Fake and Malicious "ADP Past Due Invoice" Emails

Comments: 0
Views: 1,902
Save
Updated: Nov. 19, 2014 2014-11-19T19:40:00
Posted: Nov. 19, 2014 2014-11-19T19:28:44
Online Threat Alerts (OTA)

There are fraudulent ADP email messages with the subject "ADP Past Due Invoice", which appear as if they came from ADP that contain a malicious link. The email messages indicate that that ADP past due invoice is ready for review at ADP Online Invoice Management and instruct the recipients to click on the malicious link in the message, which will infect their computers if they they download and open the malicious file, thinking it is an invoice.

The Fake and Malicious ADP Email

From: billing.address.updates@ADP.com [mailto:billing.address.updates@ADP.com]
Sent: 12 November 2014 19:28
Subject: ADP Past Due Invoice#39911564

Your ADP past due invoice is ready for your review at ADP Online Invoice Management.

If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Review your ADP past due invoice here.

Important: Please do not respond to this message. It comes from an unattended mailbox.

The link (www.bingemann-buerosysteme .de/services/invoice1211.php) in the email will attempt to download the "invoice1211_pdf28.zip", which contains the malicious "invoice1211_pdf.exe" that will infect the recipient's computer.

The link in the email message and the malicious invoice file name may change. So look out for similar emails with different invoice names and links.

The emails were not sent by ADP and they (ADP) said that they are aware of the fake and malicious emails and is addressing the issue diligently with their fraud prevention team and security vendors to identify and contain the source of the emails and will provide updated information as it becomes available.

ADP recommends that their customers do the following:

Please be on alert for this fraudulent email and follow the instructions below if you receive any new or related suspicious email.
Do not click on any links or open any attachments within the message.
Forward the email as an attachment to abuse@adp.com.
Delete the email.
If you clicked any link or opened an attachment in the email, immediately contact your IT support team for further action.

The cybercriminals behind these malicious email messages aims are to trick the curious recipients into opening the malicious file, which will infect their computers with a virus or Trojan horse.

Once their computer has become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of their computer remotely from anywhere around the world. They may spy on them, use their computer to commit cybercrimes, or steal their personal and financial information.

Now, if you have already opened the malicious file, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

For a list of other virus email messages, please click here.