On Nov. 15, an email scam resurfaced that was first reported earlier this year. The email was supposedly from ADP, a business-to-business solution provider and references “ADP Funding Notification – Debit Draft.”
The version of the email received on Nov. 15 reads: “Your Transaction Report(s) have been uploaded to the web site.” It then lists an invalid email address on the adp.com website and continues, “Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s). Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.”
In fact, the website URL and the contact link go to a site with a Portugal-registered domain name, “shyportugal.pt,” that may be used for downloading of malicious code onto a visitor’s computer. The domain name is registered to an organization name “Yoga Association of Human and Universal Energy, SHY.” Odd as it may seem that a yoga association might be involved in participating in this type of scam, this scam also involves another country, Turkey. Upon evaluation of the latest email, it appears that the mail server where the email originated uses a domain name registered in Turkey.
When the first of these emails was reported in June, ADP posted a notice on their website saying, in part, “Please note that these emails are not originating from ADP and our analysis has revealed that they do contain a malicious attachment. ADP is working with our security vendors and fraud prevention team to identify and contain the source(s) of these emails.”
The ADP press release also advises email users how to handle this and other malicious emails.
If you receive any new or related suspicious email:
- Do not click on any links or open any attachments within the message.
- Please forward the email **AS AN ATTACHMENT** to firstname.lastname@example.org.
- Delete the email.
In their emailed response, ADP provided additional information about the fake emails being sent, including a list of subject lines in those emails:
- ADP Debit Draft – ES Flexdirect
- Debit Draft – ES Flexdirect
- ADP Urgent Notification
- Your Payroll Is Processed
- ADP Invoice Reminder
- ADP Generated Message: First Notice – Digital Certificate Expiration
- ADP Security Management Update
- ADP Funding Notification – Debit Draft
- Your American Express Forgotten User ID
- ADP Speedy Warning
- ADP Immediate Message
- ADP Prompt Message
- ADP Instant Message
- ADP Urgent Announce
- ADP Prompt Notification
- ADP Pressing Notification
Their response also said, “As part of our commitment to protecting your data and to providing you with secure services, we maintain a Trust Center on ADP.com ref http://www.adp.com/about-us/trust-center/security-alerts.aspxHere you’ll find up-to-date security alerts and examples of some of these recent fraudulent emails. You will also see information on how to report abuse.”