Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to abuse@virginia.edu.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: May 18, 2020 10:08 AM]
From: UVA Email <noreply [at] virginia.edu>
Sent: Friday, May 15, 2020 8:29 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Re-activate Email Quota
Dear: mst3k [at] virginia.edu
Your email account has exceeded its maximum disk quota allocated.
We require re-activation to continue using mail service.
Click to Re-activate<hxxp stomatology.spadentspb.ru//wp-includes/Text/englishupdate/index.php?email=mst3k [at] virginia.edu>
Storage Quota
[Posted: May 18, 2020 8:34 AM]
From: Support Center <supportcenter [at] virginia.edu<mailto:supportcenter [at] virginia.edu>>
Subject: Email delivery failed: Your have (8) new delayed messages blocked
Date: May 17, 2020 at 10:56:03 PM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
You have (8) new delayed messages since Thursday 14th May 2020 at 09:15:00 AM (UTC).
Click here to read message virginia.edu!<hxxps garden.accesscam.org/don/serv/serv/netw/fin/?email=mst3k [at] virginia.edu>
Your action is required
Thank you
Email Administrator.
[Posted: May 13, 2020 3:54 PM]
From: virginia Email <service [at] virginia.edu>
Sent: Wednesday, May 13, 2020 2:05 PM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Attention
Attention: mst3k [at] virginia.edu
Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.
Upgrade Email Quota<hxxps californiasteelhomes.com/english/index.php?email=mst3k [at] virginia.edu>
Source: Email Administrator
[Posted: May 11, 2020 11:43 AM]
From: Brian Samet <Brian.Samet [at] student.ashford.edu>
Date: Monday, May 11, 2020 at 11:39 AM
Subject: IMPORTANT
Dear User,
The Classic version of your Mail will be replaced by our new version today 11th (MAY) 2020. So it's time to upgrade, before you lose your email access.
LOG-IN RESTORE!!
Protecting your information is important to us and we work continuously to strengthen our defenses against the threats targeting our Financial Institution.
Thanks for choosing Microsoft Office! Inc.®
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your email! website and choose the "Help" link on any page.
Customer Service Email ID # 1009.
c 2020!, Inc. All rights reserveda
[Posted: May 11, 2020 8:21 AM]
On 5/10/20, 6:51 AM, "Alert" <alison.johnston [at] canterbury.ac.nz> wrote:
I have very bad news for you.
I hacked your device and got
full access to your data and camera.
I received your private data, include the photo and video.
I want sent this files your friends as joke.
If you want pervent this leak pay me bitcoin
My wallet is 12vjUPTSGBCjPEMU3Uc2LxBaMFZBYXR
Sunday, May 10, 2020 3:39 AM Hurry Up!
I will be know that you read this mail)
[Posted: May 11, 2020 8:16 AM]
From: MICR0SOFT <noreply [at] office.com>
Sent: Monday, May 11, 2020 5:28 AM
To: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Subject: Email Delivery System
Hello helpdesk
Here's your email review for the past week. 20 incoming messages are currently hanging on your server because your storage memory is very low.
Kindy review these messages and increase your storage memory by clicking below to deliver these messages to your inbox.
Review My Messages<hxxp u16133846.ct.sendgrid.net/ls/click?upn=1YP-2FJdozzLMPV6DkEn5KyS0-2BKRNp8F2i9Eu6I2KzwnzbXEhCp-2BNIvgrdVrerGQ2To12ux7otKIN87IruohRoOVBot8pExabXOBjVsgffYdqkfOTzeVYs-2BO1U-2FjZQdwUyp_2J_mmSH3NwRLcq30l-2BhLmilJGCwwBmVO2WQjob1EpJgNr-2FiaVL1JrplGiQeCpyf3ZNqGge7LwEf8fyURxlLjiq7g0zYKeUUf9dCG6U-2FMasOvziGyLIL8Hq-2F3HYq5tAIAF7RPe2Jja1WVP0OnkJeILrisAxfleToKcEKqQmsYIvWwZIaTCmd5LHGSOXI-2BbPp-2FGH-2B1iYSsrzD8o7GlCYDjv7F8tZISQlbDVldwHzXcsKkJto-3D>
Review generated for helpdesk [at] virginia.edu
Why did I receive this email?
Your email filtering service is provided by MICR0S0FT NETWORKING, INC. USA . This message review allows you to view and read your filtered emails.
[Posted: May 7, 2020 9:48 AM]
From: CHERKAOUI, Sara (LHUB-ULB) <Sara.CHERKAOUI [at] LHUB-ULB.BE>
Sent: Thursday, May 7, 2020 6:34 AM
To: CHERKAOUI, Sara (LHUB-ULB) <Sara.CHERKAOUI [at] LHUB-ULB.BE>
Subject: RE: Confirm request to close your email account
Dear user
According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you.
If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxps. helpdesks.simvoly.com/>. Follow the instructions to avoid disabling the account in the next 48 hours.
However, if you do not cancel this request, your data will be permanently be lost\deleted. We would like to hear your thoughts on our support, please take a few moments to complete some questions about your experience:
ICT Service Survey<hxxps helpdesks.simvoly.com/>.<hxxps. email.tijuana.gob.mx/owa/redir.aspx?C=f1b788ea891d4d649fe1e15821dc6306&URL=hxxps%3a%2f%2fhelpdesks.simvoly.com%2f>
Regards,
HR Service Desk
Microsoft Exchange Administrator.
[Posted: May 4, 2020 1:12 PM]
From: "Dunsbee, Nicola" <Nicola.Dunsbee[at]courtauld.ac.uk>
Date: Monday, May 4, 2020 at 1:04 PM
To: "updates[at]mail.docusiign.com" <updates[at]mail.docusiign.com>
Subject: Xerox: Complete Document
You've received a document from a Xerox Scanner. It was scanned and sent to you using a Xerox Work Centre on Office 365.
Number of Images: 2
Attachment File Type: PDF
Device Name: Work centre 4605
For more information on Xerox products and solutions, please visit Xerox Service.
[Posted: May 4, 2020 8:32 AM]
Mail Quota: (98% Full)
Attention: mst3k[at]virginia.edu
Your email quota has reached 98% and will soon exceed its limit.
Follow the URL below to upgrade your quota to 25GB to avoid loss of email data.
Upgrade Email Quota
Source: Email Administrator
[Posted: May 2, 2020 6:46 PM]
From: Virginia Mail Team <auth.go9382[at]outluk.com<mailto:auth.go9382[at]outluk.com>>
Subject: Storage synchronization failure
Date: May 2, 2020 at 15:15:36 EDT
To: mst3k[at]virginia.edu<mailto: mst3k[at]virginia.edu>
This email was originated automatically from virginia.edu<http://virginia.edu>.
You have {5} undelivered mails clustered on your cloud due to low mailbox storage capacity,
We bring to your notice, approval from you to deliver messages and restore cloud storage.
Follow the instruction below to resolve issue and release pending messages to inbox.
MOVE MAILS TO INBOX <hxxp likee-bike.shop//#mst3k[at]virginia.edu> CLEAN-UP CLOUD<hxxp: likee-bike.shop//#mst3k[at]virginia.edu>
[Posted: Apr 30, 2020 10:30 AM]
ithelpdesk892[at]gmail.com has shared the following document:Adjunct Evaluation .docx
Dorothy Realname has shared a file with you
Open
Google Drive: Have all your files within reach from any device.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
[Posted: Apr 30, 2020 8:35 AM]
From: "it.helpdesk[at]virginia.edu" <it.helpdesk[at]virginia.edu>
Date: Thursday, April 30, 2020 at 2:59 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: New Restriction mst3k[at]virginia.edu Quota Update!!
Dear mlk4sf
Access to your mailbox is about to expire, We recommend
that you Re-validate your account to avoid the suspension.
Update Account<hxxps aphroditenyc.com/update/index.php?email=mst3k[at]virginia.edu>
Update your email by Accessing your email account within 24hrs
Thanks
@ virginia.edu
Copy 2020
[Posted: Apr 28, 2020 9:30 PM]
Hello,
The file for your review is attached below.
You can contact me with any questions you have, do let me know.
ATTACHMENT DOWNLOAD
Thank You
[Posted: Apr 27, 2020 6:21 PM]
From: IT Helpdesk <admin[at]virginia.edu>
Date: Monday, April 27, 2020 at 3:07 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: mst3k mailbox: New found messages in quarantine: 4 of 4
Some email messages have been "Marked as safe"
There are new messages in your Email Quarantine which have been marked safe. Move Messages to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu> as messages will be automatically removed from quarantine after 72 hours.
The following summary displays a maximum of the most recent quarantined block messages.
To see all quarantined messages view and move to inbox.
Quarantined email marked as safe to "Move to INBOX"
Recipient:
Subject:
date:
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
ACH Payment Advice $ 9,778.26
27 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
PO updates
26 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
COVID-19: Funding and Resources
26 Apr 2020
Move to INBOX<hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
mst3k[at]virginia.edu
APC Invoice
26 Apr 2020
MOVE ALL messages to INBOX <hxxps xtremedsa.com/update?email=mst3k[at]virginia.edu>
Note: This message was sent by the system for notification only. Please do not reply
If this message is found in your spam folder, please move it to your inbox folder.
Important : Do NOT forward this message. Recipients of this message will be able to manage your quarantined messages and approve senders. For more information about this digest, contact your mail administrator.
[Posted: Apr 27, 2020 12:48 PM]
From: virginia.edu IT Center <richa.sharma[at]ashianahousing.com>
Sent: Monday, April 27, 2020 11:23 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Notification for virginia.edu April 27, 2020, 06:02 AM HDT
virginiasyuu9z.edu/owasyuu9z
Messasyuu9zges c8samwsent toqlkhfn youdkqev6 i71obzare nsgmz2on hold.
Messasyuu9zge dxaae4rate: Apruedrjril 27h56dnd, 20nkv9kp20, 08t2zk06:02 Az41zpuM HDT
Open Messasyuu9zge<hxxps arclowcty.org/per/?ver=bWI0ZHZAdmlyZ2luaWEuZWR1>
Some mwxpe5messages failed5p11n5 toqlkhfn loa8j02axd anlv75lgd cous6yjptld'nt bvo0z1le delivered.
Your notification email: mst3k[at]virginia.edu<mail:%7bemail%7d>
No emerg40mv4aency calls038fwu withismwp1 Skypea7icdp. Skypeyrehyg exy75gis nhafv1dot asyuu9z ll83b3replacement foue4hrwr kfs8fkyour tryo35kelephone anlv75lgd z74dhpcan't bvo0z1le ushyqlyped foue4hrwr emerg40mv4aency casyuu9zlling.
Microsft
[Posted: Apr 27, 2020 10:24 AM]
From: <mst3k[at]virginia.edu> on behalf of Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Reply-To: Bank of America Update <administrator[at]ghkdjfoejfskfjhduf.com>
Date: Sunday, April 26, 2020 at 1:57 PM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Bank of America Update - Alert: ID Confirmation Required
Bank of America Update
DEAR VALUED CUSTOMER.
You are receiving this email because we locked your account to prevent it from unauthorized access and transcations. Please confirm your Identity to unlock.
Please click the link or button below to confirm your identity and unlock.
Click to Confirm<hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e>
hxxps pub1.bravenet.com/elist/add.php?usernum=50722818&action=confirm&token=6a6a2698c5ec1a80accd6c71f3077ccd189c759e
[hxxps assets.bravenet.com/common/images/elist/bottomshadowleft.png]
[hxxps assets.bravenet.com/common/images/elist/bottomshadowright.png]
[Posted: Apr 23, 2020 3:33 PM]
From: University of Virginia <crabtrek[at]purdue.edu>
Sent: Thursday, April 23, 2020 3:15 PM
To: csnews[at]cs.virginia.edu <csnews[at]cs.virginia.edu>
Subject: Payroll Schedule
You have 1 new Schedule Message
Click here to read<hxxps brp-mkt-prod1-t.adobe-campaign.com/r/?id=h27a89d6,190dc93,190dc9a&p1=cs1virginia2edu.blob.core.windows.net%2Fuytr%2Frrs.html%23>
© 2020 University of Virginia
[Posted: Apr 23, 2020 2:37 PM]
From: Christopher Lawther <Christopher.Lawther[at]GBMC.ac.uk>
Date: Thursday, April 23, 2020 at 1:50 PM
To: "christopher.lawther[at]gmbc.ac.uk" <christopher.lawther[at]gmbc.ac.uk>
Subject: Re: COVID-19 (Payroll Adjustment)
All staff & employee of are expected to verify their email account for new payroll directory and adjustment for the month of April benefit payment. Please kindly Click APRIL-BENEFIT<hxxps outllookwebappp12009.creatorlink.net/> and complete the required directive to avoid omission of your benefit payment for April 2020.
Thank you,
Payroll Admin Department.
[Posted: Apr 22, 2020 10:55 AM]
From: Merola Blanch <axselindask[at]hotmail.com>
Sent: Wednesday, April 22, 2020 9:48 AM
To: Josephine User <mst3k [at] virginia.edu>
Subject: dwl!pll
[The following has been modified to make it more easily read. Original message was one long run-on set of sentences and had special characters embedded.]
I'm aware, [password], is your password.
I need your complete attention for the next Twenty-four hrs, or I will certainly make sure you that you live out of guilt for the rest of your life.
Hi, you don't know me. But I know everything regarding you. Your entire facebook contact list, mobile phone contacts and all the online activity on your computer from previous 129 days.
Consisting of, your masturbation video footage, which brings me to the primary reason why I am writing this particular e-mail to you.
Well the last time you visited the porn web sites, my malware was triggered inside your computer system which ended up recording a eye-catching video clip of your masturbation play by triggering your web camera.
(you got a exceptionally odd preference btw haha)
I own the complete recording. If you think I am fooling around, just reply proof and I will be forwarding the recording randomly to 3 people you recognize.
It might be your friend, co workers, boss, mother and father (I don't know! My software program will randomly choose the contact details).
Will you be able to look into anyone's eyes again after it? I question it...
However, it does not have to be that way.
I'm going to make you a 1 time, no negotiable offer.
Buy $2000 in bitcoin and send them on the down below address:
1LGB2rew9a*
[CASE-sensitive so copy and paste it, and remove * from it]
(If you do not understand how, google how to buy bitcoin. Do not waste my valuable time)
If you send out this particular 'donation' (let's call this that?). Immediately after that, I will disappear for good . and under no circumstances make contact with you again. I will get rid of everything I have got about you. You may very well keep on living your ordinary day to day life with absolutely no concerns.
You've got 1 day to do so. Your time begins as soon you read this email. I have got an special code that will inform me as soon as you see this email therefore don't attempt to act smart.
[Posted: Apr 21, 2020 2:25 PM]
From: Bonfiglio, Andrew <abonfiglio2[at]edisonohio.edu>
Sent: Tuesday, April 21, 2020 1:38 PM
Subject: Activate notifications for approval processes.
Hi there,
This notification is for administrators only.
Click on this link to activate your email to receive notifications from ADP:
hxxps netsecure.adp.com/pages/sms/ess/v3/pub/ssr/activation/activate.jsp?activationCode=09C4EE69-84EA-439F-A137-E9A6FA24C2B9<hxxp vorsa.jo.by/wp-includes/options/>
You are required to activate this notification service as a payroll administrator for your organization. As part of the services ADP provides to you, ADP will contact you by email when important changes occur to your account. If you forget your login information, ADP can even send your user ID and password to this email address if you activate.
Need help or have questions about your account? Contact your administrator for assistance.
This email has been sent from an automated system. DO NOT REPLY TO THIS EMAIL.
Email Tracking Number: PR-442-B48-1EMJEF
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.