In recent weeks, fraudulent e-mails purporting to be from payroll companies including Automated Data Processing (ADP) have aimed to lure recipients into downloading malware onto their computers.
Message subject lines have included “ADP Generated Message: First Notice--Digital Certificate Expiration” and “ADP Security Management Update,” according to a recent ADP security alert.
The e-mails contain a link directing users to sites that deliver exploits, including one that targets a Java Runtime Environment (JRE) vulnerability, according to a recent blog post by SANS Institute incident handler Daniel Wesemann. The messages aim to steal sensitive payroll, financial, and human resources information, he notes.
The attacks appear to be able to evade many antimalware programs, according to Wesemann. One main defense is to update JRE software, he states. He also suggests reminding human resources and payroll employees to avoid clicking on suspicious e-mail links. Such employees “are your first line of defense, and--given antivirus’ ineffectiveness--usually even your only line of defense.”