Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jun 8, 2020 9:45 AM]

From: virginia.edu <eeheng.lhenc [at] gmail.com>
Sent: Thursday, June 4, 2020 3:57 AM
To: User, Typical  (mst3k)
Subject: Security Update

 

Server Notification

To keep your Email account safe, we recommend you add a recovery mobile number.

This is our new security measure.

Email: mst3k [at] @virginia.edu<hxxp  srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>
Password: *******  (Hidden for safety)
Recovery No: none yet

ADD RECOVERY NUMBER NOW<http://srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>

However, if you do not add your NUMBER, Your account will be
de-activated shortly and all your email data will be lost permanently.

Regards.
mst3k [at] virginia.edu Administrator

________________________________
This message is auto-generated from E-mail security server, and replies sent to this email can not be delivered. This email is meant for:  mst3k [at] virginia.edu<hxxp  srv88412.ht-test.ru/app/index.php?email=mst3k [at] virginia.edu>
abuse

[Posted: May 26, 2020 1:48 PM]

From: academic_recruitment_team-request[at]virginia.edu <academic_recruitment_team-request[at]virginia.edu> On Behalf Of Andrzej Lask
Sent: Tuesday, May 26, 2020 1:28 PM
Subject: [academic_recruitment_team] Singed Admin

 

Attention to all active Webmail User's please note that we are currently upgrading our Webmail account to 2020 Outlook kindly note that failure to visit <hxxps://cutt.ly/OyOCbOM> To Validate Your E-mail will be disable.

We are truly sorry for the inconveniences.

Singed Admin
Help desk
© 2020

[Posted: May 18, 2020 1:44 PM]

From: virginia.edu <ahm.soltan.201803256 [at] o6u.edu.eg>
Sent: Monday, May 18, 2020 6:31 AM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Your Account will be Shutdown Shortly

 

 

                    virginia.edu

Attention: jbd

Our record indicates that you recently made a request to shutdown your email
[email protected]  And this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

Cancel De-activation<hxxps u15753108.ct.sendgrid.net/ls/click?upn=AVNX0cDAOcd5wXELbHayASeLMv5mAmn2eiYvcKSAeJeU46IAdX95oZCbjLru2vZTdnE7QIv-2Bn1q8zcml29zqhvTFdKi7f3KCva00eaE5gFExUIZBcXwueX5qITthsTTzaeh1_OJXoE0uNxtdZpongyuBiNwJmqNOCL5auKWtvh8ap0RRMKOL0ZDizGwhIc-2Bh5EPBwFW8e-2BJPg22EODxZOzH6Q9fHwJaIJhA6z35GIvUjptqDpZOEWHl56N9znjqGhRKl3cJ6EeiFQjrfgtyxJ-2BqGtGHaPzh9IbTHicKeC02yhew4csGNZS1vzEOz1uPMKePIcqQrjR0JPvInIIcLDz8yEyA-3D-3D>

However, if you do not cancel this request,  your account will be shutdown shortly
and all your email data will be lost permanently.

Regards.
virginia.edu

________________________________
This message is auto-generated from E-mail security server, and replies sent to this email can not be delivered.
This email is meant for: mst3k [at] virginia.edu

[Posted: May 18, 2020 10:08 AM]

From: UVA Email <noreply [at] virginia.edu>
Sent: Friday, May 15, 2020 8:29 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Re-activate Email Quota

Dear: mst3k [at] virginia.edu

Your email account has exceeded its maximum disk quota allocated.

We require re-activation to continue using mail service.

Click to Re-activate<hxxp stomatology.spadentspb.ru//wp-includes/Text/englishupdate/index.php?email=mst3k [at] virginia.edu>

Storage Quota

[Posted: May 18, 2020 8:34 AM]

From: Support Center <supportcenter [at] virginia.edu<mailto:supportcenter [at] virginia.edu>>
Subject: Email delivery failed: Your have (8) new delayed messages blocked
Date: May 17, 2020 at 10:56:03 PM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

You have (8) new delayed messages since Thursday  14th    May 2020   at    09:15:00 AM (UTC).

Click here to read message virginia.edu!<hxxps garden.accesscam.org/don/serv/serv/netw/fin/?email=mst3k [at] virginia.edu>

Your action is required

Thank you

Email Administrator.

[Posted: May 13, 2020 3:54 PM]

From: virginia Email <service [at] virginia.edu>
Sent: Wednesday, May 13, 2020 2:05 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Attention

Attention: mst3k [at] virginia.edu

Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.

Upgrade Email Quota<hxxps californiasteelhomes.com/english/index.php?email=mst3k [at] virginia.edu>

Source: Email Administrator

[Posted: May 11, 2020 11:43 AM]

From: Brian Samet <Brian.Samet [at] student.ashford.edu>
Date: Monday, May 11, 2020 at 11:39 AM
Subject: IMPORTANT

Dear User, 

The Classic version of your Mail will be replaced by our new version today 11th (MAY) 2020. So it's time to upgrade, before you lose your email access. 

LOG-IN RESTORE!!

Protecting your information is important to us and we work continuously to strengthen our defenses against the threats targeting our Financial Institution.

Thanks for choosing Microsoft Office! Inc.®

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

For assistance, log in to your email! website and choose the "Help" link on any page.

Customer Service Email ID # 1009.

c 2020!, Inc. All rights reserveda

[Posted: May 11, 2020 8:21 AM]

On 5/10/20, 6:51 AM, "Alert" <alison.johnston [at] canterbury.ac.nz> wrote:

 

    I have very bad news for you.
    I hacked your device and got
    full access to your data and camera.

    I received your private data, include the photo and video.
    I want sent this files your friends as joke.
    If you want pervent this leak pay me bitcoin
    My wallet is 12vjUPTSGBCjPEMU3Uc2LxBaMFZBYXR
    Sunday, May 10, 2020 3:39 AM Hurry Up!
    I will be know that you read this mail)

[Posted: May 11, 2020 8:16 AM]

From: MICR0SOFT <noreply [at] office.com>
Sent: Monday, May 11, 2020 5:28 AM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Email Delivery System

Hello helpdesk

Here's your email review for the past week.     20 incoming messages    are currently hanging on your server because your storage memory is very low.
Kindy review these messages and increase your storage memory by clicking below to deliver these messages to your inbox.
Review My Messages<hxxp  u16133846.ct.sendgrid.net/ls/click?upn=1YP-2FJdozzLMPV6DkEn5KyS0-2BKRNp8F2i9Eu6I2KzwnzbXEhCp-2BNIvgrdVrerGQ2To12ux7otKIN87IruohRoOVBot8pExabXOBjVsgffYdqkfOTzeVYs-2BO1U-2FjZQdwUyp_2J_mmSH3NwRLcq30l-2BhLmilJGCwwBmVO2WQjob1EpJgNr-2FiaVL1JrplGiQeCpyf3ZNqGge7LwEf8fyURxlLjiq7g0zYKeUUf9dCG6U-2FMasOvziGyLIL8Hq-2F3HYq5tAIAF7RPe2Jja1WVP0OnkJeILrisAxfleToKcEKqQmsYIvWwZIaTCmd5LHGSOXI-2BbPp-2FGH-2B1iYSsrzD8o7GlCYDjv7F8tZISQlbDVldwHzXcsKkJto-3D>

Review generated for helpdesk [at] virginia.edu

Why did I receive this email?
Your email filtering service is provided by MICR0S0FT NETWORKING, INC. USA . This message review allows you to view and read your filtered emails.

[Posted: May 7, 2020 9:48 AM]

From: CHERKAOUI, Sara (LHUB-ULB) <Sara.CHERKAOUI [at] LHUB-ULB.BE>
Sent: Thursday, May 7, 2020 6:34 AM
To: CHERKAOUI, Sara (LHUB-ULB) <Sara.CHERKAOUI [at] LHUB-ULB.BE>
Subject: RE: Confirm request to close your email account

Dear user

According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you.

If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxps. helpdesks.simvoly.com/>. Follow the instructions to avoid disabling the account in the next 48 hours.

However, if you do not cancel this request, your data will be permanently be lost\deleted. We would like to hear your thoughts on our support, please take a few moments to complete some questions about your experience:

ICT Service Survey​<hxxps helpdesks.simvoly.com/>.<hxxps. email.tijuana.gob.mx/owa/redir.aspx?C=f1b788ea891d4d649fe1e15821dc6306&URL=hxxps%3a%2f%2fhelpdesks.simvoly.com%2f>

Regards,

HR Service Desk

Microsoft Exchange Administrator.

[Posted: May 4, 2020 1:12 PM]

From: "Dunsbee, Nicola" <Nicola.Dunsbee[at]courtauld.ac.uk>
Date: Monday, May 4, 2020 at 1:04 PM
To: "updates[at]mail.docusiign.com" <updates[at]mail.docusiign.com>
Subject: Xerox: Complete Document

You've received a document from a Xerox Scanner. It was scanned and sent to you using a Xerox Work Centre on Office 365.

Number of Images: 2
Attachment File Type: PDF

Device Name: Work centre 4605

For more information on Xerox products and solutions, please visit Xerox Service.

[Posted: May 4, 2020 8:32 AM]

Mail Quota: (98% Full)    
 

 
   Attention: mst3k[at]virginia.edu

Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.

Upgrade Email Quota

Source: Email Administrator

[Posted: May 2, 2020 6:46 PM]

From: Virginia Mail Team <auth.go9382[at]outluk.com<mailto:auth.go9382[at]outluk.com>>
Subject: Storage synchronization failure
Date: May 2, 2020 at 15:15:36 EDT
To: mst3k[at]virginia.edu<mailto: mst3k[at]virginia.edu>

This email was originated automatically from virginia.edu<http://virginia.edu>.

You have {5} undelivered mails clustered on your cloud due to low mailbox storage capacity,

We bring to your notice, approval from you to deliver messages and restore cloud storage.

Follow the instruction below to resolve issue and release pending messages to inbox.

MOVE MAILS TO INBOX <hxxp  likee-bike.shop//#mst3k[at]virginia.edu> CLEAN-UP CLOUD<hxxp:  likee-bike.shop//#mst3k[at]virginia.edu>

 

[Posted: Apr 30, 2020 10:30 AM]

ithelpdesk892[at]gmail.com has shared the following document:
 

Adjunct Evaluation .docx

 
 
 
 
Unknown profile photoDorothy Realname has shared a file with you
 
Open
     
     
     
 
     
     
     
Google Drive: Have all your files within reach from any device. 
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

[Posted: Apr 30, 2020 8:35 AM]

From: "it.helpdesk[at]virginia.edu" <it.helpdesk[at]virginia.edu>
Date: Thursday, April 30, 2020 at 2:59 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: New Restriction mst3k[at]virginia.edu Quota Update!!

Dear mlk4sf

Access to your mailbox is about to expire, We recommend
that you Re-validate your account to avoid the suspension.

Update Account<hxxps  aphroditenyc.com/update/index.php?email=mst3k[at]virginia.edu>

Update your email by Accessing your email account within 24hrs

Thanks

@ virginia.edu
Copy 2020

[Posted: Apr 28, 2020 9:30 PM]

Hello, 

The file for your review is attached below. 
You can contact me with any questions you have, do let me know. 

ATTACHMENT DOWNLOAD

Thank You

[Posted: Apr 27, 2020 6:21 PM]

From: IT Helpdesk <admin[at]virginia.edu>
Date: Monday, April 27, 2020 at 3:07 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: mst3k mailbox: New found messages in quarantine: 4 of 4

Some email messages have been "Marked as safe"
There are new messages in your Email Quarantine which have been marked safe. Move Messages to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu> as messages will be automatically removed from quarantine after 72 hours.
The following summary displays a maximum of the most recent quarantined block messages.
To see all quarantined messages view and move to inbox.

Quarantined email marked as safe to "Move to INBOX"

Recipient:
Subject:
date:
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
ACH Payment Advice $ 9,778.26
27 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
PO updates
26 Apr 2020
Move to INBOX<hxxps  xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
COVID-19: Funding and Resources
26 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
APC Invoice
26 Apr 2020
MOVE ALL messages to INBOX <hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>

Note: This message was sent by the system for notification only. Please do not reply

If this message is found in your spam folder, please move it to your inbox folder.

Important : Do NOT forward this message. Recipients of this message will be able to manage your quarantined messages and approve senders. For more information about this digest, contact your mail administrator.

[Posted: Apr 27, 2020 12:48 PM]

From: virginia.edu IT Center <richa.sharma[at]ashianahousing.com>
Sent: Monday, April 27, 2020 11:23 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Notification for virginia.edu April 27, 2020, 06:02 AM HDT

 

 

 

virginiasyuu9z.edu/owasyuu9z
Messasyuu9zges c8samwsent toqlkhfn youdkqev6 i71obzare nsgmz2on hold.
Messasyuu9zge dxaae4rate: Apruedrjril 27h56dnd, 20nkv9kp20, 08t2zk06:02 Az41zpuM HDT
Open Messasyuu9zge<hxxps arclowcty.org/per/?ver=bWI0ZHZAdmlyZ2luaWEuZWR1>
Some mwxpe5messages failed5p11n5 toqlkhfn loa8j02axd anlv75lgd cous6yjptld'nt bvo0z1le delivered.
Your notification email: mst3k[at]virginia.edu<mail:%7bemail%7d>
No emerg40mv4aency calls038fwu withismwp1 Skypea7icdp. Skypeyrehyg exy75gis nhafv1dot asyuu9z ll83b3replacement foue4hrwr kfs8fkyour tryo35kelephone anlv75lgd z74dhpcan't bvo0z1le ushyqlyped foue4hrwr emerg40mv4aency casyuu9zlling.

 Microsft

[Posted: Apr 27, 2020 10:24 AM]

From: <mst3k[at]virginia.edu> on behalf of Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Reply-To: Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Date: Sunday, April 26, 2020 at 1:57 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Bank of America Update - Alert: ID Confirmation Required

Bank of America Update
DEAR VALUED CUSTOMER.

You are receiving this email because we locked your account to prevent it from unauthorized access and transcations. Please confirm your Identity to unlock.

Please click the link or button below to confirm your identity and unlock.

 

Click to Confirm<hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e>

hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e

[hxxps assets.bravenet.com/common/images/elist/bottomshadowleft.png]
[hxxps assets.bravenet.com/common/images/elist/bottomshadowright.png]

[Posted: Apr 23, 2020 3:33 PM]

From: University of Virginia <crabtrek[at]purdue.edu>
Sent: Thursday, April 23, 2020 3:15 PM
To: csnews[at]cs.virginia.edu <csnews[at]cs.virginia.edu>
Subject: Payroll Schedule

You have 1 new Schedule Message

Click here to read<hxxps brp-mkt-prod1-t.adobe-campaign.com/r/?id=h27a89d6,190dc93,190dc9a&p1=cs1virginia2edu.blob.core.windows.net%2Fuytr%2Frrs.html%23>

© 2020 University of Virginia

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form