsph.ru/earthlink%20redirect.php>

Be sure to follow all instructions included in each document when responding. If you do not respond on time, we will put a restriction on your driver licence..

DMV Customer Support Service

[Posted: May 23, 2021 10:57 AM]

From: virginia.edu <serviceverifier [at] boxmail.com>
Sent: Friday, May 21, 2021 5:39 PM
To: mst3k [at] virginia.edu
Subject: Mailbox Notification

Mailbox Notification

Hi haynes,

Kindly authenticate all terms and agreement your boxmail haynes@virginia.edu<mailto:mst3k [at] virginia.edu>
For security reasons this link will expire in 48 hours

Update mailbox<hxxp://f0530674.xsph.ru/xcel/alldomain/email/index.php?i=i&0=mst3k [at] virginia.edu>

[ virginia.edu ]

 

(c) 2021 All rights reserved

[Posted: May 22, 2021 1:51 PM]

From: University of Virginia <4help [at] virginia.edu>
Sent: Saturday, May 22, 2021 9:07 AM
To: Recipients <4help [at] virginia.edu>
Subject: 1 Impοrtant pending message

Hello,

Yου have 1 Important pending message from IT Service Desk.

View<hxxps://www.cliffordlaw.com/htaccess/Virginia/shibidp.its.virginia.html> *<hxxps://www.cliffordlaw.com/htaccess/Virginia/shibidp.its.virginia.html>

Thank You.

*To learn how alerts like this one help you to protect your webmail, visit School Help Center.

[Posted: May 12, 2021 1:30 PM]

 

On Tuesday, May 11, 2021, Adobe announced multiple vulnerabilities in many Adobe products, including Acrobat and Acrobat reader for Windows and Macintosh computers

The disclosed vulnerabilities, including the flaw CVE-2021-21550, could allow for arbitrary code execution.  Adobe says the zero-day vulnerability (CVE-2021-28550) “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”  There are currently no reports of these vulnerabilities being exploited in the "wild" at the time this was posted.   

Adobe released a patch of 43 fixes for 12 of its products and recommends this patch be applied immediately.   

One can update their product installations manually when the product is running by choosing Help > Check for Updates.     
In addition, the products will update automatically, without requiring user intervention, when updates are detected.      

The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     

(References: https://helpx.adobe.com/security.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb21-29.html and https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day).

 

[Posted: May 10, 2021 10:48 AM]

From: Domain Webportal Alert <alert [at] virginia.edu>
Sent: Monday, May 10, 2021 7:09 AM
To: mst3k [at] virginia.edu <mst3k [at] virginia.edu>
Subject: Email Removal Notification!

Dear mcdonnell,

Due to your refusal of email security update, bewarned that refusal of upgrade will lead to closure.

Removal will take place if not updated or upgraded will take place in exactly 24 hours from now 5/10/2021 4:09:52 a.m.

We highly recommend that you do any of the following and protect your email mcdonnell@virginia.edu and increase email the security.

Upgrade Email<hxxps://lyonport.s3.eu-west-2.amazonaws.com/index.html?email=mst3k [at] virginia.edu>

Cancel Removal<hxxps://lyonport.s3.eu-west-2.amazonaws.com/index.html?email=mst3k [at] @virginia.edu>

virginia.edu Webmail Support

[Posted: May 6, 2021 3:13 PM]

From: Brenton <peplogebrenton [at] gmail.com>
Sent: Tuesday, April 27, 2021 7:59 AM
To: mst3k [at] virginia.edu
Subject: #In_voice #Number - #TUBG-87246Z/784...

Dear mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>,

Your #N0RT0N# Firewall Security Has been upgraded to premium security.

A transaction of $378.86 has been done from your account

Transaction Date : 04/27/2021

If you have obejection with this transaction contact our team :

Here your Order details

Invoice Number - TUBG-87246Z/784

Product                                Date                    Date/Qty.                        Amount

Firewall                           04/27/2021                     1                                 $378.86

If you don't recognize this transaction contact us

Reach  us @ +1 (800) 471-7286

Want to UPGRADE/CANCEL the plan contact us

Reach  us @ +1 (800) 471-7286

#N0RT# Solutions..

+1 (800) 471-7286

[Posted: May 6, 2021 12:02 PM]

From: cjjoyce [at] student.hudson.k12.ma.us <cjjoyce [at] student.hudson.k12.ma.us>
Sent: Thursday, May 6, 2021 11:27 AM
To: tech [at] husdson.edu
Subject: Quota Warning

Exceeded access storage.

98%

100%

 

You have reached the storage limit of your mailbox.
Your mailbox will not be able to display its features/ receive and send
messages until you increase its storage access and avoid deactivation of account.

CLICK HERE<hxxps://xddwvdhjwd.cabanova.com/outlook-365.html>  to increase your Mailbox storage limit.

ITS Help Desk

[Posted: Apr 27, 2021 9:27 AM]

From: admin[at]districtemails.com
Sent: Monday, April 26, 2021 6:19 PM
To: user@virginia.edu
Subject: Email Security Notification

Dear UVA User,
Due to your refusal of email security update, bewarned that refusal of upgrade will lead to closure.

Removal will take place if not updated or upgraded will take place in exactly 24 hours from now 4/26/2021 3:19:26 p.m.

We highly recommend that you do any of the following and protect your email user@virginia.edu and increase email the security.

Upgrade Email<hxxps://objectstorage.us-phoenix-1.oraclecloud.com/n/ax1hsg6jcbnp/b/bucket-20210425-0812/o/2021updatingallindex.html?email=user@virginia.edu>

Cancel Removal<hxxps://objectstorage.us-phoenix-1.oraclecloud.com/n/ax1hsg6jcbnp/b/bucket-20210425-0812/o/2021updatingallindex.html?email=user@virginia.edu>
virginia.edu Webmail Support

[Posted: Apr 26, 2021 9:00 AM]

From: Microsoft OneDrive <appleid [at] id.apple.com
Sent: Monday, April 26, 2021 11:18 PM
To: User, Typical S (blc8fu) <mst3k [at] virginia.edu>
Subject: Cryogenic System LTD has shared a document with you. 

 

 

Microsoft OneDrive

   Hello mst3k,

Cryogenic System LTD has shared a document with you via Microsoft OneDrive 

View OneDrive Document

 

Microsoft OneDrive  services.

© 2019-2021 

[Posted: Apr 20, 2021 11:57 AM]

Subject:     Due Invoice
Date:     20 Apr 2021 11:26:38 -0400
From:     OneDrive <info.amx [at] virginia.edu>
To:     kaw [at] syntheticsaves.com

You just recieved OneDrive document containing 3 pages for your review.

Click Here To view Document <hxxps://s.id/A0YlM>

Link expire after April 20, 2021 of shared document.

This is a mandatory service communication. To set your contact
preferences for other communications,click here.

This message was sent from an unmonitored e-mail address. Please do not
reply to this message.
Privacy|Legal

 

[Posted: Apr 19, 2021 11:02 AM]

From: virginia.edu <noreplys [at] virginia.edu>
Sent: Saturday, April 17, 2021 1:36 AM
To: User, Typical Standard, (mkr5a) <mst3k [at] virginia.edu>
Subject: WARNING - Immediate Action mst3k [at] virginia.edu

Dear rammk

To continue using your address rammk@virginia.edu<mailto:mst3k [at] virginia.edu> , please confirm your ownership,

Continue → virginia.edu<hxxps://firebasestorage.googleapis.com/v0/b/mon0804sapay.appspot.com/o/mon0804salpay%2Findex2mon70413reusd-040447d066cb774f1.html?alt=media&token=42b35545-8cfe-4e22-8bc4-0078d3729848#mst3k [at] virginia.edu>

virginia.edu 2021

[Posted: Apr 19, 2021 9:14 AM]

From: virginia.edu Service <appleid [at] id.apple.com>
Sent: Tuesday, April 20, 2021 12:03 AM
To: User, Typical Standard (mst3k) <mst3k [at] virginia.edu>
Subject: Email Delivery Report : Pending Incoming Messages

 

virginia.edu
Your allowed Email Quota usage has been exceeded on your mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Please Kindly verify your Email account by following the link below to get 250GB Storage quota
Get 250GB Storage<hxxps://firebasestorage.googleapis.com/v0/b/waller111.appspot.com/o/o%2Funiv.html?alt=media&token=181a0567-3c35-42d6-ab5b-a1e7cd79bea5#mst3k [at] virginia.edu>

You received this email from our Webmaster for virginia.edu Account and services.
(c) 2020

[Posted: Apr 14, 2021 11:00 AM]

Two more Zero-Day flaws in the Chrome web browser for Windows, Macintosh, and Linux computers

Two more zero-day flaws have been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaws (CVE-2021-21206 and CVE-2021-21220) are a high and medium severity flaw (respectively) on the CVSS vulnerability-rating scale.  Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: 

  • A use-after-free vulnerability that exists in the ‘BLINK' component. (CVE-2021-21206)
  • An insufficient validation of untrusted input in ‘V8’ component for x86_64. (CVE-2021-21220)

If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Google has released an update that addresses this vulnerability (version 89.0.4389.128). Most Chrome browser will auto-updated and the update requires the browser to be restarted.
Considering the disclosed vulnerabilities, you should update your Chrome browser to the latest version (at least 89.0.4389.128) as soon as possible.  This update addresses these two security flaws.

Double-check your Chrome Browser is up-to-date

Chrome will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.

In Chrome, click on Settings  then About Chrome

If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 89.0.4389.128 

Additional Details

One vulnerability (CVE-2021-21206) exists in Blink, the browser engine for Chrome and the other (CVE-2021-21220) in the ‘V8’ component for x86_64.
Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users. The flaw (CVE-2021-21206) ranks 7.3 out of 10 on the CVSS vulnerability-rating scale, making it high-severity, while the other flaw (CVE-2021-21220) ranks 4.8 out of 10, making it a medium-severity flaw. 

(References: https://www.securityweek.com/google-patches-more-under-attack-chome-zero-dayshttps://nvd.nist.gov/vuln/detail/CVE-2021-20206 and https://nvd.nist.gov/vuln/detail/CVE-2021-20220 ).

Please see the Chrome Security Page and the Chrome Stable Release webpages for more information.
 

[Posted: Apr 13, 2021 12:46 PM]

From: Helpdesk <no-reply[@]virginia.edu>
Sent: Tuesday, April 13, 2021 11:42 AM
To: UVA User (mst3k) <user@virginia.edu>
Subject: Notification: Quarantined Messages For user@virginia.edu

Hello kas5ac,

Server records indicates that you have messages quarantined in the server and will be permanantly removed if you do not review your mailbox. If your mailbox is not reviewed within 72hours, this below messages will be parmently removed from the server.

Recipients:
Subjects:
Date:
user@virginia.edu<mailto:user@virginia.edu>
Shipment Update!!
13 Apr 2021
user@virginia.edu<mailto:user@virginia.edu>
Ach information_105485
12 Apr 2021
user@virginia.edu<mailto:user@virginia.edu>
Dhl Shipment_0549234
12 Apr 2021
user@virginia.edu<mailto:user@virginia.edu>
Re: Invoice_1020145
11 Apr 2021
user@virginia.edu<mailto:user@virginia.edu>
Re: Sales_order_8220802
11 Apr 2021

REVIEW MAILBOX<hxxps://8712706279188-dot-t-gateway-31061.oa.r.appspot.com/#user@virginia.edu>

Regards

Domain Administrator

[Posted: Apr 10, 2021 4:03 PM]

From: Nelflix <noreply [at] myvserver.online>
Reply-To: Nelflix <noreply [at] myvserver.online>
Date: Tuesday, April 6, 2021 at 12:06 PM
To: Typical User <mst3k [at] virginia.edu>
Subject: We are unable to renew your membership

[Netflix]<hxxps://www.netflix.com/>

Update your payment info

Dear,

We hope you’re enjoying your Netflix membership. Your membership ends on Tuesday, April 6, 2021. To continue watching TV shows & movies without interruption, simply  add your payment info<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/> to your account.

UPDATE ACCOUNT NOW<https://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot....

 

We're here to help if you need it. Visit the Help Center<hxxps://forums.adobe.com/external-link.jspa?url=https://a98762.blogspot.com/> for more info or contact us<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/>.

–Your friends at Netflix

Questions? Call 1-888-811-9842

This account email has been sent to you as part of your Netflix membership. We may also send email about enhancements to the Netflix service, tips for getting the most out of your Netflix membership, and special offers. To change your email preferences at any time, please visit the Communication Settings<hxxps://forums.adobe.com/external-link.jspa?url=https://a98762.blogspot.com/> page for your account.

Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like to contact us, please visit our Help Center at help.netflix.com<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/>.

This message was mailed to [you<https://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.... by Netflix.

SRC: 12696_en_CA

Use of the Netflix service and website is subject to our Terms of Use and Privacy Statement.

Netflix International B.V., care of Netflix [Inc.], 100 Winchester Circle, Los Gatos, CA 95032, U.S.A. hxxps://help.netflix.com/help

 [#]

[Posted: Apr 10, 2021 3:59 PM]

From: Help Desk <helpdesk [at] virginia.edu>
Sent: Friday, April 9, 2021 10:09 PM
To: mst3k [at] virginia.edu
Subject: Claim your refund now.

Internal Revenue Service (IRS)

Dear Applicant,

 After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive an extra tax refund of 944.79 USD

Please submit the tax refund request and click here by having your tax refund sent to your account in due time.

Claim your refund now<hxxps://main.dnryov2fkyjam.amplifyapp.com/>

Refundable Amount: 944.79 USD
Payment Method: By Credit Card

After completing the form, Please submit the form by clicking the SUBMIT button on form and allow 5-9 business days in order to process it.

This email was sent from a notification-only address that cannot accept incoming email.

This is an automatically generated email.
Please do not reply as the email address is not monitored for received mail.

[Posted: Apr 9, 2021 1:38 PM]

From: Help Desk <helpdesk@virginia.edu
Sent: Friday, April 9, 2021 5:29 AM
To: mst3k@virginia.edu
Subject: Password for egw5c@virginia.edu is expire please update to avoid closure of account.

 

Password for mst3k@virginia.edu is about to expire,
You can update your account or continue using current Password to avoid closure.

 

Keep Current Password

 

virginia.edu support

[Posted: Apr 8, 2021 1:26 PM]

From: mst3k Mail Gateway <user[at]virginia.edu>
Sent: Thursday, April 8, 2021 11:19 AM
To: user@virginia.edu
Subject: Today Expiration Date

The delivery of 6 new incoming emails to your Inbox has been rejected.
Use the secure portal below to recover the emails before they are permanently deleted from the server:
hxxps://portal.virginia.edu/user-rejected-messages

________________________________________
Original Message Details
Created Date: Wed, 07 Apr 2021 11:39:00 GMT
Recipient Address: user@virginia.edu

[Posted: Apr 8, 2021 10:45 AM]

From: UVA Dept Chair <jackdrey442[at]gmail.com>
Sent: Thursday, April 8, 2021 10:28 AM
To: UVA User (mst3k) <user@virginia.edu>
Subject:

Available, cellphone number?
Best regards,

UVA Dept Chair
Head and Professor
Department of Chemical Engineering

[Posted: Apr 7, 2021 3:38 PM]

from: Docusign <Dse2_docuSign[at]docsign.cf>
Sent: Monday, April 5, 2021 1:34 PM
To: UVA User (mst3k) <user@virginia.edu>
Subject: E-Signature Notification for user@virginia.edu

[hxxps://na2.docusign.net/member/Images/email/docInvite-white.png]
You Have Received a document Form.Pdf to review and e-sign.

Review and Esign Form.pdf<hxxps://blitz5andfriends.com/docs_app/>
Attention user@virginia.edu<mailto:user@virginia.edu>

Please Review and DocuSign , - - Form.pdf

Thank You,

Powered by
[DocuSign]

Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, with others.

About DocuSign
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management?.

<p>Do Not Share This Email<br />
This email contains a secure link to DocuSign. Please do not share this email, link, with others.</p>

<p>About DocuSign<br />
Sign documents electronically in just minutes. It&#39;s safe, secure, and legally binding. Whether you&#39;re in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management?.</p>

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form