It being the end of the month, a Friday and the end of a calendar quarter has many of us thinking about getting paid. Mmmmm payday always feels good.
Unfortunately the scammers are trying to create their own payday and have moved from pretending to be NACHA, to impersonating payroll processing company ADP.
We are seeing two variants of the mail. One is simply a plain text message with the subject "ADP Funding Notification - Debit Draft" instructing you to click a link to view your transaction report.
The second is more professional looking and suggests to human resource specialists that ADP is upgrading its security processes and you need to login and be trained on the new procedures.
I was expecting this to be a well crafted phishing campaign on first look, but this time it's malicious.
Sophos anti-spam products are blocking these messages as spam as another layer of defense-in-depth.
Don't click links in email folks. It's 2012 and we have been saying this for over 10 years now. Think before you click.
Thank you to Savio Lau from SophosLabs for alerting me to this scam.Follow @chetwisniewski