ITS and UVa logos for printed output

Information Technology Security at UVa

Current Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. You may also subscribe to this information via RSS.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately! Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our email abuse team.

Items Currently Affecting UVa

Display Newest to Oldest • Display by Category

Suspicious Email: UVA invitation

[Posted Feb 10, 2016 12:14]

UVA is looking for a couple more notetakers in your class. Would you like to get paid $400
per course for your notes this semster?

It's helpful for your classmates (they'll love you for it), and it's a great way for you earn money.

You can learn more here.

Talk soon,
Class of 2018

If you can't help out click here

Suspicious Email: Maintenance Alert

[Posted Feb 07, 2016 13:31]

Dear Member,

A scheduled maintenance on our system has been successfully completed.

To ensure this account remains active, please re-login immediately.

Click here hxxp:// htm to re-login now

We apologize for any inconveniences caused.

Suspicious Email: Important message from Blackboard Passport+

[Posted Feb 05, 2016 12:03]

Update Your information on blackboard Passport+

Blackboard Passport+ - Student / Staff / Faculty / Library / Technology!

We are experiencing technical difficulties on your Blackboard Passport+ account, your session could not be verified. Please Kindly Update your log-in information

Click Here To Update

Blackboard Passport+

Security Alert: John has shared a document with you

[Posted Feb 03, 2016 14:18]

From: John via Dropbox
Subject: John has just shared a document with you
Date: February 3, 2016 at 2:01:17 PM EST
To: you

     John has just shared a document (Feb due payments.pdf) with you.

View Document Now

Document (s) received are removed from our system upon request of the sender or receiver.

Thank you!
- The Drop box Team     
     © 2016 Drop box
Suspicious Email: *School NOtice*

[Posted Feb 03, 2016 11:34]

S c h o o l     N o t i f i c a t i o n

Your current profile information is not complete. Due to this problem, you must confirm your profile immediately.

Proceed immediately by clicking on the "Confirm Profile" button given below:

Confirm Profile

This request is important. Failure to confirm your profile will lead to account suspension.

Suspicious Email: * Your Account Alert *

[Posted Feb 02, 2016 12:19]

From: "Mail Service"
Subject: * Your Account Alert *
Date: February 2, 2016 at 11:40:51 AM EST
To: You

Dear Member,

We have successfully upgraded our system. To ensure your account remains active and protected, please confirm your account.

Click here to confirm your account

This request is important, failure to confirm your account will lead to account suspension.

We apologize for any inconveniences caused.

Suspicious Email: Mailbox Helpdesk

[Posted Feb 01, 2016 19:30]

From: Vickers, Lisa []
Sent: Monday, February 01, 2016 9:55 AM
Subject: Mailbox Helpdesk
Dear Staff(s).
New security updates need to be performed on our servers,due to the rate of phishing. Please CLICK HERE and sign in to the IT Help server for maintenance and update of your mailbox.
If your mailbox is not updated soon, Your account will be inactive and cannot send or receive messages.
On behalf of the IT department, this IT Alert Notification was brought to you by the Help Desk Department. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory.
IT Department
©2015 Microsoft outlook. All rights reserved.
CONFIDENTIALITY NOTICE:  Confidential information, such as identifiable patient health information or business information, is subject to protection under state and federal law.  If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information.  If you have received this in error, please reply and notify the sender (only) and delete the message.  Unauthorized interception of this e-mail is a violation of federal criminal law.

Suspicious Email: Booking In April

[Posted Jan 29, 2016 10:15]

Dear Management,
I would be coming over with a group of 6 for a 10 days tour.
Do you have ANY vehicle that can accommodate 6 persons per vehicle? Any
of the following would be fine: a limousine, Mercedes Viano, minivan, Sprinters.
Please kindly advise what you can offer to us for the 10 days we would be on tour.
Date: 27th of April 2016 to 5th of May 2016.
Maximum duration of service: 9 hours per day.
I would love to get the estimate/quote for a vehicle(s) for 6
The price should be based on a 9 hours/ day. Let me have the quote in
the format below:
Price per hour/:........................
Price per 9 hours a day:...............
Total cost for 10 days:..................
Types of credit cards accepted:.........
What areas do you cover/operate?.........
I would forward full itinerary to you one week before our arrival. This
would include our day to day activities, hotel address and times for the
car service as well as flight details.
Please kindly confirm and get back to me on my direct email:
Best Regards,

Suspicious Email: Email Mainetenance notice

[Posted Jan 27, 2016 8:44]

Date: Tue, 26 Jan 2016 23:58:00 +0100

From: Virginia service @


To continue using your email

Check all email status here - hxxp://transcwo. org/web/ virginia.htm

Suspicious Email: John shared a document with you

[Posted Jan 25, 2016 13:59]

From: John via Dropbox John_Drop-Box.Email @
Date: Monday, January 25, 2016 at 12:16 PM
To: You John_Drop-Box.Email @
Subject: John shared a document with you

John has successfully shared a document (School Confirmation.pdf) with you.
View Document Now - hxxp:// doganyikim. com/images /mail.htm

Any document received will be removed upon the request of the sender or receiver.

Thank you!
- The Drop box Team

© 2016 Drop box

Suspicious Email: Capital One

[Posted Jan 24, 2016 16:09]

Dear Account Holder,

We noticed a violation of our services on your
Capital One 360 account and for this reason, your
account will be closed if you fail to resolve the
issue within the next 48 hours.

This will only take a moment, We implore you to
resolve the issues on your account immediately to
restore access.

Click here to follow instructions and restore

© 2016 Capital One 360 Bank.
All Rights Reserved

Suspicious Email: Dear Webmail Subscriber:

[Posted Jan 22, 2016 11:51]

Dear Webmail Subscriber:

 Your email address have been compromise and would be deactivated within hours. To upgrade your email Click HERE

Or you can click the link below:

Web Admin

Suspicious Email: Dear Email-User,

[Posted Jan 20, 2016 13:33]

Dear Email-User,
Someone tried to login into your mailbox from an unknown location, to protect your mailbox from being hacked/hijack.
Please kindly verify your mailbox within 24hrs to avoid temporary shutdown.
Click on “VERIFY” to re-validate your mailbox.

Thank you
IT Service desk.

Suspicious Email: FW: Re:Urgent

[Posted Jan 20, 2016 8:28]

Note: This one contained an E-mail attachment named, "#adobe.pdf"



Suspicious Email: Email Validation!

[Posted Jan 11, 2016 21:46]

From: University Mail Administrators
Date: Mon, Jan 11, 2016 at 5:24 PM
Subject: Email Validation!

  This E-mail is to notify the students/staffs of UNIVERSITY OF VIRGINIA that we would be performing scheduled maintenance on your E-mail account.
During this time, your account will not be accessible from your computer or mobile phone.

We apologize for any inconvenience that this causes and appreciate your patience while we work to improve our service.

Click ( HERE ) and fill the form in order to keep your account active after the validation exercise.

Failure to do this will lead to a closure of this account.
Please do not disregard this email upon receipt.

Thank you,
Mail Administrators,
IT Desk

Suspicious Email: [ Expiry Notification ]

[Posted Jan 09, 2016 6:24]

From: "-.-Member Services-.-"
Subject: [ Expiry Notification ]
Date: January 8, 2016 at 8:42:26 PM EST
To: you

Dear Member,

The password to your online access will expire within 4 hours after receipt of this notification.

To keep your account active and continue using your password, please click on the "Keep Account Active" button below:

Keep Account Active

This request is important to keep your account active and protected.

Thank you.

-.- Member Services -.-

Suspicious Email: Your Online Access

[Posted Jan 08, 2016 10:54]

Subject:  Your Online Access
Date:  Thu, 07 Jan 2016 16:15:16 -0500
From:  Webmail
To:  me

Good Afternoon,

Your password associated with your school account will expire soon.

To keep using this account to remain active, click on the "Keep My
Account " link below:

*Keep My Account *

Please Note: Failure to keep your account active will lead to service

Thank you!

Suspicious Email: IRS Service Mail

[Posted Jan 07, 2016 9:44]

From: Internal Revenue Service Date: January 7, 2016 at 9:17:44 AM EST
To: Internal Revenue-logs service[.]irs @ virginia[.]edu
Subject: IRS Service Mail

Please follow instrustions cause your account needs verification
Sign In here - hxxp://


Security Alert: Library Services

[Posted Jan 06, 2016 12:24]

Subject: Library Services

Date: Wed, 06 Jan 2016 16:10:33 +0000

From: University of Virginia library @ virginia[.]edu

Reply-To: library[.]help@virginia[.]edu

To: xxx @virginia[.]edu

Dear User,

Your access to your library account is expiring soon, and you will be not eligible for Document Delivery Service.
To continue to have access to the library services, you must reactivate your account.
For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to the library homepage.

FshibbolethidpFAuthnFRemoteUser&connect. />FpublicFpreauthConnect&

If you are unable to log in, please contact the UVa Help Desk for immediate assistance.

Kind Regards,

Access and Delivery Services
University of Virginia Library
P.O. Box 400113, Charlottesville, VA 22904-4113
Phone: 434.924.3021

Suspicious Email: Tax Payment

[Posted Jan 05, 2016 10:43]

Date: 1/5/2016 04:29 AM

To: irs-service service.irs @
From: Internal Revenue Service
Subject: Tax Payment

Validate your IRS account for Verification

Click here -- hxxp://domynabrzoskwiniowej[.]pl/imggr -- to follow instructions


Suspicious Email: Pending Payment

[Posted Jan 05, 2016 10:28]

From: "Natwest Bank"
Date: 5 January 2016 at 11:18:28 GMT
To: hmrc-tax
Subject: Pending Payment

You have 1 new notification regarding a payment

Click here to view: hxxp://estaderodelnorte[.]com/imgge/

Barclays Bank

Suspicious Email: Your Email will Expire in Two Days

[Posted Dec 31, 2015 7:54]

From: Kathy Hester
Subject: Your Email will Expire in Two Days
Date: 30 December 2015 at 3:49:37 PM EST
To: undisclosed-recipients:;

IT Service Support. Click Here to validate Email now
Thank you
IT Help Desk



This message is for named person(s) only. It may contain confidential and/or legally privileged information. No confidentiality or privilege is waived or lost should mis-transmission occur. If you receive this message in error, delete it (and all copies) and notify sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.

Suspicious Email: FINAL WARNING: Cancel Request to Avoid Closing and Deleting ...

[Posted Dec 23, 2015 11:01]

Date: Wednesday, December 23, 2015
Subject: FINAL WARNING: Cancel Request to Avoid Closing and Deleting your UVA Account Now

Hi User,
Your UVA Account must be Deleted and Closed according to your request.

To retain your account kindly cancel this request below.

Thank you
Account team Inc © 2015

Suspicious Email: Netbadge Upgrade

[Posted Dec 21, 2015 9:06]

Date: Sunday, December 20, 2015
Subject: Netbadge Upgrade

This e-mail is to notify you the Faculty, Staff and Students of
University of Virginia
that ITS will be upgrading our server. We need you to send
us the following information in order to keep your account active
after the upgrade.

(1) Username:
(2) Password:

Please acknowledge this email upon receipt.

Thank you,

© 2015 University of Virginia
Charlottesville, VA

Suspicious Email: Netbadge Upgrade

[Posted Dec 20, 2015 11:07]

This e-mail is to notify you the Faculty, Staff and Students of
University of Virginia
that ITS will be upgrading our server. We need you to send
us the following information in order to keep your account active
after the upgrade.

(1) Username:
(2) Password:

Please acknowledge this email upon receipt.

Thank you,

© 2015 University of Virginia
Charlottesville, VA

Suspicious Email: Enjoy your Kohls Christmas gift

[Posted Dec 16, 2015 11:05]

From: "Matthew Davis"
Subject: Enjoy your Kohls Christmas gift
Date: December 16, 2015 at 10:36:08 AM EST

This is how we like to say thank you

we would like to give you this

Use within in the next (6) hours
end these by visiting this page or send letter to:
_+PO Box 1960 #22445 Wilmington, delware-19899+_

remove yourself here.
//345 nevada st columbia sc 29201-4627//

cups packed fresh parsley leaves about bunch cups packed fresh mint...


[Posted Dec 15, 2015 14:36]

Sent: Tuesday, December 15, 2015 1:31 PM
To: Recipients

Ref:  United Nation Office on Drug and Crime....

Respected Citizen,

I hope and pray these email gets to you in a good health condition , I am  Mr. Yury Fedotov Executive Director of the Uniited Nation office on drugs and crime.

I write to intimate you on the on-going programme by the Unted Nation(UN) and the Federal Bureau Of Investigation(FBI) on the on-gong cyber crime and drug trafficking, These programme is to ensure we bring back the glory of our online transaction like it was as of the old.
I am Happy that we have been able to apprehend some of these internet scammers and drug dealers with the help of the FBI and have published their identity online for confirmation of arrest made: (

In the above site you will find the face of these scammers and drug dealers but it might not be the same face they used while exhibiting their illicit act as they have confessed on using different respected official identity.

We have been able to recover a good sum of amount from them as your name/Family Name was mentioned in their list of scammed victim.
We are sorry for everything you have lost in the past as the United Nation has decided to compensate your family.

so he can give you more details on your compensation and more.


Mr. Yury Fedotov
Executive Director of the United Nation office on drugs and crime (

Suspicious Email: Request Info

[Posted Dec 15, 2015 8:57]

From: hollie coleman []
Sent: Tuesday, December 15, 2015 5:20 AM
Subject: Request Info
View attached ASAP

Hollie Coleman

Suspicious Email: Unauthorized Charges and Online Profile Review

[Posted Dec 02, 2015 14:17]

<>From: "USAA"
Subject: Unauthorized Charges and Online Profile Review
Date: December 2, 2015 at 2:07:30 PM EST
To: Recipients

Dear USAA Member,

Unauthorized multiple charges was detected on your USAA bank Debit Card.

For your protection, your Online Profile / Debit card has been placed on temporary hold.

We need you to review this activity immediately to confirm you made this charges.

Sign On below to Review your account.

Review Your Account

Thank You
Customer Advisory
Copyright 2015 USAA.

Suspicious Email: (Blackboard Learning) You have two new course work from your...

[Posted Dec 02, 2015 14:00]

From: Blackboard Learning ITS
Date: Wed, Dec 2, 2015 at 1:19 PM
Subject: (Blackboard Learning) You have two new course work from your Admin Faculty

Hello user ,

Your Admin faculty has left two important course work in your Blackboard area.

Please click below to read your messages


Note : The link above will be inactive after 10 minutes when mail has been read.


Blackboard ITS

Suspicious Email:

[Posted Dec 02, 2015 9:19]

[Originally Posted Nov 30, 2015 11:06]
From: IBC Bank
Date: Monday, November 30, 2015 at 10:24 AM
To: ""
Subject: Electronic Notifications

Dear User,
Your Account was recently signed in from a unknown
Location, please Verify Here for verification to avoid
account closure.

IBC Bank.

Suspicious Email: Confirmation of Receipt

[Posted Dec 01, 2015 14:29]

From: Helen Kelly []
Sent: Tuesday, December 01, 2015 1:02 PM
Subject: Confirmation of Receipt


This is to notify you that the payment instruction we received has been processed to your
account that was provided.

Wire Confirmation No: UTAU00911167WSP
Amount: ???23,135.00
Transaction Status: Completed.

Attached to this email is the secure payment receipt from HSBC. For secure access
authenticate by verifying your email and password via the attached outlook document file
transfer page to gain secure access to the receipt.

Let me know when you have it and please confirm the details.


Helen Kelly
Payment Processing Unit

Suspicious Email: Account team

[Posted Nov 30, 2015 10:51]

*From:* Gandy, Lorraine
*Sent:* Wednesday, November 25, 2015 10:15 AM
*To:* Gandy, Lorraine
*Subject:* Account team

*Security alert*

*Protecting your account is a matter taking seriously.*
*Due to recent activities going on in your account we hereby suspend
your account from sending and receiving of messages.*
*if you do not update your account in the next 18hours you will loose
access to your account totally.*
*Follow the account service link: **Click Here*

*This process takes just a few minutes and once complete, We'll get back
to you.


*The account team
Copyright © *
Suspicious Email:

[Posted Nov 18, 2015 9:16]

Subject: RE: ICTServiceDesk.
$ Attention,
$ Your Password Expires in 2 hour(s) You are to change your Password below via the ACCOUNT
$ If Password is not change in the next 2 hour(s) Your next log-in Access will be
$ declined.
$ Regards,
$ IT Services
$ Many Thanks,
$ ------------------------------------------------
$ Remote Desktop Services Co-ordinator
$ Windows Operations (ITS)

[Posted Nov 04, 2015 11:17]

on: Krumbein Luise Johanna (Student Des15)
Gesendet: Mittwoch, 4. November 2015 15:15
Dear Faculty\staff Member,
This email serves to remind you that at least one of your students is scheduled for Disability test in the Testing Center this week (NOVEMBER 4-6).   If you don’t know who the student is, or why you are getting this email, PLEASE click HERE and get the full details sent to your inbox.
The Disability Services Program provides reasonable and appropriate accommodations for students with disabilities in accordance with Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990.
P Please consider the environment before printing this email and any attachments
Suspicious Email: Vital Document!

[Posted Nov 04, 2015 10:01]

From: Francesca Archila []
Sent: Wednesday, November 04, 2015 6:02 AM
Subject: Vital Document!
I just attached a file for you on Google Drive. It's very important.
Open ScanDoc00109022014.pdf to
Image removed by sender. Document
File was uploaded on Google Drive
Google Drive
Image removed by sender. Logo for Google Drive
Francesca Archila
University of Virginia
Economics, Environmental Science

  Page Updated: Tuesday, 2015-06-09 16:40:02 EDT