Protection Against Phishing

What is phishing?

Phishing is a common type of cyber-attack that targets individuals through email, text messages, phone calls, and other forms of communication. A phishing attack aims to trick the recipient into falling for the attacker’s desired action, such as revealing financial information, system login credentials, or other sensitive information. Fundamentally, these threats exploit human psychology rather than technical vulnerabilities.

Cyber criminals use these fake emails, texts or phone calls/phone messages, sometimes even using combinations of these techniques to obtain sensitive information. For example, they may indicate in the message there is a problem with a bank account, credit card, or even an issue with an upcoming ADP payroll that must be corrected immediately. Other tactics include attempting to obtain login credentials by telling recipients their password is about to expire or asking for their One-Time Passcodes/MFA codes. Social engineering and Phishing attacks have become more sophisticated and are considered some of the most common ways threat actors gain access to systems and data.

How do I protect myself against phishing?

You can take several proactive measures to protect yourself against phishing. Be suspicious of messages that:

  • Seem urgent and require your immediate response
  • Request personal information such as a user ID, password, PIN, email address, or Social Security or National Identification number, even if it appears to be coming from a legitimate source
  • Are addressed generically, such as “Dear Customer”
  • Seems unusual, outside of established process, or out of the ordinary for your role if are you being asked to take an action
  • Even if it sounds legitimate, do not call the number given in the message or respond to the message directly. Always verify contacts and numbers through legitimate sources like the company’s website or a known contact number.

If an email or text message seems suspicious, do not click on any of the links or open/download any attachments in the email. If you do, your computer may become infected with malware. Also, never respond by sharing information if requested. Legitimate companies that have your information will not call you or send a request to ask for that same information.

How does ADP protect against phishing?

ADP fully supports Domain Message Authentication Reporting and Compliance (DMARC), an email authentication protocol that can be used to determine whether an email message that is apparently from an ADP domain was really sent by ADP or one of our trusted partners. We do our part, but the receiving email server must also be configured to check DMARC to block forged messages.

Since phishing attacks are often the result of human decisions and human error, ADP employs robust phishing simulation exercises and awareness campaigns to help employees recognize and report phishing threats and red flags.

It’s important to know that ADP will not request sensitive personal information such as Social Security Numbers, login credentials, or bank or credit card information via unsolicited phone, email, or internet-based communications (e.g. WhatsApp, LinkedIn). If this information is ever requested in a communication that you did not initiate, it is an indicator of a scam.

How do I report phishing to ADP?

Let us know right away if you receive a suspicious email that looks like it is coming from ADP. Forward the original email you received as an attachment in a new message or email a description and image of the text message abuse@adp.com.

We work with anti-cybercrime organizations on an ongoing basis to help reduce phishing attacks.