Yup. I had one user forward me the email asking about it. It had the following in it (I've replaced the dots with plusmarks)
https://www+flexdirect+adp+com/client/login.aspx actually goes to http://melanienrico+altervista+org/HJmdFqbF/index.html It provided me with an opportunity to demonstrate what to look for to the user, and he was very appreciative. Kurt On Thu, Jun 7, 2012 at 12:13 PM, Chinnery, Paul <[email protected]> wrote: > Has anyone gotten an email with the subject: ADP Funding Notification - > Debit Draft ? > > We had a few mailboxes hit today. From the header information, it's coming > from Korea. What happens if you click the link (and, yes, one of my users > did and was very apologetic afterwards), it took her to a sewing site. > Googled the phrase and it came up with a few sites. Totally unrelated, > just looks like those sites were hacked. She was wise enough not to try to > login with her credentials. The link, on one of the sites, is to a domain > in Brazil. > > > Paul Chinnery > Network Admin > Memorial Medical Center > 231.845.2319 > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
