Fake and Malicious "ADP Past Due Invoice" Emails
Would you share this Article with others?
The Fake and Malicious ADP Email
From: billing.address.updates@ADP.com [mailto:billing.address.updates@ADP.com]
Sent: 12 November 2014 19:28
Subject: ADP Past Due Invoice#39911564
Your ADP past due invoice is ready for your review at ADP Online Invoice Management.
If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.
Review your ADP past due invoice here.
Important: Please do not respond to this message. It comes from an unattended mailbox.
The link (www.bingemann-buerosysteme .de/services/invoice1211.php) in the email will attempt to download the "invoice1211_pdf28.zip", which contains the malicious "invoice1211_pdf.exe" that will infect the recipient's computer.
The link in the email message and the malicious invoice file name may change. So look out for similar emails with different invoice names and links.
The emails were not sent by ADP and they (ADP) said that they are aware of the fake and malicious emails and is addressing the issue diligently with their fraud prevention team and security vendors to identify and contain the source of the emails and will provide updated information as it becomes available.
ADP recommends that their customers do the following:
- Please be on alert for this fraudulent email and follow the instructions below if you receive any new or related suspicious email.
- Do not click on any links or open any attachments within the message.
- Forward the email as an attachment to email@example.com.
- Delete the email.
- If you clicked any link or opened an attachment in the email, immediately contact your IT support team for further action.
The cybercriminals behind these malicious email messages aims are to trick the curious recipients into opening the malicious file, which will infect their computers with a virus or Trojan horse.
Once their computer has become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of their computer remotely from anywhere around the world. They may spy on them, use their computer to commit cybercrimes, or steal their personal and financial information.
Now, if you have already opened the malicious file, please do a full scan of your computer with the antivirus software installed on it.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
For a list of other virus email messages, please click here.
Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.
Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: firstname.lastname@example.org. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.
You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.
Comments, Questions, Answers, or Reviews
To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. Also, remember to keep comments, reviews, answers respectful.
Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.