Protection Against Phishing

What is phishing?

Phishing is an attempt to acquire sensitive, personal information such as usernames, passwords, bank account information, and credit card numbers by posing as a trustworthy source through email, text or other communication. Attackers issue phishing emails to millions, hoping that a handful of recipients act on their ill-intended requests.

To obtain sensitive information, cyber criminals use fake emails or text messages indicating a problem with a bank account, credit card, or even a payroll question that must be answered immediately. Other tactics include attempting to obtain login credentials by telling recipients their password is about to expire.

How do I protect myself against phishing?

You can take several proactive measures to protect yourself against phishing. Be suspicious of messages that:

  • Seem urgent and require your immediate response
  • Request personal information such as user ID, password, PIN, email address, or Social Security number even if it appears to be coming from a legitimate source
  • Are addressed generically, such as “Dear Customer”

If an email seems suspicious, do not click on any of the links or open any attachments in the email. If you do, your computer can become infected with malware. Even if it sounds legitimate, do not call the number given in the message or respond to the message.

Legitimate companies that have your information will not call you or send a request to ask for that same information.

How does ADP protect against phishing?

ADP fully supports Domain Message Authentication Reporting and Compliance (DMARC), an email authentication protocol that can be used to determine whether an email message that is apparently from an ADP domain was really sent by ADP or one of our trusted partners. We do our part, but your receiving email server must also be configured to check DMARC to block forged messages.

ADP will not request sensitive personal information such as Social Security Numbers, login credentials, or bank or credit card information via unsolicited phone, email, or internet-based communications. If this information is ever requested in a communication that you did not initiate, it is an indicator of a scam.

How do I report phishing to ADP?

Let us know right away if you receive a suspicious email that looks like it is coming from ADP. Forward the original email you received as an attachment or a description of the text message to

We will contact you or your employer as appropriate, take the steps necessary to address suspicious events, and work with anti-cybercrime organizations on an ongoing basis to help reduce phishing attacks.