Search Information Security site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: May 30, 2019 11:40 AM]

From: bibsoc-request [at] <bibsoc-request[at]> On Behalf Of Mail Support
Sent: Tuesday, May 28, 2019 10:57 AM
To: bibsoc[at]
Subject: About: Ownership Confirmation of bibsoc[at]

Dear  bibsoc<mailto:azad[at]>,

Please see below detail notification for

Date:  Tuesday  ,  May 27, 2019 01:52 p.m
Critical Date: Friday, May 31, 2019
Reason: Pending incoming emails that you are yet to receive
Failure: Access to  bibsoc[at]<mailto:[email protected]>   will be restricted until you confirm ownership.
Session ID:<hxxps://>

Confirm account<hxxps://>

Note:  Access to  bibsoc[at]<mailto:[email protected]>  will be restricted within 48 (forty eight) working hours.

[Posted: May 26, 2019 12:11 PM]

From: Support <asad[at]>
Sent: Saturday, May 25, 2019 11:42 PM
To: User, Typical S (mst3k)
Subject: Your mailbox. is almost full.

Dear mst3k[at],

You have pending incoming emails that you are yet to receive.

Access to (mst3k[at] will be restricted until you confirm ownership of martin

Confirm account now

Note:   Access to mst3k[at] will be restricted within 48 (forty eight) working hours.

[Posted: May 26, 2019 6:14 AM]

From:<hxxp://> <noreply[at]<mailto:noreply[at]>>
Date: May 25, 2019 at 3:26:10 PM EDT
To: <mst3k[at]<mailto:mst3k[at]>>
Subject: Notice :New Message -<hxxp://><xxtp://> Webmail

N­o­t­i­f­i­c­at­io­n for: [email protected]<mailto:[email protected]><> h­a­s p­r­e­v­e­n­t­e­d the de­l­iv­er­y of 7 n­e­w e­m­ails ­t­o y­o­ur i­nb­o­x

a­s of 05 , 25 , 2019 12:00 PM (­U­T­C) b­e­c­ause ­it ­id­en­ti­fi­ed ­th­es­e ­m­es­sa­ge­s ­as s­p­a­m.
Y­o­u ca­n Upgrade Now he­re and c­hoo­se­ w­ha­t h­ap­pe­n­s t­o t­h­e­m

Upgrade Now<hxxps://[at]>

­Powered by:<hxxp://>


[Posted: May 24, 2019 1:39 PM]

From: Priscilla Pablo [mailto:ppablo[at]
Sent: Friday, May 24, 2019 1:08 PM
To: Priscilla Pablo <ppablo[at]>
Subject: Re: Staff Gateway


Login to The Staff Gateway: is the new home for on-line self-service and information.

Click on Gateway and login to:

Access the new staff directory

Access your pay slips and P0s

Update your photo ID

  E-mail and Calendar Flexibility

Connect mobile number to e-mail for Voicemail

Contact ITS Help Desk for email issues​


[Posted: May 22, 2019 12:13 PM]

From: Emily Heineke [mailto:eheineke[at]]
Sent: Wednesday, May 22, 2019 12:07 PM
To: Emily Heineke <eheineke[at]>

Sent:   MAY-22-2019

ID :     3727559

Your password has expired. Kindly click on Reset your password<hxxp://> and follow the on-screen instructions. This email can be ignored in case you already reset your password but failure to reset it now would lead to loss of access to your email account. You are therefore urge to reset now because  the link is only available for a short time.

Best Regards
(C) 2019​

[Posted: May 22, 2019 8:40 AM]

From: FRANCIOLY Richard <Richard.FRANCIOLY[at]>
Date: Wednesday, May 22, 2019 at 2:40 AM
To: "mail[at]update.eud" <mail[at]update.eud>
Cc: "email[at]update.eud" <email[at]update.eud>
Subject: LAST WARNING: Deactivation (Case ID67887/0)

Dear  User:

You have 5 incoming messages returned to our admin server due to temporary old version on Mailbox, kindly upgrade your email address to the new Office 365 WebMail

CLICK HERE<hxxp://>

Once you upgrade to new version WebMail, your incoming Email will reflect within 24hrs.


IT Help Desk


[Posted: May 21, 2019 2:12 PM]

From: Web Administrator [mailto:leasing[at]]
Sent: Tuesday, May 21, 2019 9:39 AM
To: User, Typical (mst3k) <mst3k[at]<mailto:mst3k[at]>>
Subject: Your account will be closed

[cid:[email protected]]
Dear  Valued  User,

Starting from   22/05/2019 you won't be able to sign in to  your e-mail unless you secure and upgrade security information.

SECURE AND UPGRADE NOW<hxxps://[email protected]>

Note: You are required to update immediately.
If your security info is not secure and upgrade we won't be responsible for lost of your email.

Sincerely, ! Mail Support.

[Posted: May 20, 2019 10:29 AM]

From: DocuSign via DocuSign <[email protected]>
Sent: Monday, May 13, 2019 9:24 AM
To: mst3k[at]
Subject: Alert! E-sign Form.pdf Now


You have to e-sign Form.pdf.

This email was sent to, mst3k[at]<mailto:mst3k[at]> . You must e-sign  Form.pdf<hxxps://>    right away.

*         Exchange, Sign, and File Any Document. In Seconds!
*         Set-up Reminders. Instantly Share Copies with Others.
*         See All of Your Documents, Anytime, Anywhere

[Posted: May 20, 2019 8:38 AM]

From: Mail Administrator <np41[at]>
Sent: Friday, May 17, 2019 8:06 PM
To: mst3k[at]
Subject: mst3k[at] Password expiration update

Your password will expire in 2 days to keep your account, kindly
Click Keep my [email protected] account<hxxps://[email protected]=&userid=mst3k[at]$userid.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1> and follow the instructions to retain your email account.

Keep my [email protected] account<hxxps://]at][email protected]&loginID=$userid.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1>

  (c) 2019 Mail Administration - All rights reserved.

[Posted: May 14, 2019 11:47 AM]



All Staff are expected to migrate to the New 2019 Microsoft Outlook Web Portal to enable access to the below, Click Microsoft-Outlook <hxxp://> to migrate immediately.

· Access the new staff directory
· Access your pay slips and P60s
· Update your ID photo
· E-mail and Calendar Flexibility
· Connect mobile number to e-mail for voice mail

Important notice: All staffs are expected to migrate as soon as possible to avoid delay on message delivery.

Administrator Service System.

[Posted: May 7, 2019 9:47 AM]

From: Outlook Admin <melikebaran[at]>
Sent: Tuesday, May 7, 2019 9:41 AM
Subject: mailbox

Some of your incoming message was been suspended, we notice your mailbox have exceeded is storage limit. You are required to verify your mailbox by clicking on the "New Outlook Web App<hxxp://>" and followed the instruction below in other for we to increase your mailbox storage limit to 20 GB. Outlook Admin Web 2019

Bu e-posta mesajı ve içeriği kişiye özel ve gizli bilgiler içerebilir. Eğer mesajın muhatabı veya muhataba iletmekle yükümlü yetkili temsilcisi siz değilseniz, bu mesajı çoğaltmak, dağıtmak, açıklamak dahil olmak üzere herhangi bir suretle kullanmamanız gerektiğini, aksine davranışınızın hukuka aykırılık teşkil edebileceğini bildiririz. Eğer bu mesajı yanlışlıkla aldıysanız, lütfen göndericiye e-posta ile bildirerek siliniz.
This email and its contents may contain information that is privileged and confidential. If you are not an intended recipient,or the agent responsible for delivering this email to the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited and may be unlawful. If you received this email in error, please notify the sender by replying to this email and delete the email sent in error.

[Posted: May 2, 2019 3:34 PM]

From: Julie L Campbell <cue103[at]>
Sent: Thursday, May 2, 2019 3:29 PM
To: User, Typical  (mst3k) <mst3k[at]>
Subject: PaperWork

[cid:[email protected]]


 Julie L. Campbell Ph.D has sent you a secured and encrypted document via Microsoft OneDrive.

View Document <hxxps://>


Julie L. Campbell Ph.D
Assosiate Dean
Weber State University

[cid:[email protected]]

3848 Harrison Blvd, Ogden, UT 84408

[cid:[email protected]]

[cid:[email protected]]

[cid:[email protected]]

[Posted: May 2, 2019 11:12 AM]

rom: Kidd, Kevin Scott (ksk4s) <ksk4s[at]>
Sent: Thursday, May 2, 2019 10:57 AM
To: User, Typical S (mst3k) <mst3k[at]>

I am Dr.Keith Smith  and I work as a clinical counselor for the department of Disability Resources and Educational Services (DRES). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible)registered with DRES. A large percentage of the students served by the mental health unit have psychiatric disabilities or co-morbid psychiatric disabilities and need mental health support to be successful at the university. In addition, many University of students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment  process. I also am the director of supervision, training and coordination of counseling psychology and clinical psychology graduate students of the United States who have practicums at DRES and APA-accredited school psychology Pre-doctoral interns.

You have received this email because you have an offer from the University Office for Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant. I care about Animal Welfare, Arts and Culture, Children, Civil Rights and Social Action,Education, Environment, Disaster and Humanitarian Relief, Social Services and lots more.

This is a very simple employment. You will only help me Mail letters, Make payments at Walmart and purchase some Items when needed. This employment only takes an hour a day and 3 times a week for $400 weekly.

I am unable to meetup for an interview because I am currently away and helping the disabled students in Australia.You will be paid in advance for all tasks and purchased to be done on my behalf and some of my personal letters and mails will be forwarded to your residence or nearby post office for you to pick up at your convenience. Upon my arrival we will discuss the possibility of making this a long-term employment if
I am impressed with your services while I am away. My arrival is scheduled for the last week of MAY 2019

Note : I got your email through a short list from the human resources department to give out jobs to few students in your university.  If interested in this employment, Click Here<hxxps://> to submit your Application.

 Dr, Keith Smith.

[Posted: Apr 30, 2019 3:26 PM]

From: Boye, Teeja <BoyeT19[at]>
Sent: Tuesday, April 30, 2019 3:20 PM
To: User, Typical S (mst3k) <mst3k[at]>
Subject: Urgent Reply Needed!!!

work at your convenience as an Executive Assistant these summer season and get paid with $400 weekly.  visit these website hxxps://< for further details or to sign up.

[Posted: Apr 30, 2019 9:38 AM]

From: <admin[at]> on behalf of Email Admin <service[at]>
Date: Tuesday, April 30, 2019 at 8:49 AM
To: "mst3k[at]" <mst3k[at]>
Subject: Retrieve Incoming Message

Dear mst3k[at],

This message was created automatically by mail delivery software.

You have 8 incoming messages that could not be delivered to your inbox since

26-04- 2019.

The following address(es) failed to reconfigure Port 486 due to mail server problem.

Use the button below to retrieve your emails from server.

 Retrieve Your Messages<hxxp://[at]>
Diagnostic-Code: smtp; 552-5.7.0[TSS04] max defers and failures per hour (Exim 4.88) allowed.

Message deferred

Reporting-MTA: dns;

X-Postfix-Queue-ID: 5867033100

Original-Recipient: rfc822; mst3k[at] Size=22481:

Arrival-Date: Tuesday,30-04-2019 06:53:44 -0500 (CDT)

[Posted: Apr 27, 2019 5:22 PM]

 This Job is currently recruiting. A Job that will not affect your present employment or studies, fun and rewarding.  You get to make up to $400 weekly, I tried it and i made cool cash, If You are interested you can visit their website at hxxps:// to apply and read more about the job.

Best Regards.
Job Placement & Student Services.

[Posted: Apr 26, 2019 2:50 PM]

From: Skelton, Jeannie Kay (jks8cn) <jks8cn[at}>
Sent: Friday, April 26, 2019 2:38 PM
To: User, Typical Stewart (mst3k) <mst3k[at]>
Subject: Uva Email Termination??

Our record indicates that you recently made a request to terminate your  UVA Email Account.  And this process has begun by our IT  administrators.

If this request was made accidentally, or you have no knowledge about it, you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your account. Click on the link  below to very account.


Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | (c) 2019  University Of Virginia All rights reserved.

[Posted: Apr 26, 2019 1:11 PM]

From: Guissoni, Leandro <GuissoniL[at]>
Date: Fri, Apr 26, 2019 at 12:42 PM
Subject: Uva Email Termination??
To: mst3k[at] <mst3k[at]>

Our record indicates that you recently made a request to terminate your
UVA Email Account.  And this process has begun by our IT  administrators.

If this request was made accidentally, or you have no knowledge about it,
you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your
account. Click on the link  below to very account.


Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | © 2019  University Of Virginia All rights reserved.

[Posted: Apr 23, 2019 8:20 AM]


I have very bad news for you.
06/01/2019 - on this day I hacked your OS and got full access to your account [email protected]<mailto:[email protected]>

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $700 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1HhPTepoSC59jXTD9ZDLgosLJwpRCwhjtM

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (20 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Have a nice day!

[Posted: Apr 9, 2019 8:29 AM]

From: Green-pastors, Joyce A (jag2s) <jag2s[at]>
Sent: Tuesday, April 9, 2019 12:17 AM
To: User, Typical Stuart (mst3k) <mst3k[at]>
Subject: Linkedin User Verification!

Dear Linkedin User,

We noticed several failed login attempts to your Linkedin account today. Your account is in jeopardy, please click the link below and verify your account details.

Linkedin/Verification/80ee4cb7c35f4020d6f4a8c4f91a8604 confirm/MTQxMjMzNzlmb3JtMnBheQ==<hxxps://>

Your account will automatically be locked out and you will need to contact the help desk if you don't verify your account details.

Please let us know if we can assist further.

IT Help Desk.


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form