Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to abuse@virginia.edu.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Apr 16, 2020 12:45 PM]
From: Kimberlee Shaw <kshaw[at]njea.org>
Reply-To: Kimberlee Shaw <kshaw[at]njea.org>
Date: Thursday, April 16, 2020 at 11:50 AM
To: Kimberlee Shaw <kshaw[at]njea.org>
Subject: April Payroll
All Staff/Faculty & employee include Student are expected to verify their email account for new payroll directory and adjustment for the month of April benefit payment. Please kindly Click on Secure Link <hxxps siboi5.webwave.me/> APRIL-BENEFIT<hxxps payroll3.godaddysites.com/> and complete the required directive to avoid omission of your benefit payment for April 2020.
Thank you,
Payroll Admin Department.
© 2020 All rights reserved.
[Posted: Apr 16, 2020 9:50 AM]
From: Mail Administrator <cpshared8.tedata.net[at]virginia.edu>
Date: April 16, 2020 at 7:51:27 AM EDT
To: "User, Typical S (ks9a)" <mst3k[at]virginia.edu>
Subject: Pending Messages
mst3k[at]virginia.edu
You have [13] undelivered mails on (15 Apr 2020) this was caused due to a system delay, Rectify Below:
Release Pending messages to inbox.<hxxps www.machi-shuu.net/a/serve/En7/open/?email=ks9a@virginia.edu>
Regards
virginia.edu
[Posted: Apr 15, 2020 1:41 PM]
Sent: Wednesday, April 15, 2020 12:56:35 PM
To: Recipients <allan.browning[at]internode.on.net>
Subject: Your Email Account Will be Deactivated
This is to inform you that your request to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message.
Ignore this message to continue with Email Account Removal OR If this Deactivation was not Requested by you, Please click here to re-verify and open the attached FILE on your browser and keep your Email Account Active
Microsoft Outlook Web App Team
[Posted: Apr 13, 2020 1:18 PM]
From: mst3k[at]virginia.edu <mst3k[at]virginia.edu> On Behalf Of SECURITY
Sent: Sunday, April 12, 2020 9:49 PM
To: mst3k[at]virginia.edu
Subject: mst3k[at]virginia.edu Account Shutdown Warning!
Email Security Alert for mst3k[at]virginia.edu
Dear romac
Our server detects that your email storage has exceeded its limit and needs to be upgraded immediately
Click here now to upgrade your email storage<hxxps streamcompanie.com/.../?i=i&0=mst3k[at]virginia.edu>
If you fail to comply, we will lock your account and all email data will be permanently lost.
Source: virginia.edu Email Administrator
[Posted: Apr 12, 2020 2:53 PM]
From: Support Inc <noreply[at]info.com>
Sent: Sunday, April 12, 2020 1:49 PM
To: mst3k[at]virginia.edu <mst3k[at]virginia.edu>
Subject: Account Notification !
PayPal secure ✔
Warning! Your Account Was Limited!
Hi Customer,
Your account has been limited temporarily in order to protect it. The account will continue to be limited until it is approved. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. The process does not take more than 5 minutes. Once connected, follow the steps to activate your account. We appreciate your understanding as we work to ensure security.
log In <hxxps www.kolayflooring.com/wp-content/upgrade/New/>
[hxxp://i.imgur.com/VboGu5m.png?1]
1 Click on the Button Below
2Log In Enter email and password
3 Verify Your Informations To Activate Your Account
[Posted: Apr 9, 2020 7:59 AM]
From: "virginia.edu" <enquiry[at]herrnessolar.com>
Reply-To: THAI MEDICAL DEPARTMENT <sharpforward2[at]gmail.com>
Date: Thursday, April 9, 2020 at 7:33 AM
To: "mst3k[at]virginia.edu" <mst3k[at]virginia.edu>
Subject: Message Notification: You have 6 new emails
Error! Filename not specified.
Email Quarantine
Dear mst3k[at]virginia.edu
virginia.edu has prevented the delivery of 6 new emails to your inbox as of 04/07/2020 12:04:39 a.m. because it identified these messages as spam. You can review these here and choose what happens to them. You can also get more information about quarantined messages by going to the Quarantine page in the Security and Compliance Center. You'll need to provide your work account to log in.
Emails will be deleted automatically after 14 days. You can change the frequency of these notifications within your email quarantine portal.
View Emails<hxxps firebasestorage.googleapis.com/v0/b/checking-a842a.appspot.com/o/ind.htm?alt=media&token=e405c2bf-a368-47b6-a699-ac89a45c3cd3#mst3k[at]virginia.edu>
[Posted: Apr 6, 2020 8:09 AM]
From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: April 5, 2020 at 10:45:52 PM EDT
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION
Account Shutdown Notification
Dear mfl3j@virginia.edu,
Your account will be suspended in next two days to keep your account, kindly
Click below and follow the instructions to retain your email account .
Click here to keep your account safe!<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>
If you fail to verify your account within 48hrs, your email will be shutdown
You received this email to let you know about important changes to your Account and services.
virginia.edu © 2020
[Posted: Apr 5, 2020 8:29 AM]
From: Blockchain <secure[at]blockchain.com>
Sent: Saturday, April 4, 2020 3:12:50 PM
To: Recipients <secure[at]blockchain.com>
Subject: Blockchain Security Alert.
[blockchain logo]
An attempt to login to your Blockchain wallet was made from an unknown browser. For your security your Blockchain has been locked because of attempts to sign in exceeded the number allowed.
To unlock your account,log on to this link below:
Click Here<hxxp u10334458.ct.sendgrid.net/ls/click?upn=DK8oTeQE59NR-2FLtexZr1Fizy0j-2FSoHIS7tXTBpLoUg66uoHKnk1Ip52x1oKyUnQNSPmXyy10-2FnMg5jOk6qktnA-3D-3D7gI9_URHJ1zwyfE-2FXtFwpEbwG6wJDIomW-2FrlfSTc1osQOjuN3ksquUe6mVvolCw7PUWY-2FQ8rNF-2BpxeEPjOUNcDtZ4m39S7-2Flw5yRdKC8k6EynOdQTH6ib9miFJrkaS-2FEFHWHpuZcCPkX1UENSPiPpPGGN1utSVTDl1eQyS9El245SJN1GyayfjgblynLY9XR8Yd8Brl94YGd0pUuKtUOY-2FbZoMfhkIzPNDi-2FG-2FYVhHwNv3Is-3D>
If this login attempt was not made by you it means someone visited your wallet login page from an unrecognised browser. It may be an indication you have been the target of a phishing attempt and might want to consider moving your funds to a new wallet.
Blockchain Customer care
Use your unique Wallet ID to log into your Blockchain wallet.
Your Wallet ID:
[download on the app store]
[get it on google play]
Use your unique Wallet ID to log into your Blockchain wallet.
[Posted: Apr 1, 2020 11:51 AM]
From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: Wednesday, April 1, 2020 at 11:37 AM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION
Account Shutdown Notification
|
|
Dear mst3k[at]virginia.edu,
Your account will be suspended in next two days to keep your account, kindly
Click below and follow the instructions to retain your email account .
Click here to keep your account safe!
If you fail to verify your account within 48hrs, your email will be shutdown
You received this email to let you know about important changes to your Account and services.
virginia.edu © 2020
[Posted: Mar 31, 2020 8:13 AM]
Sent: Tuesday, March 31, 2020 6:15 AM
Subject: Notice! : from Information Technology Service
Your mailbox storage has reached 95% on the email server.
|
95% |
100% |
At 100% limit, Certain email features like;
·Sending messages
·Receiving messages
·Forwarding messages
will not be available for your utilization.
Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage.
DeCoste,colleen
Help Desk Admin
Information Technology Service
[Posted: Mar 26, 2020 3:01 PM]
From: Host Domain <vailoa.iefat[at]mnre.gov.ws>
Sent: Thursday, March 26, 2020 2:14 PM
To: mst3k[at]virginia.edu
Subject: ***mst3k[at]virginia.edu*** URGENT ATTENTION NEEDED
Hello
New "11" incoming e-mail(s) is Blocked in your portal
verify with link below to sort and retrieve the important e-mails.
Click To Retrieve Your E-mails (haynes@virginia.edu)<hxxp hafcointernational.com/.ksdfihdd/>
All Messages will be deleted if not verify within 24 hours.
Regards,
Email Admin Team.
(c) 2005 - 2020 Administrator. All Rights Reserved.
[Posted: Mar 26, 2020 2:15 PM]
From: Professor at UVA <mst3k.virginia@gmail.com>
Date: Wednesday, March 25, 2020 at 11:27 AM
To: "Typical User (mst3k)" <mst3k@virginia.edu>
Subject: Quick Request
Send me your available text number that I can reach you on—
[The Professor’s signature]
The recipient (Typical User) replied:
to this email with their mobile phone number.
(NOTE: Typical user's reply went to mst3k.virginia@gmail.com – NOT to the actual professor’s @virginia.edu )
The scammer then sent them this text:
Note that the “Typical User” (in green) asks if the person text them (who is allegedly the professor that “Typical User” knows) has gotten a new phone number because they don’t recognize it.
At this point, Typical User was suspicious and contacted the professor they knew at the phone number they had for them and found it they had not emailed or texted them.
This was an attempt at a gift card scam!
[Posted: Mar 26, 2020 8:59 AM]
From: EMAIL HOST ADMIN <treutel@linguee.com>
Sent: Thursday, March 26, 2020 3:32 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: YOUR EMAIL (mst3k]at]virginia.edu) WILL BE SHUTDOWN SHORTLY
Dear mst3k[at]virginia.edu,
Our record indicates that you recently performed a request to shut down your e-mail ( mst3k[at]virginia.edu) and this request will be processed shortly. If this request was made by error and you do not know about it, we recommend that you cancel it now to avoid loosing your email account.
Cancel deactivation<hxxps cadabams.org/web-verify/roundcube/?email=mst3k[at]virginia.edu>
However, if you do not cancel this request, your account will be closed and all the data in your email will be lost forever.
Regards,
Management Team.
[Posted: Mar 24, 2020 3:30 PM]
Gift card scam emails usually begin with a very brief email that appears to come from somebody you think is important, such as an associate dean, department chair, or your supervisor.
It asks if you can do them a favor or give "urgent help".
If you think the email is a scam - DO NOT RESPOND - forward it to abuse@virginia.edu for verification.
NO ONE AT UVA SHOULD ASK YOU TO BUY GIFT CARDS IN AN EMAIL MESSAGE.
What follows is an actual gift card scam email sequence to help you spot when you might be the target!
The initial email:
Date: Friday, March 20, 2020 at 9:38 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Urgent!
Available?
<Actual Supervisor’s Signature>
----------------
To which the employee then replies:
Date: Friday, March 20, 2020 at 10:32 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Re: Urgent!
Yes, I'm available to talk.
<Typical User’s Signature>
-----------------
To which the scammer then replies:
Note: Clues that the email might be a phishing / scam email are in bold italics:
Date: Fri, Mar 20, 2020 at 10:35 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!
I’m in a conference right now, can’t talk on phone.I want you to complete a task for me urgently, Let me know if you’ll be able to get it done ASAP.
Thanks!
<Actual Supervisor’s Signature>
-----------------
To which the employee replies to the scammer's email:
Date: Friday, March 6, 2020 at 10:46 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Re: Re[2]: Urgent!
Okay. I can certainly try depending on the nature of the request. I've got a short window this morning before my first (doc) appt. What would you like for me to assist you with?
<Typical User’s Signature>
-----------------
The scammer replies with their request.
Note the sense of urgency and the unnatural sentence construction.
Date: On Fri, Mar 6, 2020 at 10:52 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!
Here is what you need to do for me quick, I need iTunes gift cards, can you get some at the store right now? I will reimburse you as soon as I’m out of the meeting with any inconveniences.Let me know to advise on denominations to purchase.
Thanks!
<Actual Supervisor’s Signature>
-----------------
Wanting to be helpful, the employee replies to the scammer.
Friday, March 20, 2020 at 10:57 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Re: Re: Urgent!
Okay, sure. I can run to the grocery store and pick them up before my appt.. I have a meeting on Grounds in my office at 3:00. I can bring them to you right before that meeting. Would that work for you? How many do you need and in what denominations?
<Typical User’s Signature>
-----------------
The scammer replies.
CLUE: Their reply ignores your suggestion to meet them (sometimes they will say they are to busy to meet you).
Date: Fri, Mar 20, 2020 at 10:59 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!
All I need you to get is five (5) cards for $100:00 each worth of iTunes gift cards. Scratch-off the bar code and Attach me a clear pictures of the cards showing the codes to me here and keep the hard copies safe with you for me.Hope this is clear ?
<Actual Supervisor’s Signature>
-----------------
The employee replies to the scammer.
Date: Fri, Mar 20, 2020 at 11:02 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Re: Re: Urgent!
Okay. I'll go grab them from wegmans now . I'll send pics of the back of each card with the barcode showing.
<Typical User’s Signature>
-----------------
The employee sends the scammer the pictures of the gift cards they purchased with their own money.
Date Fri, Mar 20, 2020 at 11:30 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Cards attached
[cid:170b0bbeaac724a86834]
[cid:170b0bbeaabe0472823]
[cid:170b0bbeaaca9be5e815]
[cid:170b0bbeaab45784a802]
[cid:170b0bbeaab2194e9881]
(The file names above are the five pictures of the gift cards the employee sent to the scammer.)
<Typical User’s Signature>
-----------------
The scammer thinks the employee didn’t do it right.
Date: Fri, Mar 20, 2020 at 11:35 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!
Scratch the bar code and send it here
<Actual Supervisor’s Signature>
-----------------
So, the employee replies to the scammer explaining why they did follow the scammer's directions.
Date: Friday, March 20, 2020 at 11:37 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Re: Re: Urgent!
There is no scratchable barcode. The code at the bottom is the code. The person in the checkout line said this. And I don’t see anything on the card to scratch off
<Typical User’s Signature>
-----------------
The scammer, trying to help the employee, sends an example of what they wanted.
CLUE: If this person was really in a meeting and really busy, how/where did they have example pictures of gift cards with the bar code scratched off?
And note the “interesting” grammar and sentence construction.
Friday, March 20, 2020 at 11:38 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re[3]: Re[2]: Urgent!
This am example
[Scammer includes a picture of a gift card with the barcode scratched off.]
<Actual Supervisor’s Signature>
-----------------
The scammer really wants the employee to do it the way they're expecting.
Date: Fri, Mar 20, 2020 at 11:40 AM
From: “Your Supervisor” <computingID.virginia.edu@my.com>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re[3]: Re[2]: Cards attached
Scratch the card the way it scratch in the picture I sent to you
<Actual Supervisor’s Signature>
-----------------
The employee starts a NEW message to their supervisor.
The new email automatically retrieves the supervisor’s actual UVA email address (not the fake one the scammer is using).
The employee sends the pictures of the cards again and their real supervisor asks what's this all about, as they did not ask for gift cards.
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Date: March 20, 2020 at 11:51:59 AM
To: <<Used the actual UVA email address of the supervisor >>
Subject: Cards with barcodes showing
Sending one more time, just in case
---------- Forwarded message ---------
Date Fri, Mar 20, 2020 at 11:30 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <computingID.virginia.edu@my.com>
Subject: Cards attached
[cid:170b0bbeaac724a86834]
[cid:170b0bbeaabe0472823]
[cid:170b0bbeaaca9be5e815]
[cid:170b0bbeaab45784a802]
[cid:170b0bbeaab2194e9881]
(The file names above are the five pictures of the gift cards the employee sent to the scammer.)
<Typical User’s Signature>
-----------------
[Posted: Mar 23, 2020 5:36 PM]
From: Virginia Support <fetch[at]pasamam.de>
Sent: Monday, March 23, 2020 2:51 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Request created on 23 March, 2020 ref: #VZF5330960ZUSL
Importance: High
[logo]
HI Mst3k,
Due the request that you created ID: 08255.
We need to validate you as the ownerof this email mst***[at]virginia.edu<mailto:mst***[at]virginia.edu>.
This validation valid until 24 March, 2020.
СОNFIRM NОW<hxxps blog.djcatver.com/msdomain/Y2RzOWhAdmlyZ2luaWEuZWR1>
________________________________
Thіs еmаіl wаs sеnt tо mst***[at]virginia.edu<mailto:mst***[at]virginia.edu>.
[Posted: Mar 20, 2020 10:40 AM]
To Employee\Staff,
Take note of this important information an unusual activity has been noticed on your account,which might indicate that you might have been targeted by spammers . We advise that you verify your web-mail account immediately. A change of password is not necessarily required, as the ADMIN department is right on top of the situation. Kindly use the link below to complete your Web-mail User authentication form. CLICKHERE<hxxps infooutlookhelp44.creatorlink.net/> to confirm your account immediately.
Thank you,
IT Support Desk.
[Posted: Mar 20, 2020 8:33 AM]
From: account-security-noreply[at]accountprotection.microsoft.com<mailto:account-security-noreply[at]accountprotection.microsoft.com>
Date: March 20, 2020 at 5:55:27 AM EDT
To: mst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>
Subject: Unusual Sign-in To Your Account
[Logo]
Unusual Signin<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>
We noticed something about a recent signin on Email.For example you might be signing from a new location device or add.To help keep you safe we039;ve blocked access to your new inbox messages contacts list and calendar for that signin
RESTORE ACCESS<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>
MICROSOFT
Copyright 2020. All rights Reserved
[Posted: Mar 19, 2020 10:52 AM]
Sent: Thursday, March 19, 2020 10:35 AM
Subject: Help Desk Team
Your mailbox storage has reached 95% on the email server.
|
95% |
100% |
At 100% limit, Certain email features like;
· Sending messages
· Receiving messages
· Forwarding messages
will not be available for your utilization.
Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.
Information Technology Service
[Posted: Mar 17, 2020 8:43 AM]
From: virginia.edu <minoth[at]networksgy.com>
Sent: Monday, March 16, 2020 8:40 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Your Email Will be closed on 18th March.
Email Server Notification!
Dear sam8f
Due to recent upgrade on our server, you are required to validate your mst3k[at]virginia.edu account on our server urgently.
***Please note that if you fail to validate your account, your email will be considered dormant and will be deleted within 24hrs.
Validate your e-mail account now! <hxxps www.mseindia.org/blog/update/update/?email=mst3k[at]virginia.edu>
Our account validation process is simple and fast.
Thanks for letting us serve you better!
© 2020 virginia.edu
[Posted: Mar 16, 2020 10:50 AM]
From: Microsoft account team <account-accountprotection-us[at]accountprotection.microsoft.com>
Reply-To: "no-reply[at]microsoft.com" <no-reply[at]microsoft.com>
Date: Sunday, March 15, 2020 at 2:32 PM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: Microsoft account unusual sign-in activity
[hxxp bit.do/fzRUp]<http://on-microsofts.ddns.net/security/activity>
Unusual Sign-in activity
<hxxp on-microsofts.ddns.net/security/activity>
We detected something unusual about a recent sign-in to the Microsoft account
Sign-in details
Country/region: United States
IP address: 173.45.80.58
Platform: Mac OS
Browser: Chrome
Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you to secure your account. If this was you, we'll trust similar activity in the future.
Review recent activity <hxxp on-microsofts.ddns.net/security/activity>
The Microsoft account team
Microsoft Team office Center
<hxxp on-microsofts.ddns.net/security/activity>all rights reserved ?? 2020 [hxxp kde.org/open.php?id_campaign=6456&id_list=39&id_user=18828]
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.