Search Information Security site


Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: May 8, 2018 4:15 PM]


Dear Staff,

Attached is the employees update document.  (Attachment name is VIRGINIA.pdf)


Teresa A. Sullivan .
University of Virginia .

[Posted: May 4, 2018 3:24 PM]

From: American Express <
Sent: Friday, May 4, 2018 2:56 PM
To: trr5r <>
Subject: Update your Email Address/Phone Number

Dear Card Member,

We are unable to verify your contact information, this might be due to a recent update in your personal information (i.e. change of Email Address/Phone Number).

* Update your Email Address/Phone Number by following the secured link below:


If the link above is not clickable, copy and paste URL into the 'Address' field of your web browser.

Thank you for your Cardmembership.

American Express Customer Service

© 2018 American Express. All rights reserved.

[Posted: May 4, 2018 11:18 AM]

From: Microsoft online services team [no_reply_notifications_384849329-microsoft3930223-394noreply38430-outlook384932204]] <hunter[adt]>
Sent: Thursday, May 3, 2018 12:50 PM
To: User, Typical (abc1x) <>
Subject: User verification


User agreement verification

Your Services Agreement and Privαcy Statement made clearer
You are required to Log in to validate your Office account<> Now to continue usage.

Validate Now<hxxps://>

Thank you for using Microsoft products and services.

Thank you
The Microsoft Online Team

[Posted: May 3, 2018 11:54 AM]

From: "donna.davis1994[at]<mailto:donna.davis1994[at]>"
Date: Thursday, May 3, 2018 at 9:23 AM
To: xxxxxx
Subject:<> Be careful next time ID DlCFirya<>

Your computer has been attacked by the corrupting agent .

Whats to do?

I set the malware on a soft pornography web site, you hit that file and promptly adjusted the malicious program to your gadget .

That malicious program made your front-facing camera capturing video so I receive the record with you chaturbating.

In next 4 hours that malicious program copied all your contact information.

At this moment, I own all your info and videorecord with you chaturbating, now in a case if you have a desire me to annul all the contact numbers make payment 391 USD$ in BTC digital currency.

If not I would send the movie to all your contacts .

I forward you mine Bitcoin code - 159efJyVAKA38Qhk3d6jupoZ3N6nxRRs2Q You own 26 hours after reading. In a case if I obtain transaction I am going to undo the movie once for all.

Im sorry for my grammar- I am from China .
P.S. this postal ad dress, I have stolen it.
Don't answer to this message. This is temporary email!

[Posted: May 1, 2018 8:52 PM]

From: Email Administrator <mailerdeamon[at]>
Sent: Tuesday, May 1, 2018 7:20 AM
To: xxx1x[at]
Subject: xxx1x[at] Unusual Sign-In Activity Detected

Unusual sign-in activity

We detected something unusual about a recent sign-in to the account<>

Your account will be temporarily locked within 24hours if you don't confirm you are you the owner of this account. We'll help you secure your account and block all other unauthorized access once you confirm your ownership of this account.

Confirm Ownership<hxxp://>

details

Country/region: Finland

IP address:

Date: 30/04/2018 4:40 AM (GMT)

Platform: Windows

Browser: Firefox


[Posted: May 1, 2018 12:22 PM]

Hello everyone,   As you are aware of the email phishing and telephone scams activities going on within the University. 
Please help us validate our records as soon as possible to avoid cancellation of your account.

 Validate Email Account Sincerely IT Help Desk
Office of Information Technology

[Posted: Apr 30, 2018 11:15 AM]

From: LUCAS DOS SANTOS BRAGA <lucas.braga6[at]> 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved © 2018

[Posted: Apr 17, 2018 9:07 AM]

Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved (c) 2018

[Posted: Apr 14, 2018 6:08 AM]

-----Sharon Lawson-Davis/HNH wrote: -----

From: Sharon Lawson-Davis/HNH
Date: 04/14/2018 03:55AM
Subject: IT Service Help Desk


Your mailbox is almost full.

1126MB   1224MB
Current size   Maximum size

Please CLICK HERE to increase your mailbox size. .

[Posted: Apr 11, 2018 3:33 PM]

From: Sue Yang [mailto:Sue.Yang[at]]
Sent: Wednesday, April 11, 2018 12:35 PM
To: Sue Yang <Sue.Yang[at]>
Subject: RE: Information Technology Services
Importance: High

Dear Staff Member,

Due to the on-going security upgrade, All Staff members are required to update their information
to the new security system to enable a faster, easier and more secure e-mail experience CLICK-HERE<hxxp://>

Information Technology Services (ITS). Email Verification & Mail Quota Update.

[Posted: Apr 9, 2018 12:45 PM]

From: Tom Gould <TomGould[at]<mailto:TomGould[at]>>
Sent: Monday, April 9, 2018 10:51 AM
To: Tom Gould <TomGould[at]<mailto:TomGould[at]>>
Subject: RE: ADMIN

System Update Message

Help Desk Messages

Greetings Colleagues,

 Please be advised that today been Monday,April 9th, we will be performing system maintenance on our server.

*         All updates will begin after 7:00 pm and run to 10:00 pm.

*         There may be intermittent outages on CIS during this maintenance.  This includes CX, the Portal, and the ability to run reports.

Please CLICK-HERE<hxxp://> to the auto backup portal and log in to your Outlook client prior before 7:00 pm today to enable auto backup of all information's on your mailbox, if you do not log into the auto backup portal, you may lose the connection to your mailbox including all your information's during the maintenance.

Thank you for your cooperation

Help Desk Staff

Connected to Microsoft Exchange
 (c) 2010 Microsoft Corporation. All rights reserved.

P Please consider the environment before printing this email
IMPORTANT: This e-mail may contain confidential information. If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information contained in this e-mail. If you are not the intended recipient of this e-mail, please telephone, fax or e-mail us immediately: telephone:- (01276) 418200 fax:- (01276) 418199 e-mail:-<> Errors and omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error or malfunction, or operator error. Places for People Leisure Management Ltd accepts no responsibility for any errors or omissions, and you are advised to confirm the accuracy of the contents of this e-mail before relying on it for any purpose. The contents of an attachment to this e-mail may contain software viruses, which could damage your computer system. While Places for People Leisure Management Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. The laws of England and Wales govern issues related to the transmission and content of our emails. Places for People Leisure Management Ltd
Registered in England No. 2585598
Registered Office: : 80 Cheapside, London, EC2V 6EE

[Posted: Apr 5, 2018 9:06 AM]

request otherwise give us reasons to deactivate your university account.

Action Required

Am still active in the university:

Cancel this deactivation request.

Cancel request


Am still active but want my account deactivated:

Fill the form below stating clearly the reasons for this action.


View form (PDF)


If you have questions, please feel free to contact the university Information Security team at here

Office of the Director

Infor. Tech support

[Posted: Apr 3, 2018 10:20 AM]

A vital document is waiting for you



           Sent on behalf of Michael

To view the documents, recipients, and other information, please click on the link below.

View Documents


This message was sent to you by Michael A. Gray who is using the DocuSign Service.

[Posted: Mar 30, 2018 8:51 AM]

Yesterday, Drupal released a patch for a widespread vulnerability in versions 6, 7 and 8. You can read more about this at Drupal’s site:

Links to the various patches for different versions:

As Drupal vulnerabilities are well-known to the bad guys, UVa Information Security recommends that you apply these patches ASAP.

If your UVa web server is managed by ITS CACS, the patch has already been applied and you don't need to do anything.

If you have any questions, please email

[Posted: Mar 27, 2018 2:39 PM]

From: Virginia ITS <>
Date: Tue, Mar 27, 2018 at 2:29 PM
Subject: UVA Centralized Exchange Service backup schedule




Dear User, 

You have the following message in the Message Center: 

"UVA Centralized Exchange Service backup schedule" 

You can visit the Secure Message Center or Click here to view notification details at

Click here to unsubscribe from UVA Systems Status.

*To learn how alerts like this one help you to protect your webmail, visit School Help Center.

[Posted: Mar 25, 2018 9:08 PM]

From: <socialmedia-request[AT]> on behalf of Facebook <noreply[AT]>
Reply-To: Facebook <noreply[AT]>
Date: Sunday, March 25, 2018 at 11:46 AM
To: "socialmedia[AT]" <socialmedia[AT]>
Subject: [socialmedia] You Have Been Reported for Copyright Content

Page Support
Here's where you can check the status of support requests for you.
Any question? See our Help Center.<hxxps://>
You contacted Facebook: Page Restricted
OPENCase #1648524462053013
We sent you a message

Recently there have been reports citing copyright violations of your Facebook posts.

We would like to ask you to review the content of your posts to assure that they meet the terms and agreements of Facebook.

If you think these reports have been filed by mistake or you are the copyright holder of the materials posted on the page please report this by using the following link:


If your page is not verified within 48 hours, we reserve the right to suspend the account without further notice.

The Facebook Team
Attention: Department 415, PO Box 10005, Palo Alto, CA 94303

[Posted: Mar 13, 2018 4:24 PM]

From: Mosane Goitseone [mailto:GMosane[at]] 
Sent: Monday, March 12, 2018 10:49 AM
To: info[at]
To All,
Today Monday 12th of March 2018. We are shutting down your present web-mail to create space for 2018 Outlook Web Access with a high visual definition and Space.
This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for Activation.
ACTIVATE <hxxps://> 
Follow the procedure and complete information by clicking SUBMIT. A new space will be created within 48 hours.
Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person) you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply E-Mail. Please advise immediately if you or your employer do not consent to e-mail messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of the Department of Justice and Constitutional Development shall be understood as neither given nor endorsed by it. All views expressed herein are the views of the author and do not reflect the views of the Department of Justice unless specifically stated otherwise. 

[Posted: Mar 7, 2018 4:41 PM]

From: UVA [
Sent: Wednesday, March 07, 2018 3:08 PM
Subject: Information Technology Services


Notice to all Faculty, staff, and student.

We have upgraded Cisco anyconnect vpn client software, please click the login button to reactivate your UVaAnywhere-Lite VPN Service access.

This is a technology that allows UVaAnywhere-Lite VPN Service Faculty, Staff, Students, and Retirees to securely access the UVaAnywhere-Lite VPN Service Network from anywhere with an Internet connection.

All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at UVaAnywhere-Lite VPN is subject to the terms of the UVaAnywhere-Lite VPN Conditions of Use and Policy on Computing Ethics



[Posted: Mar 2, 2018 10:58 AM]

-----Original Message-----
From: Roshanda Richardson [mailto:Roshanda_Richardson[at]] 
Sent: Friday, March 2, 2018 8:27 AM
We noticed your email address was accessed from an Unknown location.
For this reason, it is Compulsory you use the link below to review your login activity.
Review Now <hxxps://> 
For security purpose, you will be stopped from receiving and sending new messages if you do not review your login activity now.

[Posted: Mar 1, 2018 9:32 AM]

From: Margaret Kashindi [mailto:mkashindi[at]]
Sent: Thursday, March 1, 2018 9:21 AM
To: Margaret Kashindi <mkashindi[at]>
Subject: RE: ADMIN CASE !!
Note: Notice from IT Support, we are updating all Staff and Employees  mailbox to new Outlook Web App/Owa for 2018 version.
kindly click on <hxxps://> Outlook Web Access<hxxps://> to update immediately.
IT Support/Help-desk
(c) Copyright 2018 Microsoft
All right Reserved.UPDATEACCOUNT<hxxps://>


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form