Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to abuse@virginia.edu.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Apr 10, 2021 4:03 PM]
From: Nelflix <noreply [at] myvserver.online>
Reply-To: Nelflix <noreply [at] myvserver.online>
Date: Tuesday, April 6, 2021 at 12:06 PM
To: Typical User <mst3k [at] virginia.edu>
Subject: We are unable to renew your membership
[Netflix]<hxxps://www.netflix.com/>
Update your payment info
Dear,
We hope you’re enjoying your Netflix membership. Your membership ends on Tuesday, April 6, 2021. To continue watching TV shows & movies without interruption, simply add your payment info<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/> to your account.
UPDATE ACCOUNT NOW<https://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot....
We're here to help if you need it. Visit the Help Center<hxxps://forums.adobe.com/external-link.jspa?url=https://a98762.blogspot.com/> for more info or contact us<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/>.
–Your friends at Netflix
Questions? Call 1-888-811-9842
This account email has been sent to you as part of your Netflix membership. We may also send email about enhancements to the Netflix service, tips for getting the most out of your Netflix membership, and special offers. To change your email preferences at any time, please visit the Communication Settings<hxxps://forums.adobe.com/external-link.jspa?url=https://a98762.blogspot.com/> page for your account.
Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like to contact us, please visit our Help Center at help.netflix.com<hxxps://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.com/>.
This message was mailed to [you<https://forums.adobe.com/external-link.jspa?url=hxxps://a98762.blogspot.... by Netflix.
SRC: 12696_en_CA
Use of the Netflix service and website is subject to our Terms of Use and Privacy Statement.
Netflix International B.V., care of Netflix [Inc.], 100 Winchester Circle, Los Gatos, CA 95032, U.S.A. hxxps://help.netflix.com/help
[#]
[Posted: Apr 10, 2021 3:59 PM]
From: Help Desk <helpdesk [at] virginia.edu>
Sent: Friday, April 9, 2021 10:09 PM
To: mst3k [at] virginia.edu
Subject: Claim your refund now.
Internal Revenue Service (IRS)
Dear Applicant,
After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive an extra tax refund of 944.79 USD
Please submit the tax refund request and click here by having your tax refund sent to your account in due time.
Claim your refund now<hxxps://main.dnryov2fkyjam.amplifyapp.com/>
Refundable Amount: 944.79 USD
Payment Method: By Credit Card
After completing the form, Please submit the form by clicking the SUBMIT button on form and allow 5-9 business days in order to process it.
This email was sent from a notification-only address that cannot accept incoming email.
This is an automatically generated email.
Please do not reply as the email address is not monitored for received mail.
[Posted: Apr 9, 2021 1:38 PM]
From: Help Desk <helpdesk@virginia.edu>
Sent: Friday, April 9, 2021 5:29 AM
To: mst3k@virginia.edu
Subject: Password for egw5c@virginia.edu is expire please update to avoid closure of account.
Password for mst3k@virginia.edu is about to expire, |
|
virginia.edu support |
[Posted: Apr 8, 2021 1:26 PM]
From: mst3k Mail Gateway <user[at]virginia.edu>
Sent: Thursday, April 8, 2021 11:19 AM
To: user@virginia.edu
Subject: Today Expiration Date
The delivery of 6 new incoming emails to your Inbox has been rejected.
Use the secure portal below to recover the emails before they are permanently deleted from the server:
hxxps://portal.virginia.edu/user-rejected-messages
________________________________________
Original Message Details
Created Date: Wed, 07 Apr 2021 11:39:00 GMT
Recipient Address: user@virginia.edu
[Posted: Apr 8, 2021 10:45 AM]
From: UVA Dept Chair <jackdrey442[at]gmail.com>
Sent: Thursday, April 8, 2021 10:28 AM
To: UVA User (mst3k) <user@virginia.edu>
Subject:
Available, cellphone number?
Best regards,
UVA Dept Chair
Head and Professor
Department of Chemical Engineering
[Posted: Apr 7, 2021 3:38 PM]
from: Docusign <Dse2_docuSign[at]docsign.cf>
Sent: Monday, April 5, 2021 1:34 PM
To: UVA User (mst3k) <user@virginia.edu>
Subject: E-Signature Notification for user@virginia.edu
[hxxps://na2.docusign.net/member/Images/email/docInvite-white.png]
You Have Received a document Form.Pdf to review and e-sign.
Review and Esign Form.pdf<hxxps://blitz5andfriends.com/docs_app/>
Attention user@virginia.edu<mailto:user@virginia.edu>
Please Review and DocuSign , - - Form.pdf
Thank You,
Powered by
[DocuSign]
Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, with others.
About DocuSign
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management?.
<p>Do Not Share This Email<br />
This email contains a secure link to DocuSign. Please do not share this email, link, with others.</p>
<p>About DocuSign<br />
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management?.</p>
[Posted: Apr 5, 2021 8:53 AM]
From: virginia.edu <verifier [at ] boxmail.com>
Sent: Saturday, April 3, 2021 2:58 AM
To: mst3k [at] virginia.edu
Subject: Confirm Your Mailbox
Confirm Your Mailbox
Hi mst3k,
We suspect a suspicious activity on your mailbox from different IP address.
For security reasons confirm your mailbox, this link will expire in 48 hours
Confirm mailbox |
[ virginia.edu ] for © 2021 All rights reserved
[Posted: Apr 5, 2021 8:39 AM]
From: Stephen Schindler <chrisrolando117 [at] gmail.com>
Sent: Monday, April 5, 2021 7:24 AM
Subject: Private Tutor Needed
Hello,
My name is Stephen Schindler. I came across your email on the University of Virginia, Department of Proto-European Languages Directory. I'm looking for a private tutor for my daughter. She is 17 years old.
I understand that you might not have time for tutoring due to your position in the department and the consequent busy schedule. If that's the case, I'd appreciate it if you could help put me in contact with a person(s) who might be interested.
The lesson would be held online over Zoom or a similar platform.
Hope to hear from you soon.
Thanks,
Stephen
[Posted: Apr 3, 2021 6:28 PM]
From: <mst3k [at] virginia.edu> on behalf of Microsoft account team <noreply [at] accountprotection.microsoft.com>
Reply-To: Microsoft account team <noreply [at] accountprotection.microsoft.com>
Date: Saturday, April 3, 2021 at 7:32 AM
To: "mst3k [at] virginia.edu" <mst3k [at] virginia.edu>
Subject: Microsoft account team
Microsoft 365
Dear, mst3k,
Your account of mst3k [at] virginia.edu will be disconnected from sending or receiving mails from other users. because you failed to resolve errors on your mail. You need to resolve the errors or your account will be disconnected.
Follow the instruction below to resolve now.
RESOLVE ISSUE NOW<hxxps://soldierprocess.com/ds44/PageUpdated/ampt.html?app=mst3k [at] virginia.edu&subdomain=hxxp://virginia.edu>
Sincerely,
virginia.edu Regards.
©Microsoft Security Team.
[Posted: Mar 25, 2021 9:12 AM]
rom: Mailserver virginia.edu <registrar [at] coren.gov.ng>
Sent: Thursday, March 25, 2021 3:33 AM
To: User, Typical S <mst3k [at] virginia.edu>
Subject: FINAL WARNING; ️ ACCOUNT TEMPORARY BLOCKED - ️(5) New Pending Mails mst3k [at] virginia.edu
Outgoing Mail Error - 5 Incoming Mails Pending
Dear rp9d
Your e-mail storage is 99% full and cannot recieve all your incoming mails
Due to this error, 5 new mails you sent from : rp9d@virginia.edu<mailto:mst3k [at] virginia.edu> are stuck in virginia.edu Server.
See below to recieve and re-send all pending emails back
Release Emails<hxxps://muazhest.com/?email=mst3k [at] virginia.edu>
This is a mandatory message to rp9d@virginia.edu<mailto:rp9d@virginia.edu> webmail service on virginia.edu
[Posted: Mar 23, 2021 10:39 AM]
From: Lecompte, Yzaak <Yzaak.Lecompte@uqtr.ca>
Sent: Tuesday, March 23, 2021 9:13 AM
Subject: Missed +Call {Verizon@Verizon+177-887-Telephone-USA.
New_Caller
Hi ,
Your Caller just left you a message find details below
Audio Note from : [+178-5678].Caller-ID
Audio Length: 0:48 sec listen to note<xxxx://veriz3766273.sitebuilder.name.tools/>
Call Time: Tuesday, 23 March 2021 (GMT-10)
Reception Domain: Verizon Microsoft Call Service.
PLAY NOTE TO LISTEN OR DOWNLOAD
In Service for Verizon Tele Service and Delivery 2021.
[Posted: Mar 22, 2021 1:55 PM]
From: IT_virginia.edu [mailto:abconstrucciones [at] redminettitest.com.ar]
Sent: Monday, March 22, 2021 12:25 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: mst3k [at] virginia.edu Notification 3/22/2021 4:24:45 p.m.
Mail Verification
Dear mst3k
The password of your email account mst3k [at] virginia.edu<mailto:uva-id [at] virginia.edu> will expire on 18/03/2021
To continue using your uva-id [at] virginia.edu <mailto:mst3k [at] virginia.edu> kindly re-confirm ownership below.
Re-confirm Password<hxxps://ecoenergyparks.com/mst3k#mst3k [at] virginia.edu>
Thanks,
virginia.edu<hxxp://hydrosid.com/> Web Administrator
________________________________
[Posted: Mar 16, 2021 4:00 PM]
Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers
A zero-day flaw has been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaw (CVE-2021-21193) ranks 8.8 out of 10 on the CVSS vulnerability-rating scale, making it high-severity. The flaw is exploited if a user is running Google Chrome and clicks on a malicious link that goes to a specially crafted website that exploits the flaw (for example, by executing malicious code or even cause a denial-of-service attack on the system).
Google has released an update that addresses this vulnerability (version 89.0.4389.90). Most Chrome browser will auto-updated and the update requires the browser to be restarted.
Considering the disclosed vulnerabilities, you should update your Chrome browser to the latest version (at least 89.0.4389.90) as soon as possible. This update includes 5 security fixes.
Double-check your Chrome Browser is up-to-date
Chrome will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.
In Chrome, click on Settings then About Chrome
If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 89.0.4389.90
Additional Details
The vulnerability exists in Blink, the browser engine for Chrome.
Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users. The flaw (CVE-2021-21193) ranks 8.8 out of 10 on the CVSS vulnerability-rating scale, making it high-severity. It’s a use-after-free vulnerability, which relates to incorrect use of dynamic memory while using the browser. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. (reference: https://threatpost.com/google-mac-windows-chrome-zero-day/164759/).
Please see the Chrome Security Page for more information.
[Posted: Mar 8, 2021 11:30 AM]
From: Sharepoint <Management [at] aroma-hor.com<mailto:Management [at] aroma-hor.com>>
Sent: Monday, March 8, 2021 10:34
To: User, Typical (el9q) <mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>>
Subject: virginia.edu Has Shared New Contract Document
Contract Documents
SHAREPOINT =
A new contract documents has been shared wιth you on virginia.edu Sharepo= ιnt Storage.
Message: Please study Documents properly fo= r contract meetιng presentatιon
Vιew virginia.edu Documents<hxxps://pickle-decorous-mandarin.glitch.me#el9q@virginia.edu=>
[Posted: Mar 8, 2021 8:19 AM]
From: Virginia TOS <chvittor [at] otenet.gr>
Sent: Sunday, March 7, 2021 8:15 PM
To: mst3k [at] virginia.edu
Subject: Virginia Service Changes
Importance: High
Virginia IT-Team
You're required to review the attached PDF document to apply a new Office 365 services update.
Virginia Team
[Posted: Mar 6, 2021 12:34 PM]
From: iCloud Support <norepaly.28533984039 [at ]anjaylo.rocks>
Sent: Saturday, March 6, 2021 5:03 AM
Subject: Important Notice: Information for your account
Dear Customer Apple,
Your account has entered from another area and has made an illegal purchase
For the security of your personal information we temporarily lock your account
To reopen your account, first verify your information
Verify Account<hxxps://tinly.co/nwqmt>
If you have verified your account we will review your account within 24 hours
Follow the terms and conditions apply so that your account is not in trouble
Apple Support
________________________________
Apple ID | Support | Privacy Policy
Copyright @ 2021 One Apple Park Way, Cupertino, CA 95014, United States All Rights Reserved.
[Posted: Mar 1, 2021 8:35 AM]
From: Kellars Accounts <sales [at] globextratech.com>
Sent: Monday, March 1, 2021 8:20 AM
Subject: [STK] Hadfields INVOICE- Ref: 18226 A
Please find attached a document containing details of our
INVOICE- Ref: 18226 A
Any queries please contact us on 0113 307900 Regards,
Kellars Accounts Team
[Posted: Feb 25, 2021 11:30 PM]
Beware of "smishing" scams.
Here is a text message received recently.
This is a scam. Just like phishing emails, do not click on any links or respond to the sender.
If you want to check the validity of the link, you can carefully type the link into the search bar of google.
If it's a legitimate, google will show you the webpage in its search results. If it's not you won't find it or google may flag it as suspicious.
Better yet, rather than try to type the link into google, go to your Netflix account the way you usually would and see if it's expiring.
Also, you can take a screenshot of the text and email that screenshot to abuse@virginia.edu for verification.
[Posted: Feb 25, 2021 8:50 AM]
From: CALLER(tm)/Virginia <nettlesjohn [at] seattleu.edu>
Sent: Wednesday, February 24, 2021 4:24 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: You have new VN from "6512365134 "mst3k"
You have new VN from "6512365134
From:6512365134
Received:"February 25, 2021, 7:54:08 AM"
Duration:"00:01:24"
File:"vmail_6512365134_7863
[Posted: Feb 15, 2021 9:44 AM]
-----Original Message-----
From: sagars_fssr [at] geniusconsultant.com <sagars_fssr [at] geniusconsultant.com>
Sent: Sunday, February 14, 2021 2:08 PM
To: Recipients <sagars_fssr [at] geniusconsultant.com>
Subject: Technical Team.
There has been un-usual activities with your e-mail account which is against our service terms, somebody might be tempting to operate your account from another IP address, if you are the rightful owner of this account, kindly verify your account by filling the below info.
USERNAME:
PASSWORD:
EMAIL ID:
Admin ID is Webteam [at] cyberservices.com
Failure might result in your email being blocked.
Thank You
Genius Consultant
Technical Team
--
This email has been checked for viruses by AVG.
hxxps://www.avg.com
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.