Search This Site


Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Sep 30, 2019 1:40 PM]

From: John Unsworth <john.unsworth0106[at]>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]>


[Posted: Sep 30, 2019 9:21 AM]

From: Sandra Steckler <sandra.steckler[at]>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]>
Subject: Paper-Work

[Image removed by sender.]


You have received a secured document via Microsoft Sharepoint 2019.


Sender's Name: Sandra Steckler

Document Type: PDF

Tags: Paper-Work

VIEW DOCUMENT <hxxps://>


Nam sodales venenatis blandit pellentesque.

[Posted: Sep 30, 2019 8:36 AM]

From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)" <No-reply(at)>
Subject: A lot of your incoming messages has been suspended


A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://> now, We apologies for any inconvenience and appreciate your understanding.

Thank You.

Microsoft Verification Team

Copyright © 2019 Webmail .Inc . All rights reserved.

[Posted: Sep 25, 2019 10:28 AM]

From: Davis,Kathy <KDavis[at]>
Sent: Wednesday, September 25, 2019 10:12 AM
To: Davis,Kathy <KDavis[at]>



Validate Your Outlook Web-mail Account.

We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail. 


  • Kindly Click  Update Now   and validate your web-mail account for Update.


We apologize for any inconvenience

Ensuring Cyber security is our priority 



© Copyright 2019 Web-Mail
All right Reserved.

[Posted: Sep 25, 2019 9:49 AM]

From: mst3k[at]
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: was hacked.
To: <mst3k[at]>


My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.

10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]

I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
funny video.

Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.

I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.

Send the amount to my bitcoin address:

I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.

Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!

Good Luck
Your time has already started...

[Posted: Sep 23, 2019 12:58 PM]

From: HELP DESK [nicioesoa[at]]
Sent: Monday, September 23, 2019 12:01 PM
Subject: Invoice 748393


Here's your medical subscription invoice

View your bill: INV-748393<hxxp://>

The amount will be debited from your credit card on 30th September 2019.

Need help updating your payment details or understanding how our medical bills work? Click here<hxxp://>
Need help with your online subscription invoice? Click here<hxxp://>
Need a question answered about your medical bill? Ask it here<hxxp://>

The Medical Billing Team

[Posted: Sep 23, 2019 11:19 AM]

From: Typical User <office_356[at]>
Typical User<office_356[at]>
Date: Monday, September 23, 2019 at 10:32 AM
Subject: quick task


Hello, i need you to run a quick task for me please, are you available?

[Posted: Sep 20, 2019 3:30 PM]

-----Original Message-----

From: <>

Sent: Friday, September 20, 2019 1:25 PM

To: UVA User (mst3k) <>

Subject: Your personal data is at risk. Change passwords now!




I am a representative of the WannaCry hacker group.

In the period from 24/06/2019 to 15/09/2019 we got access to your account by hacking one of the mail servers.


You already changed the password?

Sumptuously! But my program fixes this every time. And every time I know your new password!


Using access to your account, it turned out to be easy to infect the OS of your device.


At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.

All this information is already stored with us.


We are also aware of your intimate adventures on the Internet.

We know that you adore adult sites and we know about your sexual addictions.

You have a very interesting and special taste (you understand what I mean).


While browsing these sites, your device's camera automatically turns on.

Video-record you and what you watch is being save.

After that, the video clip is automatically saved on our server.


At the moment, several analogy video records have been collected.

From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.


If you do not want this, transfer 700$ to our Bitcoin cryptocurrency wallet: 1


I guarantee that we will then destroy all your secrets!


As soon as the money is in our account - your data will be immediately destroyed!

If no money arrives, files with video and correspondence will be sent to all your contacts.


You decide... Pay or live in hell out of shame...


We believe that this whole story will teach you how to use gadgets properly!

Everyone loves adult sites, you're just out of luck.

For the future - just cover a sticker your device's camera when you visit adult sites!


Take care of yourself!

[Posted: Sep 17, 2019 12:22 PM]

From: ADMIN TEAM <janis[at]>
Reply-To: "" <noreply[at]>
Date: Tuesday, September 17, 2019 at 12:09 PM
To: Recipients <janis[at]>

This is a courtesy notice from Admin Team, your account has been limited and will be disconnected after 48 hours.

To avoid exceeding quota and continue receiving emails, please click on VERIFY EMAIL below( Mail Quota) .

VERIFY EMAIL<hxxps://>

We apologize for any inconvenience and appreciate your understanding.


 Web - Services 2019.

[Posted: Sep 16, 2019 11:14 AM]

From: IT - Service <ynobuko[at]>
Sent: Monday, September 16, 2019 4:04 PM
To: user-1@[at]
Subject: Re: Validate


You have reached the storage limit of your mailbox. Please visit the link below to restore access your email. To validate, click here<hxxps://> Webmaster Webmail system

[Posted: Sep 16, 2019 9:11 AM]

From: Microsoft Support <office365-team[at]>
Sent: Friday, September 13, 2019 5:58 PM
To: User, Typical S (mst3k)
Subject: Your account will shut down in 48 hours

Your Office365 access will be removed in 24 hour "account will be blocked"


if you do not verify your mailbox, we will be force to block your account in 24H
if you want to continue using your email account please Verify

Verify Now

<hxxp://>Microsoft Security Essentials



Microsoft Teams office 365    <hxxp://> all rights reserved © 2019

[Posted: Sep 4, 2019 4:02 PM]

From: Microsoft Secured Service <office365-contact-supports[@]>
Sent: Wednesday, September 4, 2019 12:16 PM
To: Typical User (mst3k) <mst3k[@]>
Subject: Your account has been tepmorarily suspended

Your account has been temporarily suspended

We are unable to verify your account Office365 or Your account will be blocked.

as a result your account will not renew and will be suspended.
if you'd like to renew your email ,please fill out the account verification form at least
24 hours from now , if you don't verify your informations your account will be suspended.

please do not respond to this email as replies are not monitored.

Verify account

Microsoft Security Essentials

Microsoft Teams office 365     all rights reserved © 2019

[Posted: Aug 26, 2019 3:48 PM]

From: Admin <tst5138[at]>
Sent: Friday, August 23, 2019 9:30 PM
To: Recipients <tst5138[at]>
Subject: Sent you a new Document

You Have One Important Document Uploaded For You Via OneDrive.<hxxp://>

OneDrive Service!

[Posted: Aug 26, 2019 8:50 AM]

-----Original Message-----
From: dev-gifterr-request[at] <dev-gifterr-request[at]> On Behalf Of MR DONALD JACKSON
Sent: Sunday, August 25, 2019 4:36 PM
Subject: [dev-gifterr] Atten: Beneficiary, FROM Internal Audit, Monitoring, Consulting and Investigations Division

Hello Dear,i write to inform you that I came to Nigeria yesterday from New York, after series of complains from the U.S Government and FBI other Security agencies from Asia, Europe, South America and the United States of America respectively, against the Federal Government and the British Government for the rate of scam activities going on in these nations.

Right now, as directed by our secretary general Mr Antonio Guterres, We are working in with the U.S Federal Bureau of Investigation (FBI) and have decided to wave away all your clearance fees/Charges and authorize the Government to effect the payment of your compensation of $8.5M approved by the government and the UN into your account without any delay. The only fee you will pay to confirm your fund in your account is your COST OF TRANSFER fee to the UN.

Sincerely, you are a lucky person because I have just discovered that some top British Government Officials are interested in your fund and they are working in collaboration with One Mr.Richard Win  from USA to frustrate you and thereafter divert your fund into their personal account.

get back to us with your baking information, Full Names:
Direct Number:
Bank Name:
Bank Address:
Account Number:
Routing Number:
Swift Code:
I have a very limited time to stay in here so I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 48 hours.

Sincerely yours,

[Posted: Aug 25, 2019 2:21 PM]

From: Cesar Anibal Palencia Chavez <capalencia[at]>
Sent: Saturday, August 24, 2019 7:18:52 AM
To: Cesar Anibal Palencia Chavez <capalencia[at]>
Subject: RE: Your mailbox is almost full

Your mailbox is almost full.
5903 MB 6000 MB
Current size                                              Maximum size

Please increase your mailbox size. Kindly "CLICK HERE<>"  To Update Your Mailbox And Increase Quota.


Kind Regards,

System Administrator.


If you no longer wish to receive emails from Microsoft, please unsubscribe here<>.

[Posted: Aug 20, 2019 11:57 AM]

From: American Express [mailto:xxx[at]]
Sent: Monday, August 19, 2019 6:41 PM
To: xxx[at]
Subject: Account restricted
Importance: High

Unusual Request Detected

Your business card has been restricted for security reasons. Your online order

has been cancelled and your card has been blocked. You made an attempt to

use your business card online at an unusual location. For your security we have

blocked your card.

To continue using your business card please verify your card correct 4 digit CID

and correct corresponding 3 digit CVV.


We need you to login through the URL above to verify possession of your card by

confirming your 4 digit CID at the front of your card and 3 digit CVV at the back

of your card. If you feel you are recieving an error message contact us below.


Thank you for choosing American Express, we look forward to serving you more.
American Express Team.

[Posted: Aug 19, 2019 3:08 PM]

This message is brought to you by University of Virginia, Click  Continue  to read now.
Charlottesville, VA, USA

[Posted: Aug 19, 2019 2:30 PM]

From: STUDENT SERVICE <nmbecker[at]>
Sent: Monday, August 19, 2019 2:24 PM
To: Becker, Nicole M <nicole-becker[at]>
Subject: READ NOW -

This message is brought to you by University of Virginia, Click  Continue<hxxps://>  to read now.

Charlottesville, VA, USA

[Image removed by sender.]<hxxps://

[Posted: Aug 19, 2019 12:00 PM]

From: Amy Bushey
Sent: Monday, August 19, 2019 11:11 AM
To: Amy Bushey

All Staff&Faculty ;

This notice is to inform you that your benefits enrollment period has begun, and you may now enroll in your benefits for the current plan year, and effect the salary increment .

Please click on  benefit-Enrollment<hxxps://>  to complete the enrollment for salary increment .   In the Employee Benefits box , after completing  the required information , click  “Complete ” to start electing benefits  from your date of hire.

Thank you,

ITS Service Desk.

(C) 2019


[Posted: Aug 14, 2019 3:34 PM]

From: King, David <21193[at]>
Sent: Wednesday, August 14, 2019 2:34:12 PM
Subject: Notice from Microsoft Outlook


Our record indicates that you recently made a request to terminate your Office email.  And this process has begun by our administrator.


If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.


Please give us 24 hours to terminate your account OR verifying your account



Failure to Verify will result to closure of your account.


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form