Phishing Campaigns Targeting ADP Clients – Tax Season

January 20, 2020

As one of the largest providers of HCM services in the world, we are also often a target for fraudulent schemes that attempt to steal our clients’ information to perpetuate W-2 fraud. In its simplest form, W-2 fraud occurs when a fraudster steals a victim’s W-2 and other sensitive information, processes their tax return and obtains the victim’s tax refund unlawfully. When the victim goes to file their taxes, they are alerted that the return has already been filed. Additionally, the fraudster may use the victim’s credentials and other personal information to perpetuate other forms of identity theft.

ADP is aware of common phishing campaigns that occur during tax season. Some clients and their employees may receive phishing emails that claim their W-2 tax form is ready. The phishing emails typically contain clickable links that lead to a fraudulent, spoofed site that resembles legitimate ADP login screens. From here, the fraudsters may gather the ADP credentials.

We urge all users to forward suspicious emails to where they are reviewed by our monitoring team.

We partner with industry-leading vendors to help identify phishing campaigns that are targeting our brands and we proactively takedown those sites. In parallel, we also try to identify any compromised users that may have visited that site and reset their accounts. Further, we also have proactive fraud referrer alerts in place that inform us when phishing sites refer users back to so that they do not appear malicious.

What to Look Out For

  • W-2 themed phishing and email spoofing schemes, including requests for personal information, W-2 forms or other tax related scams.
  • Social engineering scams where the perpetrator pretends to be from ADP, a vendor, a client, a colleague, employee or executive or even a tax collector requesting personal information be sent via email.

How You Can Help Prevent W-2 Fraud

  • Stay updated on the latest tax scams with the IRS’s alerts
  • Do not send your W-2s or other sensitive information via email
  • Do not click on any links within an email to obtain tax information. Go directly to the website and download it yourself.

ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor this situation as it does with all reported scams and vulnerabilities. Clients are encouraged to visit ADP’s website at to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.