Security Alert - Account Takeover (ATO)

November 06, 2024

The industry has seen an increase in sophisticated cyberactivity where fraudsters try to trick users into compromising their sign-on credentials on malicious websites that look strikingly similar to, sometimes an exact duplicate of a legitimate website.

See below for some important tips that can help you protect your business and your employees and help reduce this kind of fraud.

• Bookmark the link provided by ADP
  • Mark the bookmarked link as a favorite so it’s easy to find or use. 
• Don’t use search engines to find the login portal to a website
  • Fraudsters frequently use paid ads to trick users and redirect them to malicious sites. 
  • Go to ADP.com and click “Sign in” to access the appropriate login page if you forget your login page.
• Double-check website URLs
  • Always double check that the URL that you are interacting with is correct. Hover above it with your mouse to confirm that it is the correct URL before taking any action.
• Use Multi-Factor Authentication (MFA) whenever offered
  • MFA provides more than one way to authenticate your identity such as a pin code sent to your phone or thumbprint.
  • If logging into your account requires a second form of authentication such as a text message code, never share it with anyone. ADP will never call you and ask you for it.
• Contact us if you think you made a mistake
  • If you realize that you went to a fraudulent website and entered your credentials, contact your ADP service representative immediately so we can assist you in protecting your account.

Protecting our clients and their data is a top priority for ADP. Visit our data security best practices for more information.