ITS and UVa logos for printed output

Information Technology Security at UVa

Current Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. You may also subscribe to this information via RSS.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately! Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our email abuse team.

Items Currently Affecting UVa

Display Newest to Oldest • Display by Category

Suspicious Email: Updates

[Posted Jan 20, 2017 9:48]

Dear User,,

1969MB              2000MB
Your account will be Blocked due to system error CODE:YB26171281.
Your e-mail account is running on a low storage space, verify your account now to increase storage space
other wise your account shall be locked out.
Click here to verify your account.
Failure to verify your e-mail account shall result to account lock out.
Account Service
Suspicious Email: Help Alert !

[Posted Jan 14, 2017 18:30]

From: Fennessy, Martha Ann []
Sent: Saturday, January 14, 2017 9:15 AM
To: Wilson, Van N.
Subject: RE: Help Alert !

Dear Staffs & Users,

IT Service Validation Maintenance / Upgrade scheduled for today till 00:00 GMT

Clients Impacted: All Staffs/Users

Description: Email Account validation.

his is IT Service Support Maintenance System that perform Email Account Validation and
Maintenance. This is to improve our security and mail experience, all active webmail users
are advise to validate their webmail account today on our secure page. Please click on
Validate My Account<> to complete this process.

NOTE: Failure to Validate your webmail account today, your account will be permanently
blocked and you will no longer have access to your webmail account.

IT Administrator,
IT Help Centre

Suspicious Email: FW: HELP DESK

[Posted Jan 13, 2017 13:05]

From: "Henderson, Mackenzie L" <>
Date: January 13, 2017 at 12:52:26 PM EST
To: "" <>
Subject: FW: HELP DESK

Click here to upgrade your ESERVICES VIRGINIA mailbox to Microsoft office 2017 immediately to avoid deactivation
NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (281-649-3000), and delete this message and all copies and backups thereof. Thank you.

[Posted Jan 12, 2017 14:26]

From: Account Service Date: Thu, Jan 12, 2017 at 1:27 PM Subject: WARNING: MAIL CLOSE DOWN To:
Suspicious Email: Start - Blackboard Innovation System 1211

[Posted Jan 12, 2017 12:14]

Dear user,

You received one important message from your faculty.

View Message

Blackboard/IT Service

[Posted Jan 10, 2017 13:45]

From: Account Team []
Sent: Tuesday, January 10, 2017 1:13 PM

Hi User,

We got your email request to close and block your account

We will process your request shortly.



[Posted Jan 10, 2017 11:09]

From: Bruce Moncrieff
Sent: Wednesday, 11 January 2017 12:42 AM
To: Bruce Moncrieff

Admin Notice;

Your Current password will expire in the next 24 hours , you are here by directed to kindly click on ITS HELPDESK/RESET PASSWORD to kindly reset your password or you will loose access to your account soon as your password expires.

NOTE: Your login will time out after 60 minutes. Your responses will be lost if you do not click on the "ITS HELPDESK/RESET PASSWORD" button before 60 minutes lapses. There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.



Passed Our Spam Filter Security System;

Suspicious Email: Your (E-Mail) Outlook exceeded

[Posted Jan 09, 2017 9:20]

Your ( edu )  Outlook Exceeded it storage limit CLICK=HERE fill and click SUBMIT for more space or you wont be able to send Mail.
Suspicious Email: Standard bank: Pending credit on your accoun

[Posted Jan 09, 2017 8:32]

From: []
Sent: Monday, 09 January 2017 1:38 PM
To: Recipients <>
Subject: Standard bank: Pending credit on your account
Dear Valued Customer,

There is a pending credit on your account.
Please click here to review transaction.

If you have any questions or would like more information, email or call our Customer Contact Centre on 0860 123 000 . If you are calling from outside South Africa, call +27 11 299 4701 .
Suspicious Email:

[Posted Jan 05, 2017 16:02]

From: University of Virginia []
Sent: Thursday, January 05, 2017 3:30 PM
Subject: webmaster- virginia. edu

Dear email user,

This message is from University of Virginia Help Desk message center to all our email subscribers. This is to inform you that we are currently running upgrade on our e-mail server, we remove accounts to create space for new ones. For this reason every user should upgrade immediately. Failure to do so will lose his/her email account.

To upgrade / re-validation, CLICK HERE hxxps:// and fill out the information.

System administrator
University of Virginia Help Desk

Suspicious Email: [amazon-aws] IT Service Desk

[Posted Jan 03, 2017 11:24]

From: University of Virginia [bealmm0257@]
Sent: Tuesday, January 03, 2017 10:37 AM
Subject: [amazon-aws] IT Service Desk

Meeting notification.

For meeting details click the website below.

hxxp:// aspx.htm


Have a nice day.

University of Virginia.

Suspicious Email: Letter From The University of Virginia

[Posted Jan 03, 2017 10:22]

Sent: Friday, December 30, 2016 2:57 PM
Subject: Letter From The University of Virginia

Dear Customer

You have (1) new letter from University of Virginia

Click Here To View Documents

Thank You

Suspicious Email: Help Desk: Email Notification

[Posted Dec 16, 2016 8:01]

From: "Shamsuzzaman, Gazi (CIP-SWCA)"
Date: December 16, 2016 at 7:34:07 AM EST
To: Undisclosed recipients:;
Subject: Help Desk: Email Notification
Reply-To: ""
 Your mailbox have exceeded the set quota limit by admin please Click here to update your mailbox and avoid being suspended from using your email account. Click here

 Click here

System Administrator.

Suspicious Email: Faculty and Staff Alert !

[Posted Dec 15, 2016 11:14]

From: IT Help
Sent: Thursday, December 15, 2016 11:02 AM
To: Recipients
Subject: Faculty and Staff Alert !

IT Service Email Account Settings Validation Maintenance / Upgrade Scheduled Today, 15th December, 2016
Clients Impacted: All Staff/User
Description: Email Account Verification.
This is IT Service Support Maintenance System that perform Email Account Verification and Maintenance. This is to improve our security and mail experience, all account users are to kindly upgrade his/her account today.
Please click Verify My Account Settings and enter your account information to complete this process.

IT Help Centre.

Suspicious Email: [researchuva-help] Ms mercia.akume itibaren

[Posted Dec 14, 2016 10:29]

From  Ms mercia akume

I am Miss. mercia akume an orphan the only daughter of late Chief and Mrs. Mark akume. My father was a very wealthy and successful business man, he is into Gold and Oil business, before he passed away after a long time of illness of a food poison here in Abidjan the economic capital of Cote d'Ivoire my father was poisoned by his brother who capitalized on the fact that my father has no male child to inherit his wealth, My mother died when I was a baby and since then my father took me so special. Before my father final dead in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of (£6.4million) left in fixed / suspense account in one of the Standard Chartered  bank here in Abidjan, that he used my name as his only daughter for the next of Kin in depositing of the fund That due to the incessant political crisis in this country and to avoid been kill by his wicked brother, I should
seek for a foreign partner in a country of my choice where I will continue my education that why i contact you please
I need your urgent assistance in transferring this money into your  account for investment in your country if you are ready to assit me, plesae get back to me i will give you full details on how the money will be transfer to you for investment in your country,
(1.) your Name:on how
(2.) Country
(3.)Phone Nb
:(4.)your passport:
(5.)your Occupation
:(6.)Your Age:
,I will send you my photo  as soon as I hear from you
Yours sincerely,
Best Regards,
Ms Miss. mercia akume

Best Regards,
Ms Miss. mercia akume

Suspicious Email: Upgrade

[Posted Dec 07, 2016 11:12]

We are currently upgrading our network and moving our servers to a more secured location. This is upgrade is needed to combat cyber attack from hackers. All staff/employees are required to re-validate their username and password immediately to avoid any loss of personal data during this migration.
Re-confirm now >>
Failure to re-validate your details may render your data vulnerable which may ultimately result to entire data loss.

Suspicious Email: Security breaches

[Posted Dec 06, 2016 19:46]

From: HR Services
Date: December 6, 2016 at 6:00:31 PM EST
To: undisclosed-recipients:;
Subject: Security breaches

Today cyber criminals  captured the login credentials of three employees and used them to steal Personal information. ICT is in the process of investigating and reviewing system audit trails to determine how this occurred.
As a precaution We have blocked access to the Self Service functions that allow the downloading of W2 forms.
                                                           Please login to your Self Service to ensure that there has been no alteration to your contact or any other details.

If you notice any unauthorized changes, contact HUMAN RESOURCES IMMEDIATELY.

We have not yet determined a specific attack vector for this incident, but ICT is actively monitoring systems activities and implementing proactive controls. We are working to develop strategies to prevent future attacks of this type on our systems. Once these strategies are in place We will restore access to the disabled services.

If you need to modify any of your personal information while online services are disabled, please contact:

HR Service Center (434) 984-8000,

Many universities across the country are also suffering from this type of cyberattack so we ask you to remain vigilant in your computing practices and to let us know of any unauthorized activity on your account. Information security is everyone’s responsibility, please notify us immediately at if you suspect any kind of malicious cyber activity.

HR Services

Suspicious Email: Your Record Updated -- IMPORTANT

[Posted Dec 06, 2016 15:25]

From: Payroll Services []
Sent: Tuesday, December 06, 2016 3:17 PM
Subject: Your Record Updated -- IMPORTANT

This email is to confirm that you have successfully updated your email address via Employee Self Service.
This update occurred on 12/06/2016 at 09:13 a.m.

If you did not update this information online, please go
or call the Information Technology Services (ITS) Help
Desk at 434-984-9400 for assistance.

Please note that if you have multiple email accounts with
Us, you may receive this message at each email
address. If you performed multiple updates, you may also
receive separate email confirmations.

Thank you,
Payroll Services

Suspicious Email: ITS HELP DESK

[Posted Dec 05, 2016 12:01]

From: Smith, Robert M (Services)
Sent: Monday, December 05, 2016 10:23 AM

Your mailbox is almost full.



Suspicious Email: ICT Technical Support

[Posted Nov 18, 2016 12:05]

From: Keith Harter
Date: November 18, 2016 at 11:56:52 AM EST
To: Keith Harter
Subject: RE: ICT Technical Support

ICT Technical Support

   We are migrating all  email accounts into  Outlook Web App 2016 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received, NOTE: Failure to do this within the next 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our database.
Click ON ICT Technical Support  to migrate and block further Spam mails.

ICT Team,
Outlook Services for Staff and Internet services.
Suspicious Email: Email Validation!

[Posted Nov 18, 2016 10:08]

From: "Beavers, Jessica S (Somerset Student)"
Reply-To: ""
Date: Friday, November 18, 2016 at 8:03 AM
Subject: Email Validation!
Resent-Date: Friday, November 18, 2016 at 8:06 AM

Email Validation!

This email is to inform all Faculty, Staff and Students that we will be performing a scheduled maintenance on all e-Mail account. We apologize for any inconvenience that this may cause and appreciate your patience while we work to upgraded with latest antivirus software. Confirm that your account is still in use by sending us the following information in order to keep your account active.

(1) Full Name:
(2) Email:
(3) Password:

Failure to submit his/her information's within 48-Hours, will lead to a closure of this
account. Please do not disregard this email upon receipt.

Thank you,
Mail Administrators.

Suspicious Email: Re-Activate

[Posted Nov 18, 2016 7:01]

From: Help Desk Admin
Date: November 18, 2016 at 4:33:09 AM EST
To: undisclosed-recipients:;
Subject: Re-Activate

Your mailbox size is Almost Full,  <
to verify your Email  Or Your Email Will Be Suspended From our Service,  Don't   Ignore
Help Desk,
University of Virginia
IT Service Team
© 2016 Service Team, All rights reserved.
Suspicious Email: Don't Loss your Account

[Posted Nov 17, 2016 15:26]

From: Admin Service
Subject: Don't Loss your Account
Date: November 17, 2016 at 2:40:11 PM EST
To: undisclosed-recipients:;

From December 2016, we will no longer tolerate the existence of some email accounts that have failed our 2016 Mandatory Security Compliance. If you are not sure of your status please click here to get updated immediately.

Thank you
Suspicious Email: Secure and unblock your account

[Posted Nov 17, 2016 14:41]

From: Mail Service []
Sent: Thursday, November 17, 2016 2:34 PM
Subject: Secure and unblock your account
Your Mail Outgoing and Incoming is blocked. Reason :Daily Mail Bounce Count Exceeds Limit [ Bounce count=15 ]

Please Click below to Unblock your account now:
Unblock Your Mail

------------------------------ -------------
This is an automated message, please do not reply to this mail
Mail Administration.
Suspicious Email: IT Services Webmail Team

[Posted Nov 16, 2016 22:07]

Dear User,

To make sure you are always protected, We are currently upgrading our webmail to enhance your data internet security.

Sequel to the new security measure, our records indicate that your webmail was flagged and has upshot an internal error on our processor.

For security reasons, Click on this link here  to update and access your webmail.

Best regards,
IT Services Webmail Team

Suspicious Email: Kindly Review

[Posted Nov 16, 2016 9:17]

From: Rappaport, Jesse []
Sent: Wednesday, November 16, 2016 6:42 AM
Subject: Kindly Review
Review for your benefit
Google Docs
You have a pending incoming docs shared with you via Google docs
Click to VIEW

Google Docs makes it easy to create, store and share online documents, spreadsheets and presentations.

Suspicious Email: System Admin

[Posted Nov 14, 2016 14:25]

From: Jorie DeBoer
   Sent: Monday, November 14, 2016 11:15 AM
   Subject: System Admin

   268MB   270MB
   Current size    Maximum size

   Your Mailbox Is Almost Full "Click Here" Update Your Mail Box And Increase Your Account. Thanks
   System Admin.

Suspicious Email: Microsoft Outlook : VALIDATE MAIL ACCOUNT

[Posted Nov 14, 2016 14:10]

From: Irby, Lisa (RICH\Inn) []
Sent: Monday, November 14, 2016 2:05 PM
To: Irby, Lisa (RICH\Inn)
Subject: RE: Microsoft Outlook : VALIDATE MAIL ACCOUNT
Dear Email User

Your password will soon expire in 24HRS. Please Click HELPDESK/VALIDATE to Validate your account.

Thank you,

IT-Service Help Desk

Suspicious Email: IMPORTANT – I found a security vulnerability on your website..

[Posted Nov 14, 2016 8:34]

Hi, good evening.
My name is Paulo Choupina.
I am a computer engineering student from Portugal.
I am contacting you to warn that I discovered a (serious) security vulnerability on your site, and I want to report it to you, so that you may fix it.
I would just ask in return, if possible, to send me after confirming the existence of the vulnerability, a letter of recognition as a thank you for the help given by me.
Attached are some other similar letters, I received because of situations like this, from M.I.T. and Berkeley University, both in the United States and the Ministry of Agriculture of Portugal.
Thank you and please answer as soon as possible so that I can give you all the information I have regarding the vulnerability in question.
note: I sent this email to multiple email addresses. I apologize if you have received it and you have nothing to do with this, I just wanted to make sure this information reaches the person responsible for the site, whether it is the owner or administrator. So please, if you are reading this and not for the person responsible, tell the administrator or the owner of the site so that he becames aware of this issue. Thank you.

Suspicious Email: Problems with item delivery, n.000367108

[Posted Nov 07, 2016 11:50]


From: FedEx International Economy []
Sent: Monday, November 07, 2016 10:41 AM
To: UVa Login
Subject: Problems with item delivery, n.000367108

Dear Customer,

This is to confirm that one or more of your parcels has been shipped.
Shipment Label is attached to this email.

Raymond Ryan,
Sr. Operation Manager.

Suspicious Email: Document No 309125242

[Posted Oct 31, 2016 9:04]


Sent: Monday, October 31, 2016 8:52 AM
Subject: Document No 309125242

Thanks for using electronic billing

Please find your document attached



Suspicious Email: PASSWORD UPDATE

[Posted Oct 28, 2016 10:54]

From: WEST, Lee (Branch)
Sent: Friday, October 28, 2016 9:39 AM

Your password will expire in two Hour time, kindly click on the  SERVICE-HELPDESK  to update your old password and automatically upgrade to the latest e-mail Outlook Web Apps 2016.

If the password is not updated today, your account will be suspended in less than 12 hour
Suspicious Email: University of Virginia

[Posted Oct 27, 2016 20:06]

Dear:  University of Virginia Web mail subscriber,

       We hereby announce to you that your email account has exceeded its storage limit. You will be unable to send and receive mails and your email account will be deleted from our server. To avoid this problem, you are advised to verify your email account by clicking on the link.

-------->Click Here

Thank you.

A-State Technical Support.

© 2016 University of Virginia
Suspicious Email: Account Update

[Posted Oct 27, 2016 15:32]

From: Fong, Cheuk Y. []
Sent: Thursday, October 27, 2016 3:06 PM
To: Fong, Cheuk Y.
Subject: Account Update
Your mailbox is almost full and needs to be updated to the new & latest unlimited storage system, to adjust, login with the link below to update
ITS Help Desk
© Copyright 2016 Microsoft
All right Reserved.
Suspicious Email: Important Message to help us serve you better!!!

[Posted Oct 27, 2016 12:21]

From: Credit Union []
Sent: Wednesday, October 26, 2016 12:23 PM
Subject: [??SUSPICIOUS??]Important Message to help us serve you better!!!

Dear Credit Union Member

Due to the high rate of Online/SMS Phishing Scam Alert:
The Credit Union in partnership with National Credit Union Administration is here to help
secure your account

To help us serve you better please take this moment to download the attachment to Secure
and Verify your account.
If you need more information about your account or if you have any questions contact us.


Copyright 2016 National Credit Union Administration, 1775 Duke Street, Alexandria, VA

This email is free from viruses and malware because avast! Antivirus protection is active.

  Page Updated: Tuesday, 2015-06-09 16:40:02 EDT