At ADP, we take electronic communication abuse very seriously and are focused on proactively safeguarding our clients’ private data. We use stringent measures that protect against phishing, which is an attempt to acquire sensitive, personal information such as usernames, passwords, bank account information and credit card numbers by posing as a trustworthy source through email or text communication.
Most often, these cyber criminals try to lure people with fake emails or text messages indicating a problem with a bank account, credit card, or even a payroll question that must be answered immediately. Other tactics include attempting to obtain login credentials by telling readers their password is about to expire.
It’s important to note that in many cases clients receive phishing emails on a random basis, with no direct tie to the fact that they’re a business partner with ADP. Attackers issue phishing emails to millions of users, hoping that a handful of recipients act on their ill intended requests. Spotting these emails and deleting them before opening any attachments makes phishing emails much more of a nuisance than a risk.
How ADP Protects Against Phishing
In an effort to assist organizations in defending against advanced phishing attacks and fraudulent electronic communication seeking to exploit the trusted ADP brand, ADP utilizes Domain-based Message Authentication, Reporting and Conformance (DMARC) for its email systems. DMARC is a public open standard to help prevent sender address and domain forgery. Simply put, DMARC tells compatible anti-phishing products used by our clients if a message is legitimately sent by ADP or one of its trusted partners.
DMARC helps to determine whether an email comes from a legitimate source by validating a sender’s address and domain much like a postmark validates the return address of a physical piece of mail. While you can create a fake return address, much like a fake email address, a post mark cannot be forged. DMARC puts a “post mark” on emails from legitimate senders to ensure they are safe. Organizations that are capable of leveraging DMARC can significantly reduce the amount of spam, phishing, and fraudulent emails purporting to be from ADP that reaches individual user inboxes.
Organizations wishing to take advantage of ADP’s DMARC record must implement specific anti-spam or anti-phishing products that support this framework. These applications will then use ADP’s DMARC record to identify and reduce the number of fraudulent and spam emails an organization receives. For more technical information regarding DMARC implementation in your organization, please refer your email server administrator to: www.dmarc.org.
Protecting Yourself Against Phishing
Whether an individual or an organization, clients should take several proactive precautions to protect themselves against phishing and other electronic communications fraud.
Be suspicious of messages that:
- Seem urgent and require your immediate response.
- Request personal information such as user ID, password, PIN, email address, or Social Security number even if it appears to be coming from a legitimate source.
- Are addressed generically, such as “Dear Customer.”
If an email seems suspicious, do not click on any of the links or open any attachments in the email. If you do, your computer can become infected with malware.
Even if it sounds legitimate, do not call the number given in the message or respond to the message.
Remember: Legitimate companies that have your sensitive data will not call you or send a request to ask for that information.
For additional phishing information, please view the Phishing FAQ.
Report Phishing to ADP
Let us know right away if you receive a suspicious email that looks like it is coming from ADP.
Forward the original email you received as an attachment or a description of the phone call or text message to firstname.lastname@example.org.
A representative from ADP will contact you or your employer as appropriate. ADP will take necessary steps to address suspicious events and works with anti-cybercrime organizations on an ongoing basis to help reduce phishing attacks.