Beware phishing emails labeled as being from ADP–and other payroll processing providers–which are really designed to exploit PCs using a known Java vulnerability. Over the past couple of weeks, many outsourced payroll services customers have been targeted by phishing emails that warn that the digital certificate the business uses to communicate with their payroll provider is set to expire. But the link provided for “renewing your digital certificate” instead routes a user to multiple websites, ending in a site that delivers multiple exploits, including one that targets a Java runtime environment (JRE) vulnerability. This ADP attack is the latest in a string of similar attacks that purported to be from UPS, DHL, FedEx, the IRS, or Amazon.com
Unfortunately, antivirus software can’t be relied on to stop these types of phishing emails. According to VirusTotal, by Tuesday, the phishing emails related to the ADP attack, for example, were being detected by only eight out of 41 antivirus engines. We at ESG expect those numbers to improve as the variations are added to filtering lists, but in the meantime we advise caution. Specifically:
- Be skeptical when opening any e-mail purporting to be from ADP, any payroll processor, UPS, DHL, FedEx, or Amazon.com.
- Do not click links without first hovering over them to verify that they go to a legitimate address. An address like respond.amazonopayments.com is NOT legit even though it appears to have Amazon in the name. The hackers will try to trick you with odd spellings so the domain they use of AmazoNoPayments when they make it all lowercase looks like amazonopayments and they hope you might not catch the extra “o”.
- Do not open e-mails with attachments unless you are expecting that attachment.
Solutions from ESG that can help:
- ESG E-mail Filtering.. blocks spam, phishing, and virus e-mails before they reach your Inbox
- ESG Barracuda Internet Filtering.. prevents your users from accessing compromised sites in real-time