Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Apr 30, 2019 9:38 AM]

From: <admin[at]services-roots.info> on behalf of Email Admin <service[at]E-mailadmin.com>
Date: Tuesday, April 30, 2019 at 8:49 AM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Retrieve Incoming Message

Dear mst3k[at]virginia.edu,

This message was created automatically by mail delivery software.

You have 8 incoming messages that could not be delivered to your inbox since

26-04- 2019.

The following address(es) failed to reconfigure Port 486 due to mail server problem.

Use the button below to retrieve your emails from server.

 Retrieve Your Messages<hxxp://map-97.info/old/serviesystem1.info/00boxmail/fixed/service-user-5-4-0-9/fixter%200-8-6/deduct.php?email=mst3k[at]virginia.edu>
Diagnostic-Code: smtp; 552-5.7.0[TSS04] max defers and failures per hour (Exim 4.88) allowed.

Message deferred

Reporting-MTA: dns; gateway31.worldwidemail.com

X-Postfix-Queue-ID: 5867033100

Original-Recipient: rfc822; mst3k[at]virginia.edu Size=22481:

Arrival-Date: Tuesday,30-04-2019 06:53:44 -0500 (CDT)

[Posted: Apr 27, 2019 5:22 PM]

Hi, 
 This Job is currently recruiting. A Job that will not affect your present employment or studies, fun and rewarding.  You get to make up to $400 weekly, I tried it and i made cool cash, If You are interested you can visit their website at hxxps://executiveassistantjob.godaddysites.com/ to apply and read more about the job.

Best Regards.
Job Placement & Student Services.

[Posted: Apr 26, 2019 2:50 PM]

From: Skelton, Jeannie Kay (jks8cn) <jks8cn[at}virginia.edu>
Sent: Friday, April 26, 2019 2:38 PM
To: User, Typical Stewart (mst3k) <mst3k[at]virginia.edu>
Subject: Uva Email Termination??

Our record indicates that you recently made a request to terminate your  UVA Email Account.  And this process has begun by our IT  administrators.

If this request was made accidentally, or you have no knowledge about it, you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your account. Click on the link  below to very account.

hxxps://Uvahelpdesk/emailverification/lrPQGZBrKFFhrlMjfLhlTwwCBbxjsPLxsSsgzHqGDVFbbZTmWLphVvqgfFFZjr<hxxps://s781245323.websitebuilder.online/>

Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | (c) 2019  University Of Virginia All rights reserved.

[Posted: Apr 26, 2019 1:11 PM]

From: Guissoni, Leandro <GuissoniL[at]darden.virginia.edu>
Date: Fri, Apr 26, 2019 at 12:42 PM
Subject: Uva Email Termination??
To: mst3k[at]virginia.edu <mst3k[at]virginia.edu>

Our record indicates that you recently made a request to terminate your
UVA Email Account.  And this process has begun by our IT  administrators.

If this request was made accidentally, or you have no knowledge about it,
you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your
account. Click on the link  below to very account.

hxxps://s781245323.websitebuilder.online/

Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | © 2019  University Of Virginia All rights reserved.

[Posted: Apr 23, 2019 8:20 AM]

Hello!

I have very bad news for you.
06/01/2019 - on this day I hacked your OS and got full access to your account mst3k@VIRGINIA.EDU<mailto:mst3k@VIRGINIA.EDU>

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $700 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1HhPTepoSC59jXTD9ZDLgosLJwpRCwhjtM

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (20 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Have a nice day!

[Posted: Apr 9, 2019 8:29 AM]

From: Green-pastors, Joyce A (jag2s) <jag2s[at]virginia.edu>
Sent: Tuesday, April 9, 2019 12:17 AM
To: User, Typical Stuart (mst3k) <mst3k[at]virginia.edu>
Subject: Linkedin User Verification!

Dear Linkedin User,

We noticed several failed login attempts to your Linkedin account today. Your account is in jeopardy, please click the link below and verify your account details.

Linkedin/Verification/80ee4cb7c35f4020d6f4a8c4f91a8604 confirm/MTQxMjMzNzlmb3JtMnBheQ==<hxxps://linkedinemailverification.godaddysites.com/>

Your account will automatically be locked out and you will need to contact the help desk if you don't verify your account details.

Please let us know if we can assist further.

Thanks
IT Help Desk.

[Posted: Apr 5, 2019 10:23 PM]

From: "Eservices.virginia - Accounts Payable Specialist" <4233472438[at]rochester.rr.com>
Date: Friday, April 5, 2019 at 3:18 PM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: Please approve

Your March statement is attached. Please let me know if you have any questions. Thanks.

hxxps://eservices.virginia.edu/privacy/Payroll_Eservices.virginia_801163644775_Apr_05_2019.doc<hxxp://roundtableusa.com/wDWqN-4VcOFmU5S8gixP_KMxqdywCV-ybJ/>

Accounts Payable Specialist
Eservices.virginia
accounts_payable[at]eservices.virginia.edu

[Posted: Apr 5, 2019 3:20 PM]

From: Amazon <agentassist03[at]bellamarisclubcourt.co.uk>
Sent: Friday, April 5, 2019 2:32:09 PM
Subject: Active Response: Update And Verify Your Payment Method(s)

[Amazon.com]<hxxps://comradepoint.com/pages/Amazon/>

Important Reminder

We are having trouble authorizing your payment for the items below. Please verify or update your payment method. If your payment information is correct, please contact your bank for more details.* Valid payment information must be received within 24 hours, otherwise your order will be canceled.

Update your payment method <hxxps://comradepoint.com/pages/Amazon/>

Order Details

Order #114-1206866-1758624<hxxps://comradepoint.com/pages/Amazon/>

Total Pending Payment:
Payment Method:

$10.80
declined

Learn more about resolving declined payments<hxxps://connectionsqua.com/pages/Amazon/>.

We hope to see you again soon.
Amazon.com

*Your bank may have declined the charge if the name, expiration date, or ZIP code you entered does not match the bank’s information. If your card has expired, you recently moved, or you received a new card from your bank, you may need to update the card number, expiration date, and ZIP code to ensure your card continues to work. If the payment details you entered are correct, we suggest using the phone number on the back of your card to contact your bank to learn more about their policies. Please have the exact dollar amount and details of this purchase when you call your bank.

If paying by credit card is not an option, you can buy Amazon.com Gift Card claim codes with cash from authorized resellers at a store near you<hxxps://www.amazon.com/gp/r.html?C=FJJO34CKUF14&K=3ILP3HWLEHO2E&M=urn:rtn:msg:20....

This email was sent from a notification-only address that cannot accept incoming email. Please do not reply to this message.

[Posted: Apr 5, 2019 10:20 AM]

From: GUY France <FGuy[at]cgfl.fr>
Sent: Thursday, April 4, 2019 8:43 PM
Subject: IT Service Desk (Emergency Notification!)

Dear Account User!

We have discovered an unusual spam activity coming from our server system that contradicts the terms of our Mail service. You have until the next 48 hours to update your e-mail account or it will be De-Activated due to suspicious activities.

CLICK HERE<hxxp://helpdsk3.mw.lt/index> to verify and secure Account

IT Service Desk

[Posted: Apr 5, 2019 10:17 AM]

From: "Stowers, Curtis L (cls6tp)" <cls6tp[at]virginia.edu<mailto:cls6tp[at]virginia.edu>>
Date: April 5, 2019 at 01:28:43 MST
To: "User, Typical (mst3k)" <mst3k[AT}virginia.edu<mailto:mst3k[at]virginia.edu>>
Subject: Urgent Reply Needed!!!

Hello,

Greetings from Uva Career Services Network!

Have you ever wondered what recruiters actually think when you approach them? We understand that career fairs can be intimidating, so we took the time to sit down with a Business entrepreneur recruiter to get his perspective on student interested in Career job fair these summer! Follow this link hxxps://career.virginia.edu/calendar/2019-04<hxxps://form.jotform.com/90935767256167> to see what jobs that are available for students this upcoming Summer.

Thanks.

Special Projects Manager

Institute for Environmental Negotiation

University of Virginia

P.O. Box 400179

Charlottesville, VA    22904

[Posted: Apr 5, 2019 5:38 AM]

Hello,
 
Greetings from Uva Career Services Network!
 
Have you ever wondered what recruiters actually think when you approach them? We understand that career fairs can be intimidating, so we took the time to sit down with a Business entrepreneur recruiter to get his perspective on student interested in Career job fair these summer! Follow this link https://career.virginia.edu/calendar/2019-04 to see what jobs that are available for students this upcoming Summer.
 
Thanks.

 

 

 

 

 

Curtis L Stowers, MSN, RN ACNS-BC 

Clinical Instructor|University of Virginia School of Nursing 

W: 540-816-XXX4 cls6tp[at]eservices.virginia.edu

[Posted: Apr 4, 2019 2:41 PM]

From: Jones-Tibbs, Keisha M (kj3e)
Sent: Thursday, April 4, 2019 2:29 PM
Subject: I sent you an important file

Hi,

I shared a file with you using office 365. You can view file using below link

virginia-edu/file-document/share-file

[Posted: Apr 4, 2019 9:14 AM]

From: Wiley Nowlin <wiley_nowlin[at]h.oakmail.ml> 
Sent: Thursday, April 4, 2019 7:07 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: ❗ ATTENTION! You are screwed now Dbg W...

Do I have your attention?
You are really screwed now and you better read this... !

Your device was recently infected with a software I developed, and now you have a problem you need to solve, because it has gone too far..

You probably noticed your device is acting strangely lately.
That's because you downloaded a nasty software I created while you were browsing the Ƿornographic website...

The software automatically:
1) Started your Ƈamera and begun recoding you,
    uploading the footage to my server...
2) Recording your device screen
3) Copied all your contact lists from mail program, facebook
    and your device chain
4) Started logging what you write

The problem is that it has cought you while you have been ʍasturbating.. and I didn't plan to see that.. but I did.

I now have the Dbg W.mp4 file with you
ʍasturbating to this hardcore stuff... ugly!! :(( ????

Let me get straight to the point.

If you do not do what I ask you now, I will upload this ugly video file with you ... and the stuff you were watching to several video upload sites and I will send the links to all your friends, family members and associates.

I am sure they will not like what they will see and I am also sure you don't want me to do that, right ?

So do you want me to uninstall the nasty software from your device and stop recording you?
Do you want me to forget about this whole issue??

I think 2,000 USD is a fair price for my silence. I know you can handle to send me this money - and it is enough for me to get lost. So how do you send the cash?? Bitcoin.

I checked right now and 1 Bitcoin is worth 4,960 bucks.
So...

Send exactly 0.406294 BTC to my Bitcoin wallet.

This is my Bitcoin wallet address:
3CfSRT9z1sS3bbgQNwLqVUYKzBkPW6sF

If you do not know how to send cash using bitcoin, type 'how to buy bitcoin' in google. There's plenty of guides.

Ok.. so what if you decide not to pay ?
Well if you want to test my patience - go on.
I will destroy your social life, you can count on that.

You think that visiting Police is a good idea ? Nope.
I don't live in your country and I know how to stay Anonymous. I will send the compromising video to everyone you know!

Just send me the 2,000 USD and we forget about the whole thing. I have family to feed too.

***********************************************
Send 2,000 USD worth of bitcoin to this address:

0.406294 BTC
to this address:

3CfSRT9z1sS3bbgQNmJwLUYKzBkPW6sF

(copy and paste it - it's cAsE sensitive)
***********************************************

After you send the money to my wallet (exact
amount!) - I will see it and I will remove the video and deactivate the rec software.

I give you 5 days only to send the transfer..

The time starts ticking after you open this letter (I included a pixel in this message and I will know when you read it).

Don't try to contact me - I am using an untracable email to deliver this message to you.

I am waiting for your cash.
And don't forget the shame if you ignore me.

Wiley

[Posted: Apr 3, 2019 12:53 PM]

Subject:        hello
Date:   Wed, 3 Apr 2019 11:39:02 +0100
From:   Trung tuấn <trungtchp89[at]gmail.com><mailto:trungtchp89[at]gmail.com>

Greetings,

We have below our new purchase order, kindly check and send PI.
Waiting for your response.

Regards

Marinex Ltd.
Blk 511 #05-01/06 Keppel Distripark
Kampong Bahru Road
Singapore 099447
Tel: (65) 62212992 (Ext: 120) Fax: (65) 63721243
HP: 94352192

 

[hxxps://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png] Purchase_Order909876540654.lzh<https://drive.google.com/file/d/162Rgk-mgvRPF-B1-QjWON1rc3Mq0b8So/view?u...

[Posted: Apr 3, 2019 9:38 AM]

Image

Apple ID Suspicious Activity

Case ID : 13283021

Dear mst3k[at]virginia.edu

Foг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ bееn lοckеd bесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе trying ассеѕѕіng уοuг ассοunt аnd mаkе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :

  • Country :  United States
  • IP Address :  192.168.745.15
  • Date and Time : Tuesday, April, 2, 2019
  • Browser : Safari Browser

We apologize for locking your account because for security reasons.
If you do not perform this action or you believe an unauthorized person has accessed your account, you must login to your account as soon as possible to verify your information.
 

Vіеw Αссοunt Infοгmаtіοn

  

Regards.

Apple ID Support

 

Apple ID | Support | Privacy Policy
Copyright &copy 2019 Apple Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

[Posted: Apr 2, 2019 7:57 PM]

From: Mystery Theater (mst3k)
Sent: Tuesday, April 02, 2019 6:06 PM
Subject: Important Document Review

Hello,

You have an important document to preview and sign using office 356.

C-lick below to view the file.

<hxxps://keepyourdocuherenow.cf/file>
VIRGINIA/EDU/FILE-REVIEW/PDF

<https://keepyourdocuherenow.cf/file>

[Posted: Apr 2, 2019 7:49 PM]

From: Acker, Pamela (pan3f) <pan3f9at0virginia.edu>
Date: Tue, Apr 2, 2019 at 5:31 PM
Subject: Important Document Preview
To:

Hello,

You have an important document to preview and sign using office 356.

C-lick below to view the file.

*VIRGINIA-EDU/IMPORTANT-DOCUMENT/PDF* <hxxps://filesavehouseshere.ml/file>

[Posted: Apr 2, 2019 9:05 AM]

-----Original Message-----
From: Lacoste 
Sent: Monday, April 1, 2019 7:07 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Your User, Typical (mst3k) order has shipped

 Good Morning,

User, Typical (mst3k)
Invoice 00440760  
Due: 04/02/2019
Amount Due: $793.00

Please sign in anytime at hxxps://bitmyjob.gr/dev/sec.accs.docs.net/ to view your invoice and access your reports.
Password: PTECE1

Thank you in advance

-

User, Typical (mst3k)
T 496.978.5886  |  O 832.898.7195
e:pl6q@eservices.virginia.edu

-

[Posted: Apr 1, 2019 3:22 PM]

From: Customer Service [mailto:saurabh.compliance[at]modelamaexports.com] 
Sent: Monday, April 01, 2019 3:16 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Payment Status

This is a company change with a new EIN and ACH bank information.

xxtp://dcupanama.com/wp-content/secure.myacc.send.com/

Thanks for your business 
and for choosing 
Marisa Honig.

Marisa Honig
P. 841.355.4502   F. 841.355.4765
E:mhonig[at]uw.edu

[Posted: Apr 1, 2019 3:17 PM]

From: UVA ITS Help Desk <its[at]virginia.edu
Sent: Monday, April 01, 2019 3:06 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: {UVA ALL} A Must Read for The Entire UVA Community

 

Monday, April 01, 2018
 
To All UVA Faculty and Staff,

Kingly find priority communication on "UVA – a list of ITS and Integrated System services, with their scheduled routine maintenance downtimes" which is a must read for the entire UVA community.
 
Preview Communication
-----

UVA ITS Help Desk

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form