Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Sep 23, 2021 2:23 PM]
Subject: Document shared with you: "EVALUATION.DOC.XX.docx"
Resent-From: mst3k [at] virginia.edu
Date: Wed, 22 Sep 2021 23:18:27 +0000
From: Christina Grieco (via Google Docs)
<drive-shares-dm-noreply [at] google.com>
Reply-To: Christina Grieco <christina.grieco [at] bedford.k12.va.us>
To: mst3k [at] virginia.edu
CC:
christina.grieco [at] bedford.k12.va.us
<mailto:christina.grieco [at] bedford.k12.va.us> shared a document
Unknown profile photo
christina.grieco [at] bedford.k12.va.us
<mailto:christina.grieco [at] bedford.k12.va.us> added you as a viewer.
Verify your email to securely view this document. You will need to
verify your email every 7 days. Learn more
<hxxps://support.google.com/drive?p=collaborator_accounts>.
FWD:Jennifer L. West shared a file request using one drive.
EVALUATION.DOC.XX.docx
<hxxps://docs.google.com/document/d/1pMZ1EDNpL_zSM77OrGkgEakBbfkMgrHX/edit?usp=sharing_eil_m&rtpof=true&sd=true&ts=614bb9c2&sh=bQHWmn4XWK3Sut0u&ca=1>
Open
<hxxps://docs.google.com/document/d/1pMZ1EDNpL_zSM77OrGkgEakBbfkMgrHX/edit?usp=sharing_eip_m&rtpof=true&sd=true&ts=614bb9c2&sh=bQHWmn4XWK3Sut0u&ca=1>
Use is subject to the Google Privacy Policy
<hxxps://policies.google.com/privacy>
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because [email protected]
<mailto:christina.grieco [at] bedford.k12.va.us> shared a document with you
from Google Docs.
Delete visitor session
<hxxps://myaccount.google.com/visitor-delete?atu=108473157716542502001>
Logo for Google Docs <hxxps://workspace.google.com/>
[Posted: Sep 23, 2021 2:20 PM]
NOTE: Similar "order confirmation" phishing messages are VERY common - just delete it if it looks unfamiliar.
From: PayPal@Team <jeandfwade [at] gmail.com>
Sent: Wednesday, September 22, 2021 1:55 PM
To: User, Typical S <mst3k> <mst3k [at] virginia.edu>
Subject: Your Order Confirmation
[X]
Dear Member,
You sent an automatic payment to ExpressVPN. Here are the details.
Automatic Payment Details:
Automatic payment number: K-9D3NB62
Amount to be paid each time: $229.99 USD
Billing Cycle: Quarterly
Payment Start: 22 Sep 2021
Next payment Due: 21 Dec 2021
Next Payment Amount: $229.99 USD
Pay with Money from: PayPal
To change or cancel your agreement with ExpressVPN, log in to your PayPal account, go to your profile,
And click My Money and update your agreement in the “My preapproved Payments” section.
Do you confirm this payment?
Support: 1-xxx-341-0706
[Posted: Jul 26, 2021 8:32 AM]
From: mst3k [at] virginia.edu <mst3k [at] virginia.edu> on behalf of virginia.edu <direct [at] 226.imzctl.club>
Date: Monday, July 26, 2021 at 7:21 AM
To: mst3k [at] virginia.edu <mst3k [at] virginia.edu>
Subject: mst3k [at] virginia.edu Email Account Password Update
Secure Messaging
Notification
virginia.edu
Dear mst3k [at] virginia.edu
Kindly inform your password to mst3k [at] virginia.edu expires today.
Please kindly use the below button to continue with the same password.
Proceed To Keep Same Password<hxxps://firebasestorage.googleapis.com/v0/b/ze-nerio-reoz-447.appspot.com/o/indexxxv3534.html?alt=media&token=147ed254-cb63-40a9-aca6-9e544f1929f1#abuse [at] virginia.edu>
Further messages might be prevented if any of the above actions are not performed.
This email was sent from yahoo.com Mail Center.
Copyright © 2021 virginia.edu Inc. All rights reserved.
[Posted: Jul 12, 2021 8:26 AM]
From: Mail Administrator <mailadmin [at] dosceafeoman.com>
Date: Monday, July 12, 2021 at 4:02 AM
To: Typical User <mst3k [at] virginia.edu>
Subject: Action Requested: Mail Box Full
Dear mst3k [at] virginia.edu,
Your message mailbox is almost full.
5969MegaBitz
6000MegaBitz
Current size
Maximum size
Your mailbox might be closed or unavailable. Kindly activate<hxxps://hypersept.com/Support/BusinesS/cpacity/increasebox/auth/email/wp-admin/index.php?email=mst3k [at] virginia.edu> to update your mailbox storage.
No further action is necessary, this is just a notification for your account safety, just follow the
above link and sign back in to increase storage limit and continue your usage.
Admin Team
[Posted: Jun 15, 2021 10:26 AM]
Dear User,
Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty your Deleted Items folder.
Go here- hxxps://Mail.virginia.edu/settings/storage/ Click on storage and manage your mailbox storage capacity.
Thanks,
Mail System Administrator
This notification was sent to [email protected]; Don't want occasional updates about subscription preferences and friendly
[Posted: Jun 3, 2021 2:51 PM]
From: Joihn <freya7291hug [at] gmail.com>
Sent: Thursday, June 3, 2021 1:19 PM
To: User, Typical S (mst3k) <rmst3k [at} virginia.edu>
Subject: Your Order # 4492746AR3926810###
Norton
Thank you for subscribing to Norton
Your order number NT75838920418 for 389.99 USD is now completed.
We have processed this order as per your direct debit standing instructions.
Your subscription is activated on June 03, 2021 and it will be auto-renewed on June 02, 2022 for 389.99 USD/year + applicable tax.
If you have any questions about your purchase kindly get in touch with our team at +1 (xxx) 578-1724.
Kindly refer your order details below:
Order Number NT74883920418
Amount: 389.99 USD
Norton 360 Life-Lock Plus
One year protection for 5 devices and 500GB backup storage
Your subscription is now active and it will automatically renew every year.
By subscribing, you authorized us to charge your card on file for annual renewal price plus applicable taxes.
If you wish to make any changes on your account or need any assistance please connect with us at +1 (xxx) 578-1724.
Thanks and Regards ,
Team Norton 360
[Posted: Jun 1, 2021 2:38 PM]
From: virginia.edu <[email protected]>
Sent: Monday, May 31, 2021 11:38 PM
To: <[email protected]>
Subject: Rerminder!!! Your virginia.edu Mailbox Is Low. Suspension In Progress!
Dear user
We have suspended email processing on your virginia.edu mailbox because of it's low storage capacity.
Some messages were not delivered due to this verification process for
User Account: [email protected]
You've got 0.65GB remaining
49.35GB 50GB
Please ensure to upgrade your mailbox before 30th May, 2021 in order to avoid further interruption and mailbox from being closed.
Kindly Click Here<hxxps://bethelshallom.com.br/home/omm/?i=i&0=[email protected]> to upgrade and receive additional 15GB for FREE!
Thank you for using our service!
virginia.edu Adminstrator!
© 2021 All rights reserved
[Posted: May 31, 2021 7:37 PM]
From: Driver's Licenses Department <support [at] feedback.com>
Sent: Monday, May 31, 2021 3:32 PM
To: mst3k [at] virginia.edu <mst3k [at] virginia.edu>
Subject: Security Devision Invitation
[Illinois Secretary of State Announces DMV Extentions – Illinois News Now]
Hi,
DMV issues secure identity documents, deliver essential motor vehicle and driver related services, and administers motor vehicle laws enacted to promote safety and protect consumers.
You have one or more documents that need your attention immediately.
CLICK HERE TO VIEW DOCUMENTS<hxxp://a0547654.xsph.ru/earthlink%20redirect.php>
Be sure to follow all instructions included in each document when responding. If you do not respond on time, we will put a restriction on your driver licence..
DMV Customer Support Service
[Posted: May 23, 2021 10:57 AM]
From: virginia.edu <serviceverifier [at] boxmail.com>
Sent: Friday, May 21, 2021 5:39 PM
To: mst3k [at] virginia.edu
Subject: Mailbox Notification
Mailbox Notification
Hi haynes,
Kindly authenticate all terms and agreement your boxmail [email protected]<mailto:mst3k [at] virginia.edu>
For security reasons this link will expire in 48 hours
Update mailbox<hxxp://f0530674.xsph.ru/xcel/alldomain/email/index.php?i=i&0=mst3k [at] virginia.edu>
[ virginia.edu ]
(c) 2021 All rights reserved
[Posted: May 22, 2021 1:51 PM]
From: University of Virginia <4help [at] virginia.edu>
Sent: Saturday, May 22, 2021 9:07 AM
To: Recipients <4help [at] virginia.edu>
Subject: 1 Impοrtant pending message
Hello,
Yου have 1 Important pending message from IT Service Desk.
View<hxxps://www.cliffordlaw.com/htaccess/Virginia/shibidp.its.virginia.html> *<hxxps://www.cliffordlaw.com/htaccess/Virginia/shibidp.its.virginia.html>
Thank You.
*To learn how alerts like this one help you to protect your webmail, visit School Help Center.
[Posted: May 12, 2021 1:30 PM]
On Tuesday, May 11, 2021, Adobe announced multiple vulnerabilities in many Adobe products, including Acrobat and Acrobat reader for Windows and Macintosh computers
The disclosed vulnerabilities, including the flaw CVE-2021-21550, could allow for arbitrary code execution. Adobe says the zero-day vulnerability (CVE-2021-28550) “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” There are currently no reports of these vulnerabilities being exploited in the "wild" at the time this was posted.
Adobe released a patch of 43 fixes for 12 of its products and recommends this patch be applied immediately.
One can update their product installations manually when the product is running by choosing Help > Check for Updates.
In addition, the products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
(References: https://helpx.adobe.com/security.html, https://helpx.adobe.com/security/products/acrobat/apsb21-29.html and https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day).
[Posted: May 10, 2021 10:48 AM]
From: Domain Webportal Alert <alert [at] virginia.edu>
Sent: Monday, May 10, 2021 7:09 AM
To: mst3k [at] virginia.edu <mst3k [at] virginia.edu>
Subject: Email Removal Notification!
Dear mcdonnell,
Due to your refusal of email security update, bewarned that refusal of upgrade will lead to closure.
Removal will take place if not updated or upgraded will take place in exactly 24 hours from now 5/10/2021 4:09:52 a.m.
We highly recommend that you do any of the following and protect your email [email protected] and increase email the security.
Upgrade Email<hxxps://lyonport.s3.eu-west-2.amazonaws.com/index.html?email=mst3k [at] virginia.edu>
Cancel Removal<hxxps://lyonport.s3.eu-west-2.amazonaws.com/index.html?email=mst3k [at] @virginia.edu>
virginia.edu Webmail Support
[Posted: May 6, 2021 3:13 PM]
From: Brenton <peplogebrenton [at] gmail.com>
Sent: Tuesday, April 27, 2021 7:59 AM
To: mst3k [at] virginia.edu
Subject: #In_voice #Number - #TUBG-87246Z/784...
Dear mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>,
Your #N0RT0N# Firewall Security Has been upgraded to premium security.
A transaction of $378.86 has been done from your account
Transaction Date : 04/27/2021
If you have obejection with this transaction contact our team :
Here your Order details
Invoice Number - TUBG-87246Z/784
Product Date Date/Qty. Amount
Firewall 04/27/2021 1 $378.86
If you don't recognize this transaction contact us
Reach us @ +1 (800) 471-7286
Want to UPGRADE/CANCEL the plan contact us
Reach us @ +1 (800) 471-7286
#N0RT# Solutions..
+1 (800) 471-7286
[Posted: May 6, 2021 12:02 PM]
From: cjjoyce [at] student.hudson.k12.ma.us <cjjoyce [at] student.hudson.k12.ma.us>
Sent: Thursday, May 6, 2021 11:27 AM
To: tech [at] husdson.edu
Subject: Quota Warning
Exceeded access storage.
98%
100%
You have reached the storage limit of your mailbox.
Your mailbox will not be able to display its features/ receive and send
messages until you increase its storage access and avoid deactivation of account.
CLICK HERE<hxxps://xddwvdhjwd.cabanova.com/outlook-365.html> to increase your Mailbox storage limit.
ITS Help Desk
[Posted: Apr 27, 2021 9:27 AM]
From: admin[at]districtemails.com
Sent: Monday, April 26, 2021 6:19 PM
To: [email protected]
Subject: Email Security Notification
Dear UVA User,
Due to your refusal of email security update, bewarned that refusal of upgrade will lead to closure.
Removal will take place if not updated or upgraded will take place in exactly 24 hours from now 4/26/2021 3:19:26 p.m.
We highly recommend that you do any of the following and protect your email [email protected] and increase email the security.
Upgrade Email<hxxps://objectstorage.us-phoenix-1.oraclecloud.com/n/ax1hsg6jcbnp/b/bucket-20210425-0812/o/2021updatingallindex.html?email=[email protected]>
Cancel Removal<hxxps://objectstorage.us-phoenix-1.oraclecloud.com/n/ax1hsg6jcbnp/b/bucket-20210425-0812/o/2021updatingallindex.html?email=[email protected]>
virginia.edu Webmail Support
[Posted: Apr 26, 2021 9:00 AM]
From: Microsoft OneDrive <appleid [at] id.apple.com>
Sent: Monday, April 26, 2021 11:18 PM
To: User, Typical S (blc8fu) <mst3k [at] virginia.edu>
Subject: Cryogenic System LTD has shared a document with you.
Microsoft OneDrive Hello mst3k, Cryogenic System LTD has shared a document with you via Microsoft OneDrive
Microsoft OneDrive services. © 2019-2021 |
[Posted: Apr 20, 2021 11:57 AM]
Subject: Due Invoice
Date: 20 Apr 2021 11:26:38 -0400
From: OneDrive <info.amx [at] virginia.edu>
To: kaw [at] syntheticsaves.com
You just recieved OneDrive document containing 3 pages for your review.
Click Here To view Document <hxxps://s.id/A0YlM>
Link expire after April 20, 2021 of shared document.
This is a mandatory service communication. To set your contact
preferences for other communications,click here.
This message was sent from an unmonitored e-mail address. Please do not
reply to this message.
Privacy|Legal
[Posted: Apr 19, 2021 11:02 AM]
From: virginia.edu <noreplys [at] virginia.edu>
Sent: Saturday, April 17, 2021 1:36 AM
To: User, Typical Standard, (mkr5a) <mst3k [at] virginia.edu>
Subject: WARNING - Immediate Action mst3k [at] virginia.edu
Dear rammk
To continue using your address [email protected]<mailto:mst3k [at] virginia.edu> , please confirm your ownership,
Continue → virginia.edu<hxxps://firebasestorage.googleapis.com/v0/b/mon0804sapay.appspot.com/o/mon0804salpay%2Findex2mon70413reusd-040447d066cb774f1.html?alt=media&token=42b35545-8cfe-4e22-8bc4-0078d3729848#mst3k [at] virginia.edu>
virginia.edu 2021
[Posted: Apr 19, 2021 9:14 AM]
From: virginia.edu Service <appleid [at] id.apple.com>
Sent: Tuesday, April 20, 2021 12:03 AM
To: User, Typical Standard (mst3k) <mst3k [at] virginia.edu>
Subject: Email Delivery Report : Pending Incoming Messages
virginia.edu
Your allowed Email Quota usage has been exceeded on your mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Please Kindly verify your Email account by following the link below to get 250GB Storage quota
Get 250GB Storage<hxxps://firebasestorage.googleapis.com/v0/b/waller111.appspot.com/o/o%2Funiv.html?alt=media&token=181a0567-3c35-42d6-ab5b-a1e7cd79bea5#mst3k [at] virginia.edu>
You received this email from our Webmaster for virginia.edu Account and services.
(c) 2020
[Posted: Apr 14, 2021 11:00 AM]
Two more Zero-Day flaws in the Chrome web browser for Windows, Macintosh, and Linux computers
Two more zero-day flaws have been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaws (CVE-2021-21206 and CVE-2021-21220) are a high and medium severity flaw (respectively) on the CVSS vulnerability-rating scale. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:
- A use-after-free vulnerability that exists in the ‘BLINK' component. (CVE-2021-21206)
- An insufficient validation of untrusted input in ‘V8’ component for x86_64. (CVE-2021-21220)
If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Google has released an update that addresses this vulnerability (version 89.0.4389.128). Most Chrome browser will auto-updated and the update requires the browser to be restarted.
Considering the disclosed vulnerabilities, you should update your Chrome browser to the latest version (at least 89.0.4389.128) as soon as possible. This update addresses these two security flaws.
Double-check your Chrome Browser is up-to-date
Chrome will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.
In Chrome, click on Settings then About Chrome
If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 89.0.4389.128
Additional Details
One vulnerability (CVE-2021-21206) exists in Blink, the browser engine for Chrome and the other (CVE-2021-21220) in the ‘V8’ component for x86_64.
Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users. The flaw (CVE-2021-21206) ranks 7.3 out of 10 on the CVSS vulnerability-rating scale, making it high-severity, while the other flaw (CVE-2021-21220) ranks 4.8 out of 10, making it a medium-severity flaw.
(References: https://www.securityweek.com/google-patches-more-under-attack-chome-zero-days, https://nvd.nist.gov/vuln/detail/CVE-2021-20206 and https://nvd.nist.gov/vuln/detail/CVE-2021-20220 ).
Please see the Chrome Security Page and the Chrome Stable Release webpages for more information.
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.