Fraudulent Emails Appearing to Come from ADP Regarding a Scanned Document

April 12, 2017

Issue Overview
There have been reports regarding fraudulent emails that appear to be sent from multiple senders which may have various subject lines including “Scan Data”, “Scanned document/file/image”, or “uk_confirmation_phXXXXXXXXX.pdf”. These emails include a malicious attachment and instruct the recipient to open it.

These emails do not originate from ADP and our analysis has revealed that they may contain an attachment that may be malicious. ADP is addressing this issue diligently with our fraud prevention team and security vendors to identify and contain the source of these emails and will provide updated information as it becomes available.

Message Subject (See attached PDF for more detail):
Scan Data
Scanned document/Scanned file/Scanned image

Message Sender:
Multiple senders

How to Report an Incident
Please be on alert for this fraudulent email and follow the instructions below if you receive any new or related suspicious email.

  • Do not click on any links or open any attachments within the message.
  • Forward the email as an attachment to
  • Delete the email.
  • If you clicked any link or opened an attachment in the email, immediately contact your IT support team for further action.

Additional Information
For more information about how ADP protects our clients, please visit the ADP Trust Center at  which provides the latest security alerts, phishing information, security resources and best practices. Protecting ADP clients and their data from malicious activity has been, and always will be, a top priority for ADP.

 Download a PDF of this Alert