Issue 141 - October 2012 (2nd Edition) - Page 1
ADP 'Transaction Reports' Malware Email
Email purporting to be from payroll company ADP claims that the recipient's bank account will be debited for the amount shown on a transaction report that can be viewed by clicking a link in the message.
The message is not from ADP. The link in the message opens a compromised website that automatically redirects users to other webpages that harbour versions of the infamous BlackHole Exploit Kit malware. Details in these malware emails can vary considerably. If you receive one of these fake ADP emails, do not click on any links that it contains.
Last updated: October 15, 2012
First published: October 15, 2012
Article written by Brett M. Christensen
Research by Matthew Christensen, Brett Christensen
About Brett Christensen and Hoax-Slayer
From: ADP Client Services
Subject: Debit Draft
Your Transaction Report(s) have been uploaded to the web site:
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).
Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.
ADP Benefit Services
This email, which purports to be from "Client Services" at well-known payroll and business solutions company ADP, claims that the recipient's bank will be deducted for the amount shown on a transaction report within one business day. The recipient is invited to click a link in the email in order to view the transaction report on the ADP website.
However, the email is not from ADP nor is the recipient's account set to be debited as claimed. In fact, the link in the message leads, not to an ADP transaction report as expected, but rather to a site that contains malware
. Those responsible for the message hope to panic recipients into clicking the link without due forethought because they mistakenly believe that money will be taken from their bank account. Existing ADP clients may click the link in the belief that they will get to view a genuine ADP transaction report. Non ADP customers may click the link in the belief that an error has been made that they need to rectify as soon as possible. Either way, the scammers achieve their goal of enticing users to click their bogus link.
Those who do click the link will be taken to a webpage that
displays the message "Connecting to server....". The page will then redirect to another webpage that harbours malware. In this campaign, the malware appears to be a version of the criminal toolkit known as the BlackHole Exploit Kit
. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.
In recent months, another malware campaign targetted payroll processing company Intuit
via similar scam emails that also claimed money would be deducted from the recipient's bank account. And ADP itself has been targeted several times before in malware campaigns. One recent variant claimed that users were required to click a link to renew their ADP Digital Certificate
. Another version claimed that users needed to click a link to find out more about a supposed ADP Security Management Update
Be cautious of any email that claims to be from ADP that instructs you to click a link to
review or update information. If you receive such an email, do not click any links or open any attachments that it may contain.
Blackhole Exploit Kit (BHEK) continues to appear in new emails formats each day
BlackHole Exploit Kit
Intuit "Payroll Processing Request" Malware Email
ADP Spam Campaigns are in the Wild
Fake ADP Funding Notifications and Security Updates Used to Spread Malware
Pages in this issue:
- ADP 'Transaction Reports' Malware Email
- Facebook 'Virus' Warning Message - Album 92
- Dubious Facebook 'Security Alert' - Obama Nation Hackers
- Johnny Depp is NOT Dead
- Social Media Rumours Falsely Claim Fidel Castro is Dead
- Justin Bieber Stolen Laptop and Camera - Sex Tape Rumours
- 'Interested in Using Your Photo for Pepsi Ad' - Money Laundering Scam
- Hoax - Obama's Cook County Correctional Center
- NatWest 'Customer Satisfaction Survey' Phishing Scam
- Facebook Survey Scam - 'Drunk 17 Year Old Caught on Tape'
- Facebook's Promoted Posts Program for Users Causing Confusion
- 'Little Dead Girl Clarissa' Warning - Nasty and Violent Internet Chain Letter
- Hoax Warning Message - 'National Kill A Pit Bull Day'
- Yorkshire Building Society - Egg Account Transfer Phishing Scam
- Skype 'Password Successfully Changed' Scam Email
- Michael Vick Did NOT Break His Legs in a Car Accident