Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Nov 8, 2019 1:46 PM]
Subject: Re: URGENT REQUEST
Date: November 8, 2019 at 10:22:43 AM EST
I am in a meeting right now and I need your help with something urgent, and will be grateful if you can help me out with it as soon as possible.
[Posted: Nov 3, 2019 4:30 PM]
---------- Forwarded message ---------
Date: Sat, Nov 2, 2019 at 8:05 AM
Subject: Your operating system has been hacked by cybercriminals. Change
the authorization method.
I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I
Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.
Please don't try to contact me or find me, it is impossible, since I sent
you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a
complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.
You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I've never seen anything like
I did not even know that SUCH content could be so exciting!
So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your
relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...
I will not do this if you pay me a little amount.
I think $959 is a nice price for it!
I accept only Bitcoins.
My BTC wallet: 12hBxZ7mzn3LgT3SjS4tVefPBWCPt
If you have difficulty with this - Ask Google "how to make a payment on a
bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed
My virus will also will be destroy itself from your operating system.
My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your
And so that you do not obstruct me, your device will be locked (also after
Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have
already collected all your data).
Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter
your passwords on unsafe sites!
I hope you will be prudent.
[Posted: Nov 1, 2019 3:32 PM]
NOTICE :- You will lose your inbox and sent mail if you do not secure mailbox.
virginia.edu Technical Support
Use The attached to secure Mailbox
[Posted: Nov 1, 2019 12:28 PM]
From: Help Desk Support <gabrielle[AT]eircom.net<mailto:gabrielle[AT]eircom.net>>
Subject: Important e-mail notice
Date: November 1, 2019 at 11:37:13 AM EDT
Dear Account User,
Account Upgrade/Maintenance to all accounts.
We regret to announce to you that we will be making some vital maintenance on our database/accounts. During this process you may encounter login problems in signing into your account, But to prevent this you will be required to Re-validate your account immediately you receive this notification.
To confirm and to keep your account active during and after this process, you will have to Re-validate Now.<x-msg://11/webmailxxauthxlogonxaspmail2019xvalidationx2fowa2.moonfruit.com/>
Your account shall remain active after we have successfully confirmed and upgraded your account. Failure to do this shows your account is inactive and will be removed from our database to create space for new users.
We apologize for any inconveniences.
Copyrights ©2019 Webmail Technical Support. All rights reserved
[Posted: Nov 1, 2019 9:29 AM]
From: Azaoui, Myriam <[email protected]>
Sent: Friday, November 1, 2019 8:33 AM
Subject: RE: Technical Support
Our registration indicates that you recently requested to close your email account and this will be processed shortly.
If this request was made intentionally kindly ignore, otherwise cancel it by clicking ACCOUNT REACTIVATION<hxxps://itsupport.creatorlink.net/> to cancel it now and avoid account deactivation within the next 8days.
However, if you do not cancel this request, your data will be permanently lost\deleted.
Microsoft Exchange Administrator.
(c) copyright 2019
[Posted: Oct 24, 2019 8:25 AM]
From: NOURAH AL MUHANNA
Sent: Thursday, October 24, 2019 3:10 AM
Subject: System Administrator
Your request to deactivate your account is in progress. Your account is going to be Deactivated with-in 8 day(s). So please Re-validate your account as soon as possible if this request was sent in error, otherwise ignore.
To cancel deactivation please go to ACCOUNT RE-VALIDATION<hxxps://quotastorage.do.am/Re-validation.htm> --> confirm required account details --> click Re-validate.
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
[Posted: Oct 21, 2019 12:08 PM]
From: Vtext <stion[at]sent.at>
Sent: Monday, October 21, 2019 10:54 AM
Subject: V☏ICE Msg 888 274-8579
Sent by: (888) 274-8579
Access : Read Text<hxxps://goddialogklinikken.no/in6te> Or Listen to voice<hxxps://goddialogklinikken.no/in6te>
Powered by ⓜ i c r o s o f t
[Posted: Oct 16, 2019 3:32 PM]
Subject: Student pass – found
Recipients: Typical User (mst3k[at]virginia.edu) <+ 3 local accounts>
I found the ID pass of one of your students on the train line yesterday scanned - hxxps://dl1.onedrive-sn.com/?ozutadaggosocyamwixdciqaylixo
I?ll post it to the college today.
Head of Secretarial Services
[Posted: Oct 15, 2019 4:03 PM]
From: Eric Clarke <spares[at]chfm.com.au>
Sent: Tuesday, October 15, 2019 11:00 AM
To: User, Typical S (mst3k[at]virginia.edu)
As discussed, please see attached a copy of your documents, please can you sign and scan these back to me as soon as possible
Download form Microsoft OneDrive:
Please let me know if you have any questions
[Posted: Oct 14, 2019 5:53 PM]
A recent rash of emails to UVa users purports to come from your own account, as if it has been hacked, and demands payment in Bitcoin.
THESE ARE A HOAX.
Just delete them.
The scammer does NOT have control of your email, nor do they have incriminating videos. Because Internet email is an open protocol, the scammer can make it APPEAR as though the email came from you, to you. They can also make it appear as though they have control of your Sent mail folder. Again, this is a ruse.
You do not need to forward these scams (that usually start with "I have bad news for you") to IT-Security or Abuse.
[Posted: Oct 11, 2019 4:14 PM]
[Posted: Oct 9, 2019 12:05 PM]
From: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Sent: Wednesday, October 9, 2019 11:41 AM
To: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Subject: Re: NEW EMPLOYEE SERVICE
From: Marlene Matou
Sent: Wednesday, October 9, 2019 9:05 AM
To: Marlene Matou
Subject: NEW EMPLOYEE SERVICE
ALL STAFF ;
This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness. These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW EMPLOYEE SERVICE<hxxps://schedulepayroll.000webhostapp.com/> to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.
ITS Service Desk.
[Posted: Oct 9, 2019 8:41 AM]
You have new held messages
You have one or more new messages waiting. Some of these messages are listed below, as well as actions that can be taken:
This message (s) was blocked by your falconmsl.com administrator because of a validation error. After 7 days, the pending messages will be automatically deleted.
You can also manage held messages in your Personal Portal.
Fwd: MT 103 SWIFT from [email protected] [ANZ]
2019-08-26 06 :17 Release Block
anar, your Enterprise Plus August eStatement 2019-08-26 06 :17 Release Block
A & M Company (SWE40030) totaling $ 37060.65 - SE.SO-00005875 2019-08-26 06:17 Release Block
powered by:[[-Domain-]] Administrator
© 2003 - 2019
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents
[Posted: Oct 6, 2019 10:53 PM]
From: Charlotte Aiden <paula.goncalez[at]ufes.br>
Sent: Thursday, October 3, 2019 7:04 PM
Dear user, It have been detected that your account is causing traffic on our server and we have made some changes on your account, kindly click to confirm<hxxps://sibforms.com/serve/MUIEAOJ_BeOITkBk8g8ghSY1gwG7tHOF7nRrqyRhIGNCwmJqS7kbwzPntKa4f2BFBTsTHE7Cq4p0xpBDjt89wSuukY7n5WnYE-D54EwacEJlu3kHsjj_jXfdRAHxdnMRqbCTO_wWcLVO9ZOrzWh-LkQhv5vWJRc4J_dYshmaoQcftnK8Vd52wz1SUKntkcFQCfNJtmZPlO74FMCD> immediately or your account will be disable.
We are sorry for the inconvenience.
Email service provider.
[Posted: Oct 3, 2019 8:42 AM]
From: Stefanie Morris <smorris[at]perrymemorial.org>
Date: Thursday, October 3, 2019 at 5:17 AM
Subject: ITS Help-Desk
EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
We are migrating all email accounts into Outlook Web App 2019 and as such all active Account Holders are to validate their Email for upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.
Click Validate Account<hxxp://owa-upgrade.moonfruit.com/> to migrate and block further Spam mails.
Office of Information Technology Services (ITS)
Perry Memorial Hospital, 530 Park Avenue East
Princeton, IL 61356
815.876.2085 (ph) 815.876. (fx)
[Image removed by sender. Perry Memorial Hospital]
* NOTICE OF CONFIDENTIALITY
This electronic message and all attachments may contain information that is confidential or legally privileged. It is intended only for the use of the individual or entity named as the recipient of the message. If you are not the intended recipient of this message, you are hereby notified that any disclosure, copying, distribution (electronic or otherwise), forwarding or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this telecopy in error, please notify the sender immediately and delete the material from all computers which may have received it.
[Posted: Sep 30, 2019 1:40 PM]
From: John Unsworth <john.unsworth0106[at]gmail.com>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: URGENT REQUEST
[Posted: Sep 30, 2019 9:21 AM]
From: Sandra Steckler <sandra.steckler[at]ndus.edu>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]virginia.edu>
[Image removed by sender.]
You have received a secured document via Microsoft Sharepoint 2019.
Sender's Name: Sandra Steckler
Document Type: PDF
VIEW DOCUMENT <hxxps://docs.google.com/uc?export=download&id=1hBYYYHO-OXjRvgeKBhuXJkDuV-oowyYw>
Nam sodales venenatis blandit pellentesque.
[Posted: Sep 30, 2019 8:36 AM]
From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)kmda.gov.ua>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)microsoft.net" <No-reply(at)microsoft.net>
Subject: A lot of your incoming messages has been suspended
MICROSOFT VERIFICATION NEEDED
A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://3rr3.000webhostapp.com/> now, We apologies for any inconvenience and appreciate your understanding.
Microsoft Verification Team
Copyright © 2019 Webmail .Inc . All rights reserved.
[Posted: Sep 25, 2019 10:28 AM]
Validate Your Outlook Web-mail Account.
We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail.
We apologize for any inconvenience
Ensuring Cyber security is our priority
© Copyright 2019 Web-Mail
[Posted: Sep 25, 2019 9:49 AM]
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: [email protected] was hacked.
My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.
10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]virginia.edu)
I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.
I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.
Send the amount to my bitcoin address:
I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.
Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!
Your time has already started...
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.