Double Tricky Phishing E-mails Masquerade as ADP
Security investigators from Websense report encountering phishing e-mails, which attempt at duping unwitting recipients as they pose as communications from the Automatic Data Processing Company.
It maybe noted that ADP is a provider of human capital along with payroll administration facilities that are outsourced to 600K companies globally of which 7,000 belong to New Zealand and Australia.
Exhibiting a header, "ADP Invoice Reminder," the fraudulent e-mail tells the recipient that his up-to-date ADP Dealer Services Bill can currently be viewed online as also similarly paid through ADP's Online Invoice Management. Moreover, for safeguarding his data, he requires keying in his username and password followed with clicking to open his 'Access your Online Invoice Management' A/c. The sum pending till September 12, 2012 amounts to $2,8240.35. However, incase the recipient has already dispatched the due amount he may ignore the current reminder. Finally to end, the e-mail expresses gratitude to the reader for selecting ADP.
Additionally, to sound lawful as also genuine, the e-mail further tells the recipient that he can make queries regarding his invoice by contacting [name] via Secure Mail, while noting that the e-mail is auto-generated so needs no reply.
But, according to Websense, even if somebody may perceive the phishing scam's trick as attempting at grabbing people's usernames and passwords, actually, the web-link within the notice leads onto, through several diversions, BlackHole-hosting pages where there's one fresh kind of obfuscation.
Disturbingly, it's because of the above kind of malevolent e-mail scams which has resulted in an increase in phishing online, remarks security specialists from Websense. Their statement receives the backing of RSA another security company, which recently released statistics that show an almost 33,000 incidences of phishing worldwide/month during 2012, resulting in a total $687m as loss. The attack numbers represents a 19% rise internationally as against January-June 2011, indicates RSA.
Meanwhile, in a similar phishing attack against ADP's customers, during August 2012, e-mails supposedly from ADP falsely informed recipients that the date-of-expiry of their certificates for utilizing the ADP payroll mechanism happened to be drawing near therefore they required renewing those certificates via following a given web-link that, in reality, was malicious.
Related article: DVLA Cautions About Phishing E-mails
» SPAMfighter News - 26-09-2012