Some ADP users have received phishing emails that claim their W2 tax form is now ready, according to AppRiver research. Hackers are targeting a ripe audience, considering ADP offers online payroll and HR solutions, plus tax, compliance
The phishing email contains clickable links that lead to a well-designed page that poses as a legitimate ADP login. From here, the attackers can gather the victims' ADP credentials, according to AppRiver researchers.
To avoid such attacks, AppRiver Manager of Security Research Troy Gill recommends:
- First, remember that the IRS will never require you to take action via an email
- Handle all your documentation with an abundance of caution - when you receive notifications that tax documents are now available from ANY provider, always navigate directly to the source yourself instead of following a link in an email.
- When available, always enable multi-factor authentication on accounts containing any personal data.
AppRiver, owned by Zix, provides various Office 365 data protection and security solutions to MSPs and resellers.