Networking, Content

ADP Phishing W2 Tax Scam: AppRiver Issues Warning, Security Advise

Credit: Getty Images

Some ADP users have received phishing emails that claim their W2 tax form is now ready, according to AppRiver research. Hackers are targeting a ripe audience, considering ADP offers online payroll and HR solutions, plus tax, compliance, benefit administration and more.

The phishing email contains clickable links that lead to a well-designed page that poses as a legitimate ADP login. From here, the attackers can gather the victims' ADP credentials, according to AppRiver researchers.

To avoid such attacks, AppRiver Manager of Security Research Troy Gill recommends:

  • First, remember that the IRS will never require you to take action via an email
  • Handle all your documentation with an abundance of caution - when you receive notifications that tax documents are now available from ANY provider, always navigate directly to the source yourself instead of following a link in an email.
  • When available, always enable multi-factor authentication on accounts containing any personal data.

AppRiver, owned by Zix, provides various Office 365 data protection and security solutions to MSPs and resellers.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.