It being the end of the month, a Friday and the end of a calendar quarter has many of us thinking about getting paid. Mmmmm payday always feels good.
Unfortunately the scammers are trying to create their own payday and have moved from pretending to be NACHA, to impersonating payroll processing company ADP.
We are seeing two variants of the mail. One is simply a plain text message with the subject “ADP Funding Notification – Debit Draft” instructing you to click a link to view your transaction report.
The second is more professional looking and suggests to human resource specialists that ADP is upgrading its security processes and you need to login and be trained on the new procedures.
I was expecting this to be a well crafted phishing campaign on first look, but this time it’s malicious.
Sophos anti-spam products are blocking these messages as spam as another layer of defense-in-depth.
Don’t click links in email folks. It’s 2012 and we have been saying this for over 10 years now. Think before you click.
Thank you to Savio Lau from SophosLabs for alerting me to this scam.
One comment on “ADP spams lead to a nasty surprise”
Thank you for this article. I've just had a few days off and my junk mail folder has several of these as well as sooooo much other garbage. I doubted the authenticity, so Googled with "hoax" and sure enough, it is. There were several articles saying so but yours is the one that stuck out.