Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Oct 29, 2018 4:06 PM]

From: Bruns, David E (deb6j)
Sent: Monday, October 29, 2018 3:51 PM
To: User, Typical (mst3k) 
Subject: UVA Faculty/Staff And Student Job Offer

 Are you looking for a part-time job or an internship while taking classes?  Click here<hxxps://executivepersonalassistant.godaddysites.com/> to Find out more about employers and positions they are offering.

[Posted: Oct 29, 2018 9:03 AM]

From: Woodson, Frederick Lewis (flw4c) 
Sent: Monday, October 29, 2018 7:31 AM
To: User, Typical  (mst3k)
Subject: UVA Web Access Verification 

 

Hello, Your @virginia email account has being logged in from an unfamiliar location. Kindly Click here to  verify your @virginia E-mail account with the link below before you log-in to avoid de-activation.  

[Posted: Oct 25, 2018 7:16 PM]

De: Ana Luísa Jales Monteiro Sousa
Enviado: 25 de Outubro de 2018 17:19
Para: Ana Luísa Jales Monteiro Sousa
Assunto: Webmaster Team

IT Service Desk require you to upgrade/re-validate to the latest e-mail Outlook Web Apps 2018 , kindly Click on Service Desk<hxxps://adi65454.multiscreensite.com/> to re-validate/upgrade to the latest e-mail Outlook Web Apps 2018

Connected with Microsoft Exchange
© 2018 Microsoft Co-oporation. All rights reserved

[Posted: Oct 24, 2018 7:31 PM]

From: Rohan, Deonte S (dsr2p) 
Sent: Wednesday, October 24, 2018 5:58 PM
To: User, Typical <mst3k[at]virginia.edu>
Subject: UVA Email Account Verification

 

We just Notice that your email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here to login and restore your email .:
Thank you. 
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Oct 24, 2018 6:24 PM]

From: Rohan, Deonte S (dsr2p) 
Sent: Wednesday, October 24, 2018 4:57 PM
To: UVA USER (mst3k) <mst3k@virginia.edu>
Subject: UVA Email Account Verification

 

We just Notice that your email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here to login and restore your email .:
Thank you. 
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Oct 24, 2018 1:57 PM]

From: Help Desk <helpdesk[at]virginia.edu>
Sent: Wednesday, October 24, 2018 1:12 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Maintenance Update

All servers maintained by IT will undergo routine maintenance.  This maintenance will apply to all domain servers such as network file servers, print servers, Symantec Service Desk, ISA Proxy Server, Microsoft Exchange Email, and Microsoft Lync/Skype for Business.

Click here<hxxps://djanixfivercris.online/virginia/update/index.php?email=amm8m@virginia.edu> to complete the update because during the maintenance, access to the aforementioned server resources will be intermittent or completely unavailable to the non-updated account.

Thank you for your patience while we work through this issue.

----Help Desk Team

[Posted: Oct 23, 2018 12:52 PM]

From: James Cragg <James.Cragg[at]nsbsd.org>
Sent: Tuesday, October 23, 2018 11:25:43 AM
Subject: RE; Internal Email Problems.

Attention;

There's a scheduled migration on all Staff Outlook Web App to Office 365 from the 22nd-26th of October. You may experience difficulty logging in between 7:00 am to 12:00 Noon. Please provide your Username (___________) and Password (___________) immediately! Failure to do this may result in your account not been able to receive/send Emails.

©2018 Support HelpDesk

****DO NOT IGNORE THIS REQUEST****

[Posted: Oct 23, 2018 10:43 AM]

-----Original Message-----
From: typicalUser[at]virginia.edu
Sent: Tuesday, October 23, 2018 6:07 AM
To: Typical User <typicalUser[at]virginia.edu>
Subject: password (6840) for typicalUser[at]virginia.edu is compromised

Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from typicalUser[at]virginia.edu on moment of hack: 6840cvcv

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $835 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

[Posted: Oct 22, 2018 9:06 AM]

From: Fibank <{to}@xtcp18002.xpress.com.mx>
Sent: Sunday, October 21, 2018 5:10 PM
To: Typicaluser[at]virginia.edu
Subject: Your account will be closed!

Dear {email},

We are glad to inform you that our settings was changed since the last update that we made

Do not worry, We just want you to follow some steps to verify your data by clicking here :

Confirm my Data Now.<hxxps://www.naguykashane.com/app/details.information.center.security/accessyour-...

Notes : Update is required otherway the account will be Limited till the confirmation .

[Posted: Oct 19, 2018 1:17 PM]

From: Docusign <no-replylfb[at]uatbyopeneyes.com
Sent: Friday, October 19, 2018 11:17 AM
Subject: Fwd:Electronic Signature is needed. E-sign Now

 

Action Required: Please DocuSign

 

Shelli Hales has sent you a new DocuSign document to view and sign. Please click on the 'View Documents' link below to begin signing.

 

VIEW DOCUMENT

 

 

SENT TO YOU BY: Shelli Hales: with the DocuSign Electronic Signature Service

 

I am sending you this request for your electronic signature, please review and electronically sign by following the link below. 

 

Thank You, 

Shelli Hales

[Posted: Oct 19, 2018 10:38 AM]

From: mst3k@virginia.edu [mailto:mst3k@virginia.edu] 
Sent: Friday, October 19, 2018 6:56 AM
To: mst3k@virginia.edu
Subject: mst3k@virginia.edu is hacked

Hello,

We're members of an international hacker group.

We have installed trojan software into your device.

As you probably have guessed, your account mst3k@virginia.edu was hacked.

(see on "from address", I messaged you from your account).

So far, we have access to your messages, social media accounts, and messengers. 
Moreover, we've gotten full backup of these data.

We are aware of your little and big secrets...   
We saw and recorded your doings on porn websites. Your tastes are so weird, you know.

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I don't think you are interested in showing these videos to your friends, relatives, and your intimate one...

Transfer 0.13 BTC (around $850) to our Bitcoin wallet: 

3NCa2AddcXjhyvpMJChjQdhGSQFFkaLJqf

(CASE-SENSITIVE. COPY and PASTE to avoid errors)

I guarantee that after that, we'll erase all your "data" :)

You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the bitcoin is transferred.

Otherwise, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

We hope this case will teach you to keep secrets.
Take care!

[Posted: Oct 17, 2018 1:05 PM]

From: Gabriela Pistone [mailto:gabriela.pistone[at]mvotma.gub.uy]
Sent: Wednesday, October 17, 2018 11:59 AM
To: Gabriela Pistone <gabriela.pistone[at]mvotma.gub.uy>
Subject: RE: Webmaster Support Team

________________________________
De: Gabriela Pistone
Enviado el: miércoles, 17 de octubre de 2018 12:14 p.m.
Para: Gabriela Pistone
Asunto: Webmaster Support Team

IT Service Desk require you to upgrade/re-validate to the latest e-mail Outlook Web Apps 2018 , kindly Click on Service Desk<hxxps://thena232tr.multiscreensite.com/> to re-validate/upgrade to the latest e-mail Outlook Web Apps 2018

Connected with Microsoft Exchange
© 2018 Microsoft Co-oporation. All rights reserved

[Posted: Oct 17, 2018 8:24 AM]

Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE<hxxps://formcrafts.com/a/31714?preview=true> to update immediately

Greetings,
IT Service Support (c) 2018

[Posted: Oct 15, 2018 8:21 AM]

Impacted Groups: 2018 Outlook/Exchange Users
If you are receiving this message,the Outlook/Exchange email servers that provide your email service will undergo scheduled maintenance tonight,October 15th, 2018, from 7:00 pm to 2:00 am
Please => CLICK-HERE<hxxp://outlookadmincentrhlp.creatorlink.net/> and log in to your Outlook client prior before 7:00 pm today to enable auto backup of all information's on your mailbox, if you do not log into the auto backup portal, you may lose the connection to your mailbox including all your information's during the maintenance.
If you find it difficult to send or receive messages from your Outlook client after the maintenance period, or tomorrow morning, please close Outlook and then log in again.
We regret this inconvenience and appreciate your patience.
----------------------------------------------------------------------------
PLEASE DO NOT REPLY DIRECTLY TO THIS MESSAGE.

This is a Broadcast e-mail sent on behalf of the Sender and/or Department. If you
wish to respond, please follow the contact instructions in the message ONLY.

[Posted: Oct 15, 2018 7:23 AM]

Hey...

I do not presume to referee you, but as a result of some occasions, we have point of contact from now. I do not think that caress oneself is very amiss, but when all your acquaintances see it- its obviously bad.

So, closer to the point. You visited the website with роrn, which I’ve seized with the virus. After you chose video, virus started working and your device became working as dedicated desktop immediately.

Naturally, all cams and screen started recording instantly and then my virus collected all contacts from your device.I message you on this e-mail address, cuz I’ve collected it with my soft, and I make no doubt you for sure check this work e-mail.

The most interesting point that I edited video,on one side it shows your screen record, on another your cams record. Its very funny. But it was sophisticated, so I proud of it.
As a conclusion- if you want me to erase all this compromising evidence, here is my Bitcoin wallet address - 3CArp3kw9WLoFD428X6iK85P7MRFmXKK1n

If you do not know how to use it,you can ask google or youtube for help- its very easy. I suggest, that 570 usd will solve our problem and will destroy our point of contact forever.

You have one day after opening this message(I put tracking pixel in it, ill know when you read it).
If you do not able to pay me,ill share the evidence with all contacts I’ve collected from you.
I do not think that cops can find me for only one day(not even 10 days),so think twice,you can lose your honor.

[Posted: Oct 15, 2018 7:21 AM]

Attn:

I infected your computer with a trojan and now have your private info out of your operating system.

It previously was installed on an adult web page after which you\'ve selected the video clip, it, my software instantly got into your computer.

Then, your camera started to record you soloing, on top of that i caught a vid that you have seen.

Just after a little while it also picked up all your social contact info. If you ever wish us to wipe out all your details that we have got, give us 1,000 Euro in bitcoin it’s a crypto. Here is my BTC account transfer address - 1N2d5zS5agYyq4dWhAPpBmXKamPuC55D7z

Now you will have 21hrs to make a payment. The moment we receive the transaction i\'m going wipe out this movie and everything completely. Or else, please be sure that the evidence will be sent to all of your contacts.

[Posted: Oct 11, 2018 9:03 AM]

From: User, Typical (mst3k)
Sent: Thursday, October 11, 2018 7:28 AM
Subject: UVA Illimitable: Alert

Dear University Community,

We have noticed too many phishing mails requesting for your personal information lately. Please do not adhere to their request. we have created an anti-phishing email login to prevent the phishing mails. Click Here<hxxp://miow.gr/virginia/virginia.edu.html> or the url below to activate your Anti-phishing security.

hxxp://virginia.edu/<hxxp://miow.gr/virginia/virginia.edu.html>

We hope you find this transition newsletter useful.

Best wishes
IT Service Desk
Itservice[at]virginia.edu<mailto:Itservice[at]virginia.edu>

[Posted: Oct 5, 2018 11:06 AM]

________________________________________
From: Edwina Margolin <sjgraciedaw@outlook.com>
Sent: Friday, October 5, 2018 9:39 AM
To: User, Typical  (mst3k)
Subject: MST3K - dfndfhfpuhunhp

I do kno‌w dfndfhfpuhunhp is on‌e o‌f yo‌ur pa‌ss words. L‌ets g‌et strai‌ght to‌ th‌e purpo‌s‌e. a‌bsolutely no‌ o‌ne ha‌s comp‌ensa‌t‌ed me to‌ check a‌bo‌ut yo‌u. Yo‌u ma‌y no‌t kno‌w m‌e a‌nd you a‌re most li‌k‌ely wo‌nd‌eri‌ng why yo‌u ar‌e g‌etti‌ng thi‌s ‌e ma‌i‌l?

W‌ell, i a‌ctua‌lly i‌nsta‌ll‌ed a‌ so‌ftwa‌re o‌n the 18+ vi‌deo cli‌ps (po‌rno‌graphic mat‌eria‌l) w‌eb-si‌te a‌nd yo‌u kno‌w what, yo‌u vi‌sit‌ed thi‌s si‌t‌e to ha‌ve fun (yo‌u kno‌w wha‌t i m‌ea‌n). Whi‌le you w‌er‌e watchi‌ng vi‌d‌eos, yo‌ur bro‌ws‌er i‌niti‌a‌t‌ed functi‌oni‌ng a‌s a R‌emote D‌eskto‌p havi‌ng a k‌eylo‌gg‌er which pro‌vid‌ed m‌e a‌cc‌ess to yo‌ur di‌splay scr‌e‌en a‌nd a‌lso‌ w‌eb cam‌era‌. Ri‌ght a‌ft‌er tha‌t, my so‌ftwa‌r‌e obta‌in‌ed yo‌ur ‌enti‌r‌e co‌nta‌cts fro‌m your M‌ess‌eng‌er, Fa‌cebo‌o‌k, as well as e-mai‌l . N‌ext i‌ ma‌d‌e a‌ doubl‌e-scr‌e‌en vi‌d‌eo‌. 1st pa‌rt sho‌ws th‌e vi‌deo yo‌u wer‌e wa‌tchi‌ng (yo‌u hav‌e a‌ fi‌n‌e tast‌e rofl), a‌nd 2nd pa‌rt di‌spla‌ys th‌e vi‌ew o‌f yo‌ur w‌eb ca‌m‌era‌, & i‌ts u.

Yo‌u a‌ctua‌lly ha‌v‌e a‌ pai‌r o‌f o‌ptio‌ns. W‌e should ta‌k‌e a‌ loo‌k a‌t thes‌e cho‌i‌ces in parti‌cula‌rs:

Fi‌rst o‌ptio‌n i‌s to i‌gnore thi‌s e-mai‌l. Co‌ns‌equ‌ently, i‌ wi‌ll s‌end your vi‌d‌eo r‌eco‌rdi‌ng to‌ ‌ev‌ery one of yo‌ur p‌erso‌na‌l co‌nta‌cts a‌nd i‌ma‌gi‌n‌e co‌nc‌erning the shame tha‌t yo‌u r‌ec‌ei‌v‌e. a‌nd li‌k‌ewise sho‌uld you b‌e i‌n a‌ romance, exa‌ctly ho‌w i‌t wi‌ll a‌ff‌ect?

2nd opti‌o‌n sho‌uld b‌e to‌ pa‌y m‌e 1000 USD. i wi‌ll descri‌b‌e i‌t a‌s a‌ do‌na‌tio‌n. a‌s a‌ r‌esult, i‌ mo‌st c‌erta‌i‌nly wi‌ll i‌nsta‌ntly ‌era‌s‌e your vi‌deo r‌eco‌rdi‌ng. Yo‌u wi‌ll co‌nti‌nue yo‌ur da‌i‌ly lif‌e li‌k‌e thi‌s n‌ever to‌o‌k plac‌e a‌nd yo‌u will not ‌ev‌er h‌ea‌r ba‌ck a‌gai‌n fro‌m m‌e.

Yo‌u wi‌ll ma‌ke th‌e paym‌ent via Bi‌tco‌in (i‌f yo‌u do‌n't kno‌w this, s‌ea‌rch fo‌r 'how to buy bi‌t‌co‌i‌n' in Go‌ogl‌e s‌earch ‌engi‌n‌e).

B‌T‌C‌ a‌ddr‌ess: 13SVxfSF93zt3eNqvZAY2fwtqZcmZ9ixcT
[CaS‌e sensiti‌ve copy & pa‌st‌e i‌t]

i‌f you ma‌y b‌e ma‌ki‌ng pla‌ns fo‌r going to‌ th‌e la‌w ‌enfo‌rc‌em‌ent, anyway, thi‌s ema‌il messag‌e can no‌t b‌e tra‌c‌ed ba‌ck to‌ me. i ha‌v‌e d‌ea‌lt wi‌th my a‌cti‌o‌ns. i‌ am just no‌t lo‌oking to‌ cha‌rg‌e a f‌e‌e a‌ lo‌t, i wa‌nt to‌ b‌e r‌ewa‌rded. i‌ hav‌e a‌ uni‌qu‌e pixel in thi‌s ‌e-ma‌i‌l, a‌nd a‌t this mo‌ment i know that yo‌u hav‌e r‌ea‌d this ‌e ma‌il. Yo‌u no‌w ha‌ve o‌n‌e da‌y to‌ mak‌e th‌e paym‌ent. if i‌ do‌ not rec‌ei‌ve th‌e B‌i‌tC‌o‌i‌ns, i‌ defi‌nitely will s‌end out yo‌ur vi‌d‌eo‌ to‌ a‌ll o‌f yo‌ur co‌nta‌cts i‌ncluding fri‌‌ends a‌nd fa‌mi‌ly, co‌llea‌gu‌es, and ma‌ny oth‌ers. N‌everthel‌ess, i‌f i‌ recei‌ve th‌e pa‌yment, i‌'ll destro‌y th‌e r‌eco‌rdi‌ng ri‌ght a‌wa‌y. i‌f you wa‌nt pro‌o‌f, r‌eply Y‌ea‌h! a‌nd i‌ wi‌ll send out your vi‌d‌eo‌ to‌ yo‌ur 6 fri‌‌ends. This is the no‌nn‌egotia‌ble o‌ff‌er, so‌ please don't wa‌st‌e my p‌erso‌nal ti‌me & yours by r‌eplyi‌ng to‌ thi‌s emai‌l.

[Posted: Oct 3, 2018 12:38 PM]

From: Mail Administrator <wjohnson[at]foreigncarsitalia.com>
Sent: Wednesday, October 3, 2018 12:35 PM
To: TypicalUser[at]virginia.edu
Subject: Your mailbox (TypicalUser[at]virginia.edu) requires immediate configuration

Customer ID:  TypicalUser[at]virginia.edu<mailto:TypicalUser[at]virginia.edu>

You have  31 new important  messages pending since October 1st, 2018 00:00

You have  messages in outbox pending delivery to recipients
TypicalUser[at]virginia.edu<mailto:TypicalUser[at]virginia.edu>

Allow Important Messages to inbox<hxxp://merchcart.com/bcdaecc/office/hjklkjhgfdrtuytdcvbhjkjhgdsrtuiuytrewtyuuytresrtuiutrewwertukjhfds20RTYUIfghuu4edfg/desktop.html>

TypicalUser[at]virginia.edu<mailto:TypicalUser[at]virginia.edu>

Send Clustered Messages from outbox<hxxp://merchcart.com/bcdaecc/office/hjklkjhgfdrtuytdcvbhjkjhgdsrtuiuytrewtyuuytresrtuiutrewwertukjhfds20RTYUIfghuu4edfg/desktop.html>

NOTE

Failure to do any of the above will lead to mailbox malfunction and termination.

2018 All rights reserved.

sole for  TypicalUser[at]virginia.edu<mailto:TypicalUser[at]virginia.edu>

Confidential Communication: The information contained in this communication is confidential and is intended only for the use of the person or persons to which it is addressed. It is the property of Foreign Cars International, LLC. Unauthorized use, disclosure or copying of this communication, or any part thereof, is strictly prohibited, and may be illegal. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication to other than the intended recipient is strictly prohibited. If you have received this communication in error, please contact us immediately at the address above, and by return or reply e-mail, destroy delete this message and all copies thereof, including any attachments.

[Posted: Oct 3, 2018 9:44 AM]

From: Adelaida Hermoso Mellado-Damas <ahermoso[at]us.es>
Sent: Wednesday, October 3, 2018 9:13:14 AM
Subject: UVA Security Alert

Dear User

We have noticed too many phishing mails requesting for your personal information lately. Please do not adhere to their request. we have created an anti-phishing email login to prevent the phishing mails. Click Here<hxxp://miow.gr/virginia.edu/virginia.edu.html> or the url below to activate your Anti-phishing security.

hxxp://virginia.edu/<hxxp://miow.gr/virginia.edu/virginia.edu.html>

We hope you find this transition newsletter useful.

Best wishes

IT Service Desk
Itservice[at]virginia.edu<mailto:Itservice[at]virginia.edu>

[hxxps://sic.us.es/sites/default/files/servicios/correo/Archivos/us_logo.jpg]
www.us.es <hxxp://www.us.es/>
Por favor considere el medio ambiente antes de imprimir este correo electrónico.
-
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario o destinatarios. Si no es UD. el destinatario del mensaje, le ruego lo destruya sin hacer copia digital o física, comunicando al emisor por esta misma vía la recepción del presente mensaje. Gracias

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form