Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to email@example.com.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Sep 30, 2019 1:40 PM]
From: John Unsworth <john.unsworth0106[at]gmail.com>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: URGENT REQUEST
[Posted: Sep 30, 2019 9:21 AM]
From: Sandra Steckler <sandra.steckler[at]ndus.edu>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]virginia.edu>
[Image removed by sender.]
You have received a secured document via Microsoft Sharepoint 2019.
Sender's Name: Sandra Steckler
Document Type: PDF
VIEW DOCUMENT <hxxps://docs.google.com/uc?export=download&id=1hBYYYHO-OXjRvgeKBhuXJkDuV-oowyYw>
Nam sodales venenatis blandit pellentesque.
[Posted: Sep 30, 2019 8:36 AM]
From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)kmda.gov.ua>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)microsoft.net" <No-reply(at)microsoft.net>
Subject: A lot of your incoming messages has been suspended
MICROSOFT VERIFICATION NEEDED
A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://3rr3.000webhostapp.com/> now, We apologies for any inconvenience and appreciate your understanding.
Microsoft Verification Team
Copyright © 2019 Webmail .Inc . All rights reserved.
[Posted: Sep 25, 2019 10:28 AM]
Validate Your Outlook Web-mail Account.
We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail.
We apologize for any inconvenience
Ensuring Cyber security is our priority
© Copyright 2019 Web-Mail
[Posted: Sep 25, 2019 9:49 AM]
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: firstname.lastname@example.org was hacked.
My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.
10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]virginia.edu)
I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.
I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.
Send the amount to my bitcoin address:
I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.
Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!
Your time has already started...
[Posted: Sep 23, 2019 12:58 PM]
From: HELP DESK [nicioesoa[at]outlook.com]
Sent: Monday, September 23, 2019 12:01 PM
Subject: Invoice 748393
Here's your medical subscription invoice
View your bill: INV-748393<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
The amount will be debited from your credit card on 30th September 2019.
Need help updating your payment details or understanding how our medical bills work? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need help with your online subscription invoice? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need a question answered about your medical bill? Ask it here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
The Medical Billing Team
INFORMATION HELP DESK
[Posted: Sep 23, 2019 11:19 AM]
[Posted: Sep 20, 2019 3:30 PM]
Sent: Friday, September 20, 2019 1:25 PM
To: UVA User (mst3k) <email@example.com>
Subject: Your personal data is at risk. Change passwords now!
I am a representative of the WannaCry hacker group.
In the period from 24/06/2019 to 15/09/2019 we got access to your account firstname.lastname@example.org by hacking one of the virginia.edu mail servers.
You already changed the password?
Sumptuously! But my program fixes this every time. And every time I know your new password!
Using access to your account, it turned out to be easy to infect the OS of your device.
At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.
We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).
While browsing these sites, your device's camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.
At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.
If you do not want this, transfer 700$ to our Bitcoin cryptocurrency wallet: 1
I guarantee that we will then destroy all your secrets!
As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.
You decide... Pay or live in hell out of shame...
We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device's camera when you visit adult sites!
Take care of yourself!
[Posted: Sep 17, 2019 12:22 PM]
From: ADMIN TEAM <janis[at]ntpie.lv>
Reply-To: "email@example.com" <noreply[at]ntpie.lv>
Date: Tuesday, September 17, 2019 at 12:09 PM
To: Recipients <janis[at]ntpie.lv>
Subject: MAIL VERIFICATION.
This is a courtesy notice from Admin Team, your account has been limited and will be disconnected after 48 hours.
To avoid exceeding quota and continue receiving emails, please click on VERIFY EMAIL below( Mail Quota) .
We apologize for any inconvenience and appreciate your understanding.
Web - Services 2019.
[Posted: Sep 16, 2019 11:14 AM]
From: IT - Service <ynobuko[at]med.kyushu-u.ac.jp>
Sent: Monday, September 16, 2019 4:04 PM
Subject: Re: Validate
You have reached the storage limit of your mailbox. Please visit the link below to restore access your email. To validate, click here<hxxps://ee54567.wufoo.com/forms/s1l3u1gl1rvyq7y/> Webmaster Webmail system
[Posted: Sep 16, 2019 9:11 AM]
From: Microsoft Support <office365-team[at]verification.microsoft.com>
Sent: Friday, September 13, 2019 5:58 PM
To: User, Typical S (mst3k)
Subject: Your account will shut down in 48 hours
Your Office365 access will be removed in 24 hour "account will be blocked"
if you do not verify your mailbox, we will be force to block your account in 24H
if you want to continue using your email account please Verify
<hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office>Microsoft Security Essentials
Microsoft Teams office 365 <hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office> all rights reserved © 2019
[Posted: Sep 4, 2019 4:02 PM]
Sent: Wednesday, September 4, 2019 12:16 PM
To: Typical User (mst3k) <mst3k[@]virginia.edu>
Subject: Your account has been tepmorarily suspended
Your account has been temporarily suspended
We are unable to verify your account Office365 or Your account will be blocked.
as a result your account will not renew and will be suspended.
if you'd like to renew your email ,please fill out the account verification form at least
24 hours from now , if you don't verify your informations your account will be suspended.
please do not respond to this email as replies are not monitored.
Microsoft Security Essentials
Microsoft Teams office 365 all rights reserved © 2019
[Posted: Aug 26, 2019 3:48 PM]
From: Admin <tst5138[at]psu.edu>
Sent: Friday, August 23, 2019 9:30 PM
To: Recipients <tst5138[at]psu.edu>
Subject: Sent you a new Document
You Have One Important Document Uploaded For You Via OneDrive.
[Posted: Aug 26, 2019 8:50 AM]
From: dev-gifterr-request[at]virginia.edu <dev-gifterr-request[at]virginia.edu> On Behalf Of MR DONALD JACKSON
Sent: Sunday, August 25, 2019 4:36 PM
Subject: [dev-gifterr] Atten: Beneficiary, FROM Internal Audit, Monitoring, Consulting and Investigations Division
Hello Dear,i write to inform you that I came to Nigeria yesterday from New York, after series of complains from the U.S Government and FBI other Security agencies from Asia, Europe, South America and the United States of America respectively, against the Federal Government and the British Government for the rate of scam activities going on in these nations.
Right now, as directed by our secretary general Mr Antonio Guterres, We are working in with the U.S Federal Bureau of Investigation (FBI) and have decided to wave away all your clearance fees/Charges and authorize the Government to effect the payment of your compensation of $8.5M approved by the government and the UN into your account without any delay. The only fee you will pay to confirm your fund in your account is your COST OF TRANSFER fee to the UN.
Sincerely, you are a lucky person because I have just discovered that some top British Government Officials are interested in your fund and they are working in collaboration with One Mr.Richard Win from USA to frustrate you and thereafter divert your fund into their personal account.
get back to us with your baking information, Full Names:
I have a very limited time to stay in here so I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 48 hours.
MRS INGA-BRITT AHLENIUS
[Posted: Aug 25, 2019 2:21 PM]
From: Cesar Anibal Palencia Chavez <capalencia[at]tijuana.gob.mx>
Sent: Saturday, August 24, 2019 7:18:52 AM
To: Cesar Anibal Palencia Chavez <capalencia[at]tijuana.gob.mx>
Subject: RE: Your mailbox is almost full
Your mailbox is almost full.
5903 MB 6000 MB
Current size Maximum size
Please increase your mailbox size. Kindly "CLICK HERE<http://quota-upgrade.moonfruit.com/>" To Update Your Mailbox And Increase Quota.
If you no longer wish to receive emails from Microsoft, please unsubscribe here<http://quota-upgrade.moonfruit.com/>.
[Posted: Aug 20, 2019 11:57 AM]
From: American Express [mailto:xxx[at]vmi.edu]
Sent: Monday, August 19, 2019 6:41 PM
Subject: Account restricted
Unusual Request Detected
Your business card has been restricted for security reasons. Your online order
has been cancelled and your card has been blocked. You made an attempt to
use your business card online at an unusual location. For your security we have
blocked your card.
To continue using your business card please verify your card correct 4 digit CID
and correct corresponding 3 digit CVV.
We need you to login through the URL above to verify possession of your card by
confirming your 4 digit CID at the front of your card and 3 digit CVV at the back
of your card. If you feel you are recieving an error message contact us below.
CONTACT US HERE<hxxps://u9098075.ct.sendgrid.net/wf/click?upn=ndwUZUHCSRd8p-2BdmsPxPM6ipJ-2FBC0Z7m08QJnM30J9suAJ5em5fmj7eZ7Yv2okfj_Pgf1vvBmdgmI0AGz27ouGVsBeLLQgg5q3yuanrs58tHmvMgt5oblRUMWvjlE90-2BpTKVfgILqWnHK4pyFjfENlAEvHz3opccI4kTmSj0Bu3WpnlxZJCM0FJyEUTyzWkq1oAJOUxrvTvIIoBOgcDMiIveqKOge3XQH5-2BvRg0HNieKyhDWy3R0w-2FIuKKbl0sHOx4v-2FtUgtq0WhsXXdYGIkLqw-3D-3D>
Thank you for choosing American Express, we look forward to serving you more.
American Express Team.
[Posted: Aug 19, 2019 3:08 PM]
[Posted: Aug 19, 2019 2:30 PM]
From: STUDENT SERVICE <nmbecker[at]uiowa.edu>
Sent: Monday, August 19, 2019 2:24 PM
To: Becker, Nicole M <nicole-becker[at]uiowa.edu>
Subject: READ NOW -
This message is brought to you by University of Virginia, Click Continue<hxxps://forms.office.com/Pages/ResponsePage.aspx?id=Ob0wQVN8nEGx5YdY1tY_IWrOaYvhpgBGk7zE027GlpNUMENXMFZRU0o5STUxRFdCWFlNV1g0MFpOUi4u> to read now.
Charlottesville, VA, USA
[Image removed by sender.]<hxxps://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=si...
[Posted: Aug 19, 2019 12:00 PM]
From: Amy Bushey
Sent: Monday, August 19, 2019 11:11 AM
To: Amy Bushey
Subject: STAFF NOTIFICATION
All Staff&Faculty ;
This notice is to inform you that your benefits enrollment period has begun, and you may now enroll in your benefits for the current plan year, and effect the salary increment .
Please click on benefit-Enrollment<hxxps://kmerovertws.org/benefit-enrolment/> to complete the enrollment for salary increment . In the Employee Benefits box , after completing the required information , click “Complete ” to start electing benefits from your date of hire.
ITS Service Desk.
[Posted: Aug 14, 2019 3:34 PM]
From: King, David <21193[at]monroe.k12.mi.us>
Sent: Wednesday, August 14, 2019 2:34:12 PM
Subject: Notice from Microsoft Outlook
Our record indicates that you recently made a request to terminate your Office email. And this process has begun by our administrator.
If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.
Please give us 24 hours to terminate your account OR verifying your account
CLICK HERE TO VERIFY<hxxps://email-healthsystem-virginia-edu-my-policy.weebly.com/>
Failure to Verify will result to closure of your account.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.