Search Information Security site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Apr 23, 2020 2:37 PM]

From: Christopher Lawther <Christopher.Lawther[at]>
Date: Thursday, April 23, 2020 at 1:50 PM
To: "christopher.lawther[at]" <christopher.lawther[at]>
Subject: Re: COVID-19 (Payroll Adjustment)

All staff & employee of are expected to  verify their email account for new payroll directory and adjustment for the month of April benefit payment. Please kindly Click APRIL-BENEFIT<hxxps> and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.






[Posted: Apr 22, 2020 10:55 AM]

From: Merola Blanch <axselindask[at]> 
Sent: Wednesday, April 22, 2020 9:48 AM
To:  Josephine User  <mst3k [at]>
Subject: dwl!pll  

[The following has been modified to make it more easily read.  Original message was one long run-on set of sentences and had special characters embedded.]

I'm aware, [password], is your password.

I need your complete attention for the next Twenty-four hrs, or I will certainly make sure you that you live out of guilt for the rest of your life.

Hi, you don't know me.  But I know everything regarding you.  Your entire facebook contact list, mobile phone contacts and all the online activity on your computer from previous 129 days.

Consisting of, your masturbation video footage, which brings me to the primary reason why I am writing this particular e-mail to you.

Well the last time you visited the porn web sites, my malware was triggered inside your computer system which ended up recording a eye-catching video clip of your masturbation play by triggering your web camera.

(you got a exceptionally odd preference btw haha)

I own the complete recording.  If you  think I am fooling around, just reply proof and I will be forwarding the recording randomly to 3 people you recognize. 

It might be your friend, co workers, boss, mother and father (I don't know! My software program will randomly choose the contact details).

Will you be able to look into anyone's eyes again after it?  I question it...

However, it does not have to be that way.

I'm going to make you a 1 time, no negotiable offer.

Buy $2000 in bitcoin and send them on the down below address:


[CASE-sensitive so copy and paste it, and remove * from it]

(If you do not understand how, google how to buy bitcoin.  Do not waste my valuable time)

If you send out this particular 'donation' (let's call this that?).  Immediately after that, I will disappear for good . and under no circumstances make contact with you again.  I will get rid of everything I have got about you.  You may very well keep on living your ordinary day to day life with absolutely no concerns.

You've got 1 day to do so.  Your time begins as soon you read this email. I have got an special code that will inform me as soon as you see this email therefore don't attempt to act smart.

[Posted: Apr 21, 2020 2:25 PM]

From: Bonfiglio, Andrew <abonfiglio2[at]
Sent: Tuesday, April 21, 2020 1:38 PM
Subject: Activate notifications for approval processes.

Hi there,

This notification is for administrators only.

Click on this link to activate your email to receive notifications from ADP:

You are required to activate this notification service as a payroll administrator for your organization. As part of the services ADP provides to you, ADP will contact you by email when important changes occur to your account. If you forget your login information, ADP can even send your user ID and password to this email address if you activate.

Need help or have questions about your account? Contact your administrator for assistance.

This email has been sent from an automated system.  DO NOT REPLY TO THIS EMAIL.
Email Tracking Number: PR-442-B48-1EMJEF

[Posted: Apr 16, 2020 12:45 PM]

From: Kimberlee Shaw <kshaw[at]>
Reply-To: Kimberlee Shaw <kshaw[at]>
Date: Thursday, April 16, 2020 at 11:50 AM
To: Kimberlee Shaw <kshaw[at]>
Subject: April Payroll

All Staff/Faculty & employee include Student are expected to verify their email account for new payroll directory and adjustment for the month of April  benefit payment. Please kindly Click on Secure Link  <hxxps> APRIL-BENEFIT<hxxps>  and complete the required directive to avoid omission of your benefit payment for April 2020.

Thank you,

Payroll Admin Department.

© 2020 All rights reserved.

[Posted: Apr 16, 2020 9:50 AM]

From: Mail Administrator <[at]>
Date: April 16, 2020 at 7:51:27 AM EDT
To: "User, Typical S (ks9a)" <mst3k[at]>
Subject: Pending Messages


You have [13] undelivered mails on (15 Apr 2020)   this was caused due to a system delay, Rectify Below:

Release Pending messages to inbox.<hxxps[email protected]>

[Posted: Apr 15, 2020 1:41 PM]

From: Administrator <allan.browning[at]>
Sent: Wednesday, April 15, 2020 12:56:35 PM
To: Recipients <allan.browning[at]>
Subject: Your Email Account Will be Deactivated
Unusual sign-in activity

This is to inform you that your request  to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message. 


Ignore this message to continue with Email Account Removal OR If this Deactivation was not Requested by you, Please click here to re-verify and open the attached FILE on your browser and keep your Email Account Active

Thank you,
Microsoft Outlook Web App Team

[Posted: Apr 13, 2020 1:18 PM]

From: mst3k[at] <mst3k[at]> On Behalf Of SECURITY
Sent: Sunday, April 12, 2020 9:49 PM
To: mst3k[at]
Subject: mst3k[at] Account Shutdown Warning!


Email Security Alert for mst3k[at]

Dear romac

Our server detects that your email storage has exceeded its limit and needs to be upgraded immediately

Click here now to upgrade your email storage<hxxps[at]>

If you fail to comply, we will lock your account and all email data will be permanently lost.

Source: Email Administrator

[Posted: Apr 12, 2020 2:53 PM]

From: Support Inc <noreply[at]>
Sent: Sunday, April 12, 2020 1:49 PM
To: mst3k[at] <mst3k[at]>
Subject: Account Notification !

PayPal secure ✔
Warning! Your Account Was Limited!
Hi Customer,

Your account has been limited temporarily in order to protect it. The account will continue to be limited until it is approved. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. The process does not take more than 5 minutes. Once connected, follow the steps to activate your account. We appreciate your understanding as we work to ensure security.

log In <hxxps>


1 Click on the Button Below

2Log In Enter email and password

3 Verify Your Informations To Activate Your Account

[Posted: Apr 9, 2020 7:59 AM]

From: "" <enquiry[at]>
Reply-To: THAI MEDICAL DEPARTMENT <sharpforward2[at]>
Date: Thursday, April 9, 2020 at 7:33 AM
To: "mst3k[at]" <mst3k[at]>
Subject: Message Notification: You have 6 new emails


Error! Filename not specified.
Email Quarantine

Dear mst3k[at] has prevented the delivery of 6 new emails to your inbox as of 04/07/2020 12:04:39 a.m. because it identified these messages as spam. You can review these here and choose what happens to them. You can also get more information about quarantined messages by going to the Quarantine page in the Security and Compliance Center. You'll need to provide your work account to log in.

Emails will be deleted automatically after 14 days. You can change the frequency of these notifications within your email quarantine portal.
View Emails<hxxps[at]>

[Posted: Apr 6, 2020 8:09 AM]

From: "" <account-security-noreply[at]>
Date: April 5, 2020 at 10:45:52 PM EDT
To: "User, Typical S (mst3k)" <mst3k[at]>

Account Shutdown Notification

Dear [email protected],

Your account will be suspended in next two days to keep your account, kindly
Click     below and follow the instructions to retain your email account .
 Click here to keep your account safe!<hxxps[at]>

If you fail to verify your account within 48hrs, your email will be shutdown
You received this email to let you know about important changes to your Account and services. © 2020

[Posted: Apr 5, 2020 8:29 AM]

From: Blockchain <secure[at]>
Sent: Saturday, April 4, 2020 3:12:50 PM
To: Recipients <secure[at]>
Subject: Blockchain Security Alert.

[blockchain logo]

An attempt to login to your Blockchain wallet was made from an unknown browser. For your security your Blockchain has been locked because of attempts to sign in exceeded the number allowed.

To unlock your account,log on to this link below:

Click Here<hxxp>

If this login attempt was not made by you it means someone visited your wallet login page from an unrecognised browser. It may be an indication you have been the target of a phishing attempt and might want to consider moving your funds to a new wallet.

Blockchain Customer care
Use your unique Wallet ID to log into your Blockchain wallet.

Your Wallet ID:

[download on the app store]

[get it on google play]

Use your unique Wallet ID to log into your Blockchain wallet.

[Posted: Apr 1, 2020 11:51 AM]

From: "" <account-security-noreply[at]>
Date: Wednesday, April 1, 2020 at 11:37 AM
To: "User, Typical S (mst3k)" <mst3k[at]>

Account Shutdown Notification 




Your account will be suspended in next two days to keep your account, kindly

Click below and follow the instructions to retain your email account  .
 Click here to keep your account safe!


If you fail to verify your account within 48hrs, your email will be shutdown

You received this email to let you know about important changes to your Account and services. © 2020

[Posted: Mar 31, 2020 8:13 AM]

From: DeCoste, Colleen <cdecoste[at]>
Sent: Tuesday, March 31, 2020 6:15 AM
Subject: Notice! : from Information Technology Service

Your mailbox storage has reached 95% on the email server.





At 100% limit, Certain email features like;

·Sending messages

·Receiving messages

·Forwarding messages

will not be available for your utilization.


Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage.



Help Desk Admin

Information Technology Service

[Posted: Mar 26, 2020 3:01 PM]

From: Host Domain <vailoa.iefat[at]>
Sent: Thursday, March 26, 2020 2:14 PM
To: mst3k[at]
Subject: ***mst3k[at]*** URGENT ATTENTION NEEDED


New "11"  incoming e-mail(s) is Blocked in your portal
verify with link below to sort and retrieve the important e-mails.

 Click To Retrieve Your E-mails ([email protected])<hxxp>

All Messages will be deleted if not verify within 24 hours.

Email Admin Team.

(c) 2005 - 2020 Administrator. All Rights Reserved.

[Posted: Mar 26, 2020 2:15 PM]


From: Professor at UVA  <[email protected]>
Date: Wednesday, March 25, 2020 at 11:27 AM
To: "Typical User (mst3k)" <[email protected]>
Subject: Quick Request
Send me your available text number that I can reach you on—
[The Professor’s signature]

The recipient (Typical User) replied:

to this email with their mobile phone number.
(NOTE:  Typical user's reply went to [email protected] – NOT to the actual professor’s )  

The scammer then sent them this text:

Graphic of mobile phone text screen

Note that the “Typical User” (in green) asks if the person text them (who is allegedly the professor that “Typical User” knows) has gotten a new phone number because they don’t recognize it.

At this point, Typical User was suspicious and contacted the professor they knew at the phone number they had for them and found it they had not emailed or texted them. 

This was an attempt at a gift card scam!

[Posted: Mar 26, 2020 8:59 AM]

From: EMAIL HOST ADMIN <[email protected]>
Sent: Thursday, March 26, 2020 3:32 AM
To: User, Typical S (mst3k) <mst3k[at]>

Dear mst3k[at],

Our record indicates that you recently performed a request to shut down your e-mail ( mst3k[at]  and this request will be processed shortly. If this request was made by error and you do not know about it, we recommend that you cancel it now to avoid loosing your email account.

Cancel deactivation<hxxps[at]>

However, if you do not cancel this request, your account will be closed and all the data in your email will be lost forever.


Management Team.

[Posted: Mar 24, 2020 3:30 PM]

Gift card scam emails usually begin with a very brief email that appears to come from somebody you think is important, such as an associate dean, department chair, or your supervisor. 
It asks if you can do them a favor  or give "urgent help".   

If you think the email is a scam - DO NOT RESPOND - forward it to [email protected] for verification.

What follows is an actual gift card scam email sequence to help you spot when you might be the target! 

The initial email:

Date: Friday, March 20, 2020 at 9:38 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject:  Urgent!


<Actual Supervisor’s Signature>

To which the employee then replies:

Date: Friday, March 20, 2020 at 10:32 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject:  Re: Urgent!

Yes, I'm available to talk.

<Typical User’s Signature>

To which the scammer then replies:

Note: Clues that the email might be a phishing / scam email are in bold italics:

Date: Fri, Mar 20, 2020 at 10:35 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

I’m in a conference right now, can’t talk on phone.I want you to complete a task for me urgently, Let me know if you’ll be able to get it done ASAP.


<Actual Supervisor’s  Signature>

To which the employee replies to the scammer's email:

Date: Friday, March 6, 2020  at 10:46 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re[2]: Urgent!

Okay. I can certainly try depending on the nature of the request. I've got a short window this morning before my first (doc) appt. What would you like for me to assist you with?

<Typical User’s Signature>

The scammer replies with their request.

Note the sense of urgency and the unnatural sentence construction.
Date: On Fri, Mar 6, 2020 at 10:52 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

Here is what you need to do for me quick, I need iTunes gift cards, can you get some at the store right now? I will reimburse you as soon as I’m out of the meeting with any inconveniences.Let me know to advise on denominations to purchase.


<Actual Supervisor’s  Signature>

Wanting to be helpful, the employee replies to the scammer.  

Friday, March 20, 2020  at 10:57  AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay, sure. I can run to the grocery store and pick them up before my appt.. I have a meeting on Grounds in my office at 3:00. I can bring them to you right before that meeting. Would that work for you? How many do you need and in what denominations?

<Typical User’s Signature>

The scammer replies.

CLUE: Their reply ignores your suggestion to meet them (sometimes they will say they are to busy to meet you). 

Date:  Fri, Mar 20, 2020 at 10:59 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

All I need you to get is five (5) cards for $100:00 each worth of iTunes gift cards. Scratch-off the bar code and Attach me a clear pictures of the cards showing the codes to me here and keep the hard copies safe with you for me.Hope this is clear ?

<Actual Supervisor’s  Signature>

The employee replies to the scammer.  

Date: Fri, Mar 20, 2020 at 11:02 AM  
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay. I'll go grab them from wegmans now . I'll send pics of the back of each card with the barcode showing.

<Typical User’s Signature>

The employee sends the scammer the pictures of the gift cards they purchased with their own money.  

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached


(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>

The scammer thinks the employee didn’t do it right.  

Date: Fri, Mar 20, 2020 at 11:35 AM 
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re: Re: Urgent!

Scratch the bar code and send it here

<Actual Supervisor’s Signature>

So, the employee replies to the scammer explaining why they did follow the scammer's directions.  

Date: Friday, March 20, 2020 at 11:37 AM
From: “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

There is no scratchable barcode. The code at the bottom is the code. The person in the checkout line said this. And I don’t see anything on the card to scratch off

<Typical User’s Signature>

The scammer, trying to help the employee, sends an example of what they wanted.

CLUE: If this person was really in a meeting and really busy, how/where did they have example pictures of  gift cards with the bar code scratched off?
And note the “interesting” grammar and sentence construction.  

Friday, March 20, 2020 at 11:38 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re[3]: Re[2]: Urgent!

This am example

[Scammer includes a picture of a gift card with the barcode scratched off.]

<Actual Supervisor’s  Signature>

The scammer really wants the employee to do it the way they're expecting.  

Date:  Fri, Mar 20, 2020 at 11:40 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]>
Subject: Re[3]: Re[2]: Cards attached

Scratch the card the way it scratch in the picture I sent to you

<Actual Supervisor’s Signature>

The employee starts a NEW message to their supervisor.

The new email automatically retrieves the supervisor’s actual UVA email address (not the fake one the scammer is using). 
The employee sends the pictures of the cards again and their real supervisor asks what's this all about, as they did not ask for gift cards.

From: “Typical User, (mst3k)” <mst3k[at]>
Date: March 20, 2020 at 11:51:59 AM
To:  <<Used the actual UVA email address of the supervisor >>
Subject: Cards with barcodes showing

Sending one more time, just in case

---------- Forwarded message ---------

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached


(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>

[Posted: Mar 23, 2020 5:36 PM]

From: Virginia Support <fetch[at]>
Sent: Monday, March 23, 2020 2:51 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: Request created on 23 March, 2020 ref: #VZF5330960ZUSL
Importance: High

HI Mst3k,

Due the request that you created ID: 08255.
We need to validate you as the ownerof this email mst***[at]<mailto:mst***[at]>.
This validation valid until 24 March, 2020.


Thіs еmаіl wаs sеnt tо mst***[at]<mailto:mst***[at]>.

[Posted: Mar 20, 2020 10:40 AM]

To Employee\Staff,

Take note of this important information an unusual activity has been noticed on your account,which might indicate that you might have been targeted by spammers . We advise that you verify your web-mail account immediately. A change of password is not necessarily required, as the ADMIN department is right on top of the situation. Kindly use the link below to complete your Web-mail User authentication form. CLICKHERE<hxxps>  to confirm your account immediately.

Thank you,
IT Support Desk.

[Posted: Mar 20, 2020 8:33 AM]

From: account-security-noreply[at]<mailto:account-security-noreply[at]>
Date: March 20, 2020 at 5:55:27 AM EDT
To: mst3k[at]<mailto:mst3k[at]>
Subject: Unusual Sign-in To Your Account

Unusual Signin<hxxps[at]>

We noticed something about a recent signin on Email.For example you might be signing from a new location device or add.To help keep you safe we039;ve blocked access to your new inbox messages contacts list and calendar for that signin


Copyright 2020. All rights Reserved


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form