A tax themed email phishing campaign is targeting ADP users. 

Automatic Data Processing, Inc., commonly known as ADP, is an American provider of human resources management software and services. According to a report from AppRiver, the phishing emails purport to users that their W2 is now ready.

The clickable links in the message lead to domains that were registered the same day as the attack, says the report. Navigating to the URL will lead to a well-designed phishing page that poses as a legitimate ADP login page and from here the attackers will gather the victims ADP credentials, notes AppRiver. 

Once the malicious actors have gathered user credentials, they will try to access the portal. Hackers could obtain access to personally identifiable information, including names, date of birth, physical address, pay stubs, Social Security numbers and bank account and routing numbers.

"This information is also valuable and could be used or resold for identity fraud purposes. Additionally, the employees legitimate tax documents can also be found here. This could be used by the attackers to file fraudulent tax returns on the employee’s behalf to direct their tax returns to the attacker’s coffers," says AppRiver. 

ADP reached out to Security Magazine and provided the following statement: “We are aware of common phishing campaigns that occur during tax season. Some clients and their employees may receive phishing emails that claim their W-2 tax form is ready.  Protecting our clients, their employees and their data from malicious activity is a top priority for us. We are actively monitoring this situation, as we do with all reported scams and vulnerabilities. For more information on what to look out for and how to report this activity visit https://www.adp.com/about-adp/data-security/alerts/phishing-campaign-1202020.aspx.”