Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to abuse@virginia.edu.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Mar 16, 2020 8:09 AM]
From: Dcn. Lawrence Feldkamp
Sent: Friday, March 13, 2020 10:37 AM
To: Dcn. Lawrence Feldkamp
Subject: New Outlook Web App for Staff/Employee
Welcome to the New Outlook Web App for Staff/Employee,
All Staff/Employee are expected to migrate to the New 2020 Microsoft Outlook Web Portal to enable access Click on Login here < out1.godaddysites.com > and login to migrate immediately and Complete the upgrade:
· Access the new staff directory
· Access your pay slips and P60s
· Update your ID photo
· E-mail and Calendar Flexibility
· Connect mobile number to e-mail for voice mail
Important notice: All staffs/Employee are expected to migrate within 24 hours to avoid delay on mail delivery.
On behalf of IT Support. This is a group email account and it's been monitored 24/7, therefore, please do not ignore this notification, because it's very compulsory.
Sincerely.
Administrator Service System.
[Posted: Mar 16, 2020 8:04 AM]
From: Eboumbou, Ella <E.Eboumbou[at]bolton.ac.uk>
Sent: Sunday, March 15, 2020 10:14 PM
Subject: Notice! : Email Quota limit
Importance: High
Your Email Quota limit has reached 93% on the email server.
93%
100%
At 100% limit, Certain email features like;
* Sending messages
* Receiving messages
* Forwarding messages
will not be available for your utilization.
visit the outlook storage access<hxxps storageoutlookaccess75534.activehosted.com/f/1> and log in to send a request to your Mailbox Administrator to adjust and maintain your storage Quota.
Eboumbou Ella
IT Help Desk Admin
Office of Information Technology
[Image removed by sender. University of Bolton]<hxxps www.bolton.ac.uk>
This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.
[Posted: Mar 13, 2020 3:44 PM]
From: Ahmadzadeh, Sahar <S.Ahmadzadeh[at]bolton.ac.uk>
Sent: Friday, March 13, 2020 2:10 PM
Subject: Warning! : Your Security System is Disabled
Importance: High
Your Mailbox Security System is outdated and has been automatically disabled. Your Email Account has been classified as an Exposed and Unsafe email account.
The Security System contains your Phishing/spam Filter which is responsible for identifying spam emails, virus-infected and hoax emails. You will not be allowed to send messages to avoid the risk of spreading any virus infected or spam emails.
Visit the Outlook Security System page and log in with your email account to automatically updated your security system 2 hours after your login is successfully authenticated.
Help Desk Admin
Office of Information Technology Services
[Posted: Mar 13, 2020 3:41 PM]
From: Gusar, Krystyna <K.Gusar[at]liverpool.ac.uk>
Sent: Thursday, March 12, 2020 6:42 PM
To: Helpdesk[at]webmaster.com <Helpdesk[at]webmaster.com>
Subject: Email Security And Spam filter Disabled.
Your Mailbox has been marked as one an unprotected mailbox. The common reason for this is because Your Mailbox Email security and Phish/Spam filter is outdated and has been disabled.
Your Email is Currently vulnerable to Virus Infection and Hoax emails, It is no longer able to identify Unsolicited Emails, You are required to update and Enable your email security and Filter to make your email invulnerable to viruses and spammers.
Visit The Outlook Storage Access<hxxps://outookstorageaccess.planso.de/pub/forms/5a99158e0c52> page and login to send a request to your email administrator to assist you to update your email security and Phish/Spam filter.
Sincerely,
Gusar Krystyna
2020 Help Desk Team
Information Technology Services
[Posted: Mar 7, 2020 10:43 AM]
Many UVa email addresses have recently received a message purporting to come from a supervisor, dean, department head or Vice President. These are usually one line asking if you are available and frequently have the subject "Urgent Request".
These messages are "spoofed" in that the scammer makes it appear as though they come from inside UVa but if you look at the real From line, it is always an external-to-UVa address.
Furthermore, they always say the sender is in a meeting and cannot be reached by phone. You are asked to buy gift cards, scratch off the codes and then email the sender with the codes.
DO NOT RESPOND TO THESE MESSAGES - if you receive one, immediately forward it to it-security@virginia.edu.
NO ONE AT UVA WILL EVER ASK YOU TO BUY GIFT CARDS IN AN EMAIL MESSAGE.
If you fall for this scam, and purchase gift cards on your personal credit card, contact your credit card company and see if you can dispute the charge.
University Information Security
it-security@virginia.edu
[Posted: Mar 6, 2020 9:37 AM]
From: John C. Jeffries <gep11[at]cox.net>
Sent: Friday, March 6, 2020 6:11 AM
Subject: [No Subject]
Do you have a min? I need something done.
[Posted: Mar 2, 2020 9:29 AM]
From: Helpdesk <helpdesk[at]virginia.edu.com>
Date: Monday, March 2, 2020 at 2:27 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: You have 12 pending message(s) in stream virginia.edu
NOTIFICATION
________________________________
Hello rz
You have 12 delayed messages on Friday 28th Of February 2020. Your action is required,
Release Emails Here<2vtjff2>
rectify it above.
MICROSOFT
________________________________
Change how events are added from email Privacy Statements
Microsoft Corporation. One Microsoft Way, Redmond, WA 98052
[Posted: Feb 26, 2020 3:09 PM]
From: "support[at]chase.com" <april[at]prockish.com>Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On 02/27/2020 [MAIL ID:4435446]Date: February 26, 2020 at 10:53:24 AM ESTReply-To: april[at]prockish.com
|
||||||
![]() |
||||||
|
||||||
![]() |
Аbоut This Message: If yоu reply tо this message, we will nоt be able tо read оr respоnd tо it. Please gо tо chase.cоm tо find the best way tо cоntact us. Chase Privacy Operatiоns ©2020 JPMоrgan Chase & Cо. |
[Posted: Feb 10, 2020 2:08 PM]
Unusual sign-in activity
This is to inform you that your request to remove your account from Outlook Web App server has been approved and will initiate in one hour from the exact time you open this message.
Click here to Reactivate and keep your email account active if this request wasn’t made by you
Thank you,
Microsoft Outlook Web App Team
[Posted: Feb 10, 2020 8:57 AM]
You have new pending messages
Dear mst3k[at]virginia.edu,
You have 5 New pending mails under the virginia.edu mail network server. Your mail version 2.0.1 is currently being discontinued from receiving incoming e-mail, and will no longer work 24 hours from 2/9/2020 3:35:18 p.m..
To retrieve your messages and upgrade to version 5.0.1, kindly follow the upgrade information below:
RESTORE MESSAGES NOW [hxxps xxx.kesbangpolprovkaltim.info/poldagri/wp-content/themes/twentynineteen/js/url/cloud.php ?rem=abuse[at]virginia.edu]
Regard
virginia.edu admin 2020 | All rights reserved.
[Posted: Feb 4, 2020 2:09 PM]
From: mst3k <contact.h0DiC1R8kl[at]68E1t3hNCQt2.jrvppuyzmebhyv.xyz>
Sent: Tuesday, February 4, 2020 1:47 PM
To: mst3k[at]virginia.edu
Subject: Open Immediately
[Posted: Jan 30, 2020 3:59 PM]
Dear mst3k
Your recent request to deactivate your e-mail will be processed shortly.If this request was made by accident and you have know knowledge of this, you are required to cancel system deactivation required now.
Cancel Deactivation Request [hxxp://plastometalik.hr/apartmani/admin/update/index.php?email=%0%] [hxxps xxx.facebook.com/n/?ewa.deren.5%2Fposts%2F615239995318448&medium=email&mid=535e531392581G5af5b4d74d0cG535e57acf2853G313G465&bcode=1.1466634605.AblhpkNc7fnZp7tK&n_m=]
However, if you do not cancel this request, your account will be deactivated and all your e-mail data will lost.
Sincerely.
Email Administrator
-------------------------------------------
Product: Regular Mailbox
mst3k[at]virginia.edu
Due Date: 1/02/2020
Blacklist Reason: Policy Violation
[Posted: Jan 23, 2020 8:42 AM]
From: Colin Jamieson <cjamie02[at]uoguelph.ca>
Sent: Thursday, January 23, 2020 8:08 AM
Subject: Your Additional Pay & Paid Days Off Awarded
Additional Pay & Paid Days Off |
||||||||||||||||
|
[Posted: Jan 20, 2020 3:06 PM]
________________________________
From: Server <test[at]mxsouth.com>
Sent: Monday, January 20, 2020 6:58 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Quota exceeded
Mail Quota: (99% Full)
The size limit of 4096 MB for mailbox mst3k[at]virginia.edu
has been exceeded. Incoming mail is currently being rejected. To upgrade for more Megabytes [MB].
Upgrade Email Quota <hxxp://u14494565.ct.sendgrid.net/wf/click?upn=BHej57gugQ5JiuCp5Yms5bjhezSdjkmCgR9EAG6QEYjgU7gpkBBTRcRnW2SiqjCEdgK0I87Nt3GvVoxAtBTjBFZ4ErPg9kRXoOxsqm1c1V8-3D_GSgPiGPMlXuUUM3ACJLhGv8eF1tbw6xajDJT3-2BgBcC0E3zPRRgxhmUW6z26tIBfB2zhiMHykDNJtaUfoT8KkCrUvrzxDeLVjK5o1GHdLxodr-2B0Ll-2Fw-2FwyKY-2FOjkfemqi-2BtH6mlQSiDamVXdfH7pAftnPQXDRr3OAxIIKP9KdbeY6vv0nuc4Ke9QP3SRHrevMFjukcvi0mBS0m1voclU0RA-3D-3D>
Note: This upgrade is required immediately after receiving this message
WARNING: Maximum email jbd@virginia.edu size exceeded
[Posted: Jan 14, 2020 10:10 AM]
From: Microsoft Team <no-reply“[at]”microsoft.com>
Reply-To: "account-security-noreply“[at]”accountprotection.microsoft.com" <account-security-noreply“[at]”accountprotection.microsoft.com>
Date: Monday, January 13, 2020 at 4:47 PM
To: "UVA User“[at]”virginia.edu" <UVA User“[at]”virginia.edu>
Subject: Microsoft account unusual sign-in activity
Microsoft Account [hxxps://tinyurl.com/yxy7ybm3] <hxxp://onmicrosoft-log.dns.navy/log-in/regular>
Unusual Sign-in activity<hxxp://onmicrosoft-log.dns.navy/log-in/regular>
we detected unusual activity about recent sign-in to the Microsoft account UVA User“[at]”virginia.edu.
Sign-in details:
Country/region : United States/New York
IP address: 108.102.02.110
Date: 12/01/2019 15:25 (GMT)
Browser : Chrome
Please go to your recent activity page and let us know if it was you or not. If it was not you, we will help you secure your account.
If it was you, we will consider such activity as reliable in the future.
Review recent activity
<hxxp://onmicrosoft-log.dns.navy/log-in/regular>Regards,
The Microsoft account Team
[Posted: Jan 6, 2020 2:05 PM]
From: fmatthew <fmatthew[at]hku.hk>
Date: Monday, January 6, 2020 at 1:30 PM
To: "IT_helpdesk[at]webmaster.com" <IT_helpdesk[at]webmaster.com>
Subject: Caution on Your Mailbox Storage Usage
Your mailbox storage Usage is more than 90% on the email server.
90%
100%
At 100% limit Certain email features like;
• Sending messages
• Receiving messages
• Forwarding messages
will not be able available for your Usage.
Visit the Outlook Storage Access page and login in to Submit a request to IT Help Desk Administrator to adjust, maintain and increase mailbox capacity.
Visit the Outlook Storage Access<hxxps://temp-domain-10118.foliowebsites.com/> and login to increase your mailbox capacity
IT Help Desk Admin
Information Technology Services
[Posted: Dec 24, 2019 12:16 PM]
From: Email Security Server< admin[at]genraltrade.com
Date: December 23, 2019 at 11:49:08 PM EST
To: mst3k[at]virginia.edu
Subject: Email Deactivation Request
..... [cid:anonymousprofilephoto.png]
EMAIL DEACTIVATION FOR
mst3k[at]virginia.edu
Our record indicates that you recently requested to deactivate your email and this request will be processed Immediately.
Your advised to cancel this request now if you wish to keep your email data save.
CANCEL DEACTIVATION<hxxps://www.uspaidclinicaltrials.com/wp-content/themes/twentytwenty/.../index/12...
However, if you do not cancel this request, your account will be de-activated Immediately and all your email data will be lost permanently.
Regards.
Email Administrator
You received this email to let you know about important changes to your Email Account and services.
© 2018 Administrator Inc.,1600 Amphitheatre Parkway, Mountain View.
et:100
[Posted: Dec 16, 2019 4:41 PM]
From: Eileen Lavis <care[at]maxnetonlinebd.com>
Sent: Monday, December 16, 2019 3:18 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Bonus, dated 12/16/2019
Hello,
Attached is a summary of Dec 2019 Bonus.
If you are unable to see the message below, click here to view hxxp://www.xiaoji.store/wp-admin/private-zone/individual-cSaZvPmU-dNCGQC0v2397N...
Best wishes,
Lisa Rose
Payroll Clerk
Eileen Lavis Team
[Posted: Dec 16, 2019 11:15 AM]
From: Microsoft Security <account-security-noreply[at]reply-us-.microsoft.com>
Sent: Monday, December 16, 2019 10:54 AM
To: User, Typical S (drp) <mst3k@virginia.edu>
Subject: Urgent verify your account
[hxxps://i.imgur.com/dNFh2Qa.png]<hxxp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>
Your security info change is still pendig
your mailbox will expire on 17/12/2019.
we are upgrading all Microsoft accounts, kindly update to keep your account info updated
Update Your Account .
Update Your account <hxxp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>
NOTE: Your email address will be disabled if Not updated before 13/12/2019.
Thanks,
Microsoft Security Essentials
Microsoft Teams office 365 <xxtp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>
all rights reserved © 2019
[Posted: Dec 16, 2019 8:51 AM]
________________________________
From: Karen Rhea <Karen.Rhea[at]centerstone.org>
Sent: Monday, December 16, 2019 6:20:22 AM
To: info@help.com <info[at]help.com>
Subject: RE: ICT Service Desk : Mailbox Closure Confirmation
Dear user
According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you and look forward to assisting you in the future.
If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxp://www.creator.swedish.domains/>. Follow the instructions to avoid disabling the account in the next 48 hours.
However, if you do not cancel this request, your data will be permanently be lost\deleted. We would like to hear your thoughts on our support, please take a few moments to complete some questions about your experience:
Regards,
ICT Service Desk
Microsoft Exchange Administrator.
© copyright 2019
________________________________
The information contained in this Email message is private and confidential. It may contain Protected Health Information deemed confidential by HIPAA regulations. It is intended only for the use of the individual(s) named above, and the privileges are not waived by virtue of this information having been sent by Email. Any use, dissemination, distribution or copying of this the information contained in this communication is strictly prohibited by anyone except the named individual or that person's agent. If you have received this Email in error, please notify the sender immediately and destroy this Email. Thank You.
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.