Phishing is an attempt to acquire sensitive, personal information such as usernames, passwords, bank account information, and credit card numbers by posing as a trustworthy source through email, text or other communication. Attackers issue phishing emails to millions, hoping that a handful of recipients act on their ill-intended requests.
To obtain sensitive information, cyber criminals use fake emails or text messages indicating a problem with a bank account, credit card, or even a payroll question that must be answered immediately. Other tactics include attempting to obtain login credentials by telling recipients their password is about to expire.
You can take several proactive measures to protect yourself against phishing. Be suspicious of messages that:
If an email seems suspicious, do not click on any of the links or open any attachments in the email. If you do, your computer can become infected with malware. Even if it sounds legitimate, do not call the number given in the message or respond to the message.
Legitimate companies that have your information will not call you or send a request to ask for that same information.
ADP fully supports Domain Message Authentication Reporting and Compliance (DMARC), an email authentication protocol that can be used to determine whether an email message that is apparently from an ADP domain was really sent by ADP or one of our trusted partners. We do our part, but your receiving email server must also be configured to check DMARC to block forged messages.
ADP will not request sensitive personal information such as Social Insurance Numbers, login credentials, or bank or credit card information via unsolicited phone, email, or internet-based communications. If this information is ever requested in a communication that you did not initiate, it is an indicator of a scam.
Let us know right away if you receive a suspicious email that looks like it is coming from ADP. Forward the original email you received as an attachment or a description of the text message to abuse@adp.com.
We will contact you or your employer as appropriate, take the steps necessary to address suspicious events, and work with anti-cybercrime organizations on an ongoing basis to help reduce phishing attacks.