Phishing Scheme Targets ADP, Other Outsourced Payroll Firms
According to a report by Internet Storm Center, "Few things are as juicy for the bad guys as getting a keylogger onto the computer of someone who manages payroll. HR/payroll employees tend to have access to personal data of staff and usually have some form of access to a well-stocked bank account that is used to pay the wages."
The report goes on to say that ADP is one of the targeted payroll services. As part of the attack, customers apparently get an email indicating that their digital certificate that enables access to the system is about to expire. A link is then provided through which the certificate can presumably be renewed, but that link actually redirects them to what is believed to be a rented Linux server, through which all forms of malfeasance can occur.
ADP has posted a notice on its Security Alerts page, warning clients of the attack, providing a screen shot of one of the actual phishing emails and providing instructions for incident reporting. According to the notice, the subject line reads, "ADP Generated Message: First Notice - Digital Certificate Expiration."
The company is also conducting an investigation into the incidents.
Meanwhile, Internet Storm Center is urging users to ensure that their Java JRE patches are up to date, or that Java JRE be uninstalled from their computers, if possible.
In addition, HR personnel should be advised of the exploit and instructed to refrain from clicking on the link.
The report comes on the heels of new research from RSA, indicating that 195,487 unique phishing attacks on a worldwide basis have been tracked by the company during the first half of 2012, representing a 19 percent increase over the first half of 2011. The research also indicates that phishing attacks are up 37 percent from May to June, and that the first half of this year could have potentially caused $687 million in total losses to global organizations.
PUBLISHED AUG. 8, 2012