"Phishing" is a growing email scam technique which uses “spoofed” emails to lead individuals to counterfeit websites designed to trick them into divulging personal information or credentials, such as User IDs, passwords, account information, credit card numbers, or other sensitive information. The attacker can then use such information for fraudulent purposes. Phishing emails have become remarkably sophisticated, sending recipients to fake websites that may be difficult or impossible to distinguish from real websites. You should always be careful when you receive emails requesting your personal information. Phishers use a variety of techniques in an effort to appear legitimate such as false “from” addresses, authentic-looking logos or seals, or Web links and graphics. Phishing emails typically ask a user to download an attachment or click on a link contained in the body of the email. These links and attachments likely include links or attachments that download malware or viruses if the attachments are opened and/or the recipient clicks on the referenced web links.
Tips to help you identify fraudulent emails:
- Be very suspicious of any email that requests personal information -- such as your user ID, password, PIN, email address, social security number -- even if it appears to be coming from a legitimate source. When in doubt, call the company instead.
- Be suspicious of emails that don’t greet you by name but are addressed generically, such as “Dear Customer”.
- Ask yourself, why is this company writing to me about this? If in doubt, call the company.
- If an email is suspicious, don’t click on any of the links or attachments.
- Instead of clicking on a link, enter the company URL yourself.
- Check the URL. Is it from the trusted company and does it look right (“www.companyname.com” as opposed to “www.companynam3.com”)?
- Never enter information into an insecure site. Look for the “https:” and the gold lock. However, realize that phishers are now able to spoof email addresses, including the https, and to forge the gold lock.
The Federal Trade Commission website and the Anti-Phishing Working Group website contain valuable information about phishing scams.
"Pharming" refers to a certain type of virus or malicious program secretly planted in a user's computer that can hijack the computer's Web browser. When a user unknowingly types in the address of a legitimate website, he or she maybe directed to a fake version of the site without realizing it. Any personal information provided at the phony site, such as passwords or account numbers, can be stolen and fraudulently used.
“Vishing” is a “help us to help you” type of scam. The most common form of vishing occurs when senders of an email pretend to be a financial institution that has noted unusual activity related to your account, has suspended/frozen your account “for your protection”, and needs you to contact them in order to have your account reactivated. The emails can even refer to some kind of fraud or phishing scam that is circulating.
However, instead of asking you to click on a link that will take you to a fake website, these emails ask you to make a phone call. Typically, the email will assure you that the sender would never ask you for any personal information in an email.
Another form of vishing avoids email altogether, and uses a VoIP (Voice-over-Internet Protocol) system to make phone calls within a financial institution's service area. The system leaves a phone message claiming to be from the financial institution and asks the recipient to call back concerning his account.
Whether email or voice mail, don't fall for these scams. You should be highly suspicious of any email or telephone call that asks you to provide personal information. When in doubt, always contact the sender to verify the validity of the message.
For further information visit: http://www.attorneygeneral.gov/idtheft.aspx?id=1815
What should I do if I receive a fraudulent email that appears to come from ADP or otherwise refers to ADP?
If you suspect that you have received a fraudulent email that appears to be coming from ADP, please forward it to us at: firstname.lastname@example.org. We will investigate whether it is legitimate, and if it is not, we will work with law enforcement agencies.
Note: For information on how to forward a phishing email, please click here.