Protection Against Social Scams
What are social scams?
Social scams (also referred to as social engineering) are designed to trick someone into releasing sensitive information. Often, scammers are looking for access to company information like financial data, intellectual property, personnel records, customer databases, and personal or financial information that can be used to steal people’s identities.
These scams, including phishing, can be highly personalized, and may involve a phone call, contact through social media platforms, messaging apps, and even in-person interactions. These scams often rely on the natural tendency of people to want to help solve a problem.
Another type of social engineering scam includes Business Email Compromise. This is where a threat actor impersonates highly trusted individuals, like a CEO, CFO or vendor through a variety of communication channels to trick an employee into committing fraud (e.g., transferring funds, sharing sensitive information).
Here are a few examples of social engineering scams and how they work.
Example 1:
To break into a computer network, a scammer might try to establish a relationship with someone who is authorized to access the network with the intent to manipulate their trust or emotions. He or she might call the authorized employee with a fabricated, urgent problem to get him or her to reveal information that compromises the network’s security.
Example 2:
To gain access to sensitive accounts, a scammer might pose as an executive and reach out via a text messaging platform to request information/account access under the guise that an issue needs to be addressed immediately. The accounts could contain financial information and personal data the scammer can use to steal money.
How do I protect myself against social scams?
Be wary of anyone who requests any sort of information, especially if it is sensitive or personal and you don’t know the sender. Also, be wary of messages claiming to be from company executives asking for an urgent call to action or someone asking for the names of company employees. Verify the legitimacy of the person sending the message with the company/person directly (via known contact information, not by what is provided in the message) before providing any information.
How do I report a social scam to ADP?
Please let us know right away if you receive a suspicious communication from someone who claims to be from ADP and send a detailed description to abuse@adp.com.
We will contact you or your employer as appropriate and take the steps necessary to address suspicious events. Please note that ADP works with anti-cybercrime organizations on an ongoing basis to help reduce social scams.
