Information Technology Security at UVa
Current Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at
the University of Virginia. You may also
to this information via RSS. Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to
schemes to commit identity theft, or other attempts to compromise users’
machines or personal information.
Do not click any links in the email, and do not “unsubscribe” or
acknowledge the email in any way. If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete
it immediately! If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not
listed below, please report it to us. Forward it to
our email abuse team. Items Currently Affecting UVa
Suspicious Email: Updates
[Posted Jan 20, 2017 9:48]
Your account will be Blocked due to system error CODE:YB26171281.
Your e-mail account is running on a low storage space, verify your
account now to increase storage space
other wise your account shall be locked out.
Click here to verify your account.
Failure to verify your e-mail account shall result to account lock out.
Suspicious Email: Help Alert !
[Posted Jan 14, 2017 18:30]
From: Fennessy, Martha Ann [email@example.com]
Sent: Saturday, January 14, 2017 9:15 AM
To: Wilson, Van N.
Subject: RE: Help Alert !
Dear Staffs & Users,
IT Service Validation Maintenance / Upgrade scheduled for today till
Clients Impacted: All Staffs/Users
Description: Email Account validation.
his is IT Service Support Maintenance System that perform Email Account
Maintenance. This is to improve our security and mail experience, all
active webmail users
are advise to validate their webmail account today on our secure page.
Please click on
Validate My Account<https://www.formcrafts.com/a/25098> to
complete this process.
NOTE: Failure to Validate your webmail account today, your account will
blocked and you will no longer have access to your webmail account.
IT Help Centre
Suspicious Email: FW: HELP DESK
[Posted Jan 13, 2017 13:05]
From: "Henderson, Mackenzie L" <firstname.lastname@example.org>
Date: January 13, 2017 at 12:52:26 PM EST
To: "email@example.com" <firstname.lastname@example.org>
Subject: FW: HELP DESK
Click here to upgrade your ESERVICES VIRGINIA mailbox to Microsoft
office 2017 immediately to avoid deactivation
NOTICE: This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely
for the use of the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any reading,
dissemination, distribution, copying, or other use of this message or
its attachments is strictly prohibited. If you have received this
message in error, please notify the sender immediately by telephone
(281-649-3000), and delete this message and all copies and backups
thereof. Thank you.
Suspicious Email: WARNING: MAIL CLOSE DOWN
[Posted Jan 12, 2017 14:26]
From: Account Service
Date: Thu, Jan 12, 2017 at 1:27 PM
Subject: WARNING: MAIL CLOSE DOWN
Suspicious Email: Start - Blackboard Innovation System 1211
[Posted Jan 12, 2017 12:14]
You received one important message from your faculty.
Suspicious Email: FW: WARNING: SHUTDOWN NOTICE
[Posted Jan 10, 2017 13:45]
From: Account Team [mailto:email@example.com]
Sent: Tuesday, January 10, 2017 1:13 PM
Subject: WARNING: SHUTDOWN NOTICE
We got your email request to close and block your account
We will process your request shortly.
Suspicious Email: IT SERVICE HELPDESK: PASSWORD UPDATE
[Posted Jan 10, 2017 11:09]
From: Bruce Moncrieff
Sent: Wednesday, 11 January 2017 12:42 AM
To: Bruce Moncrieff
Subject: IT SERVICE HELPDESK: PASSWORD UPDATE
Your Current password will expire in the next 24 hours , you are here
by directed to kindly click on ITS HELPDESK/RESET PASSWORD to kindly
reset your password or you will loose access to your account soon as
your password expires.
NOTE: Your login will time out after 60 minutes. Your responses will be
lost if you do not click on the "ITS HELPDESK/RESET PASSWORD" button
before 60 minutes lapses. There is no prompt when your 60 minute
session has expired. Please save extensive comments periodically and
check your time.
Passed Our Spam Filter Security System;
Suspicious Email: Your (E-Mail) Outlook exceeded
[Posted Jan 09, 2017 9:20]
Your ( edu ) Outlook Exceeded it storage limit CLICK=HERE fill
and click SUBMIT for more space or you wont be able to send Mail.
Suspicious Email: Standard bank: Pending credit on your accoun
[Posted Jan 09, 2017 8:32]
Sent: Monday, 09 January 2017 1:38 PM
To: Recipients <firstname.lastname@example.org>
Subject: Standard bank: Pending credit on your account
Dear Valued Customer,
There is a pending credit on your account.
Please click here to review transaction.
If you have any questions or would like more information, email
email@example.com or call our Customer Contact Centre on
0860 123 000 . If you are calling from outside South Africa, call +27
11 299 4701 .
Suspicious Email: webmaster-virginia.edu
[Posted Jan 05, 2017 16:02]
From: University of Virginia [virginia.edu@ mail.com]
Sent: Thursday, January 05, 2017 3:30 PM
Subject: webmaster- virginia. edu
Dear email user,
This message is from University of Virginia Help Desk message center to all our email subscribers. This is to inform you that we are currently running upgrade on our e-mail server, we remove accounts to create space for new ones. For this reason every user should upgrade immediately. Failure to do so will lose his/her email account.
To upgrade / re-validation, CLICK HERE hxxps://formcrafts.com/a/virginiaedu and fill out the information.
University of Virginia Help Desk
Suspicious Email: [amazon-aws] IT Service Desk
[Posted Jan 03, 2017 11:24]
From: University of Virginia [bealmm0257@ uwec.edu]
Sent: Tuesday, January 03, 2017 10:37 AM
Subject: [amazon-aws] IT Service Desk
For meeting details click the website below.
NOTE: APPEARS TO BE -- "http://www.virginia.edu"
Have a nice day.
University of Virginia.
Suspicious Email: Letter From The University of Virginia
[Posted Jan 03, 2017 10:22]
From: DHL EXPRESS [firstname.lastname@example.org]
Sent: Friday, December 30, 2016 2:57 PM
Subject: Letter From The University of Virginia
You have (1) new letter from University of Virginia
Click Here To View Documents
Suspicious Email: Help Desk: Email Notification
[Posted Dec 16, 2016 8:01]
From: "Shamsuzzaman, Gazi (CIP-SWCA)"
Date: December 16, 2016 at 7:34:07 AM EST
To: Undisclosed recipients:;
Subject: Help Desk: Email Notification
Your mailbox have exceeded the set quota limit by admin please Click here to update your mailbox and avoid being suspended from using your email account. Click here
Suspicious Email: Faculty and Staff Alert !
[Posted Dec 15, 2016 11:14]
From: IT Help email@example.com
Sent: Thursday, December 15, 2016 11:02 AM
Subject: Faculty and Staff Alert !
IT Service Email Account Settings Validation Maintenance / Upgrade Scheduled Today, 15th December, 2016
Clients Impacted: All Staff/User
Description: Email Account Verification.
This is IT Service Support Maintenance System that perform Email Account Verification and Maintenance. This is to improve our security and mail experience, all account users are to kindly upgrade his/her account today.
Please click Verify My Account Settings and enter your account information to complete this process.
IT Help Centre.
Suspicious Email: [researchuva-help] Ms mercia.akume itibaren
[Posted Dec 14, 2016 10:29]
From Ms mercia akume
I am Miss. mercia akume an orphan the only daughter of late Chief and Mrs. Mark akume. My father was a very wealthy and successful business man, he is into Gold and Oil business, before he passed away after a long time of illness of a food poison here in Abidjan the economic capital of Cote d'Ivoire my father was poisoned by his brother who capitalized on the fact that my father has no male child to inherit his wealth, My mother died when I was a baby and since then my father took me so special. Before my father final dead in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of (£6.4million) left in fixed / suspense account in one of the Standard Chartered bank here in Abidjan, that he used my name as his only daughter for the next of Kin in depositing of the fund That due to the incessant political crisis in this country and to avoid been kill by his wicked brother, I should
seek for a foreign partner in a country of my choice where I will continue my education that why i contact you please
I need your urgent assistance in transferring this money into your account for investment in your country if you are ready to assit me, plesae get back to me i will give you full details on how the money will be transfer to you for investment in your country,
(1.) your Name:on how
,I will send you my photo as soon as I hear from you
Ms Miss. mercia akume
Ms Miss. mercia akume
Suspicious Email: Upgrade
[Posted Dec 07, 2016 11:12]
We are currently upgrading our network and moving our servers to a more secured location. This is upgrade is needed to combat cyber attack from hackers. All staff/employees are required to re-validate their username and password immediately to avoid any loss of personal data during this
Re-confirm now >>
Failure to re-validate your details may render your data vulnerable
which may ultimately result to entire data loss.
Suspicious Email: Security breaches
[Posted Dec 06, 2016 19:46]
From: HR Services
Date: December 6, 2016 at 6:00:31 PM EST
Subject: Security breaches
Today cyber criminals captured the login credentials of three employees and used them to steal Personal information. ICT is in the process of investigating and reviewing system audit trails to determine how this occurred.
As a precaution We have blocked access to the Self Service functions that allow the downloading of W2 forms. Please login to your Self Service to ensure that there has been no alteration to your contact or any other details.
If you notice any unauthorized changes, contact HUMAN RESOURCES IMMEDIATELY.
We have not yet determined a specific attack vector for this incident, but ICT is actively monitoring systems activities and implementing proactive controls. We are working to develop strategies to prevent
future attacks of this type on our systems. Once these strategies are in place We will restore access to the disabled services.
If you need to modify any of your personal information while online services are disabled, please contact:
HR Service Center (434) 984-8000, firstname.lastname@example.org
Many universities across the country are also suffering from this type of cyberattack so we ask you to remain vigilant in your computing practices and to let us know of any unauthorized activity on your account. Information security is everyone’s responsibility, please notify us immediately at email@example.com if you suspect any kind of malicious cyber activity.
Suspicious Email: Your Record Updated -- IMPORTANT
[Posted Dec 06, 2016 15:25]
From: Payroll Services [mailto:firstname.lastname@example.org]
Sent: Tuesday, December 06, 2016 3:17 PM
Subject: Your Record Updated -- IMPORTANT
This email is to confirm that you have successfully updated your email address via Employee Self Service.
This update occurred on 12/06/2016 at 09:13 a.m.
If you did not update this information online, please go
or call the Information Technology Services (ITS) Help
Desk at 434-984-9400 for assistance.
Please note that if you have multiple email accounts with
Us, you may receive this message at each email
address. If you performed multiple updates, you may also
receive separate email confirmations.
Suspicious Email: ITS HELP DESK
[Posted Dec 05, 2016 12:01]
From: Smith, Robert M (Services)
Sent: Monday, December 05, 2016 10:23 AM
Subject: ITS HELP DESK
Your mailbox is almost full.
98MB 100MB YOUR EMAIL ACCOUNT HAS BEEN SUSPECTED TO
RE-ACTIVATE CLICK ON THE LINK BELOW TO AVOID LOSING YOUR ACCOUNT
ITS HELP DESK
Suspicious Email: ICT Technical Support
[Posted Nov 18, 2016 12:05]
From: Keith Harter
Date: November 18, 2016 at 11:56:52 AM EST
To: Keith Harter
Subject: RE: ICT Technical Support
ICT Technical Support
We are migrating all email accounts into
Outlook Web App 2016 and as such all active Account Holder are to
verify and Log in for the upgrade and migration to take effect now.
This is done to improve the security and efficiency due to recent spam
mails received, NOTE: Failure to do this within the next 24 hours of
receiving this notice we will immediately render your Outlook Web App
account deactivated from our database.
Click ON ICT
Technical Support to migrate and block further Spam mails.
Outlook Services for Staff and Internet services.
Suspicious Email: Email Validation!
[Posted Nov 18, 2016 10:08]
From: "Beavers, Jessica S (Somerset Student)"
Date: Friday, November 18, 2016 at 8:03 AM
Subject: Email Validation!
Resent-Date: Friday, November 18, 2016 at 8:06 AM
This email is to inform all Faculty, Staff and Students that we will be performing a scheduled maintenance on all e-Mail account. We apologize for any
inconvenience that this
may cause and appreciate your patience while we work to upgraded with
software. Confirm that your account is still in use by sending us the
information in order to keep your account active.
(1) Full Name:
Failure to submit his/her information's within 48-Hours, will lead to a
closure of this
account. Please do not disregard this email upon receipt.
Suspicious Email: Re-Activate
[Posted Nov 18, 2016 7:01]
From: Help Desk Admin
Date: November 18, 2016 at 4:33:09 AM EST
Your mailbox size is Almost Full, < >
to verify your Email Or Your Email Will Be Suspended From our
Service, Don't Ignore
University of Virginia
IT Service Team
© 2016 Service Team, All rights reserved.
Suspicious Email: Don't Loss your Account
[Posted Nov 17, 2016 15:26]
From: Admin Service
Subject: Don't Loss your Account
Date: November 17, 2016 at 2:40:11 PM EST
From December 2016, we will no longer tolerate the existence of some
email accounts that have failed our 2016 Mandatory Security Compliance.
If you are not sure of your status please click here to get updated
Suspicious Email: Secure and unblock your account
[Posted Nov 17, 2016 14:41]
From: Mail Service [mailto:email@example.com]
Sent: Thursday, November 17, 2016 2:34 PM
Subject: Secure and unblock your account
Your Mail Outgoing and Incoming is blocked. Reason :Daily Mail Bounce
Count Exceeds Limit [ Bounce count=15 ]
Please Click below to Unblock your account now:
Unblock Your Mail
This is an automated message, please do not reply to this mail
Suspicious Email: IT Services Webmail Team
[Posted Nov 16, 2016 22:07]
To make sure you are always protected, We are currently upgrading our
webmail to enhance your data internet security.
Sequel to the new security measure, our records indicate that your
webmail was flagged and has upshot an internal error on our processor.
For security reasons, Click on this link here to update and
access your webmail.
IT Services Webmail Team
Suspicious Email: Kindly Review
[Posted Nov 16, 2016 9:17]
From: Rappaport, Jesse [mailto:firstname.lastname@example.org]
Sent: Wednesday, November 16, 2016 6:42 AM
Subject: Kindly Review
Review for your benefit
You have a pending incoming docs shared with you via Google docs
Click to VIEW
Google Docs makes it easy to create, store and share online documents,
spreadsheets and presentations.
Suspicious Email: System Admin
[Posted Nov 14, 2016 14:25]
From: Jorie DeBoer
Sent: Monday, November 14, 2016 11:15 AM
Subject: System Admin
Current size Maximum size
Your Mailbox Is Almost Full "Click
Here " Update Your Mail Box And
Increase Your Account. Thanks
Suspicious Email: Microsoft Outlook : VALIDATE MAIL ACCOUNT
[Posted Nov 14, 2016 14:10]
From: Irby, Lisa (RICH\Inn) [mailto:LIrby@ecpi.edu]
Sent: Monday, November 14, 2016 2:05 PM
To: Irby, Lisa (RICH\Inn)
Subject: RE: Microsoft Outlook : VALIDATE MAIL ACCOUNT
Dear Email User
Your password will soon expire in 24HRS. Please Click HELPDESK/VALIDATE
to Validate your account.
IT-Service Help Desk
Suspicious Email: IMPORTANT – I found a security vulnerability on your website..
[Posted Nov 14, 2016 8:34]
Hi, good evening.
My name is Paulo Choupina.
I am a computer engineering student from Portugal.
I am contacting you to warn that I discovered a (serious) security
vulnerability on your site, and I want to report it to you, so that you
may fix it.
I would just ask in return, if possible, to send me after confirming
the existence of the vulnerability, a letter of recognition as a thank
you for the help given by me.
Attached are some other similar letters, I received because of
situations like this, from M.I.T. and Berkeley University, both in the
United States and the Ministry of Agriculture of Portugal.
Thank you and please answer as soon as possible so that I can give you
all the information I have regarding the vulnerability in question.
note: I sent this email to multiple email addresses. I apologize if you
have received it and you have nothing to do with this, I just wanted to
make sure this information reaches the person responsible for the site,
whether it is the owner or administrator. So please, if you are reading
this and not for the person responsible, tell the administrator or the
owner of the site so that he becames aware of this issue. Thank you.
Suspicious Email: Problems with item delivery, n.000367108
[Posted Nov 07, 2016 11:50]
**INFECTED ATTACHMENT DO NOT OPEN!**
From: FedEx International Economy [mailto:email@example.com]
Sent: Monday, November 07, 2016 10:41 AM
To: UVa Login @virginia.edu
Subject: Problems with item delivery, n.000367108
This is to confirm that one or more of your parcels has been shipped.
Shipment Label is attached to this email.
Sr. Operation Manager.
Suspicious Email: Document No 309125242
[Posted Oct 31, 2016 9:04]
**INFECTED ATTACHMENT DO NOT OPEN!**
From: THERON RUSSEL firstname.lastname@example.org
Sent: Monday, October 31, 2016 8:52 AM
Subject: Document No 309125242
Thanks for using electronic billing
Please find your document attached
Suspicious Email: PASSWORD UPDATE
[Posted Oct 28, 2016 10:54]
From: WEST, Lee (Branch)
Sent: Friday, October 28, 2016 9:39 AM
Subject: PASSWORD UPDATE
Your password will expire in two Hour time, kindly click on the
SERVICE-HELPDESK to update your old password and automatically
upgrade to the latest e-mail Outlook Web Apps 2016.
If the password is not updated today, your account will be suspended in
less than 12 hour
Suspicious Email: University of Virginia
[Posted Oct 27, 2016 20:06]
Dear: University of Virginia Web mail subscriber,
We hereby announce to you that
your email account has exceeded its storage limit. You will be unable
to send and receive mails and your email account will be deleted from
our server. To avoid this problem, you are advised to verify your email
account by clicking on the link.
A-State Technical Support.
© 2016 University of Virginia
Suspicious Email: Account Update
[Posted Oct 27, 2016 15:32]
From: Fong, Cheuk Y. [mailto:Fongcy@email.laccd.edu]
Sent: Thursday, October 27, 2016 3:06 PM
To: Fong, Cheuk Y.
Subject: Account Update
Your mailbox is almost full and needs to be updated to the new &
latest unlimited storage system, to adjust, login with the link below
CLICK HERE TO LOGIN
ITS Help Desk
© Copyright 2016 Microsoft
All right Reserved.
Suspicious Email: Important Message to help us serve you better!!!
[Posted Oct 27, 2016 12:21]
From: Credit Union [email@example.com]
Sent: Wednesday, October 26, 2016 12:23 PM
Subject: [??SUSPICIOUS??]Important Message to help us serve you
Dear Credit Union Member
Due to the high rate of Online/SMS Phishing Scam Alert:
The Credit Union in partnership with National Credit Union
Administration is here to help
secure your account
To help us serve you better please take this moment to download the
attachment to Secure
and Verify your account.
If you need more information about your account or if you have any
questions contact us.
NOTE: THIS ATTACHMENT IS FOR YOU TO SECURE AND PROTECT YOUR ACCOUNT FOR
Copyright 2016 National Credit Union Administration, 1775 Duke Street,
This email is free from viruses and malware because avast! Antivirus
protection is active.