I have seen spam emails from “banks” trying to get into your bank account, but this is the first email from a scammer claiming to be from a payroll company. It does seem like a logical rouse because payroll companies need social security numbers. By clicking into their fraudulent plan, they are trying to get an administrator’s password which would allow access to hundreds of employees’ information. Wow.
Here is how it looks:
On the top of the page is an ADP logo with a hyperlink to the scammer’s site. The text states:
“A copy of your ADP TotalSource Payroll Invoice for the following payroll is is [sic] attached in [sic] PDF file and available for viewing.”
Year: 13
Week No: 08
Payroll: 1
There is a link to open a file and a warning that reads “This email was generated by an automated notification system. If you have any questions regarding the invoice or you have misplaced your MyTotalSource login information, please contact your Payroll Service Representative. Please do not reply to the email directly.”
The first sign are the grammatical errors. (Professional hint: If you are going to be a scammer, you should take a remedial English writing course.)
The second trouble sign is that the email comes from a guy named Jihadl in Africa. Maybe ADP outsources around the world, but I don’t think they have any alliances in Africa. Therefore if you ignore their note and reply directly, you will be talking to Jhadl. Lucky him. (Maybe we should all respond to him crashing his inbox with 100,000 emails.)
The third sign that if you were to move your cursor over their hyperlinks, you would probably find that the hyperlinks lead to a site other than ADP.
The best advice is that you should not open anything looking for private information if you are tired. Instead, call ADP or any of your alliances before going forward. The little time it takes to check things out can prevent a monumental disaster of compromising your employees’ personal information.