From Email to Exfiltration: How Threat Actors Steal ADP Login and Personal Data

Cofense PDC observed a phishing campaign impersonating ADP that uses urgent violation notices and convincing fake login pages to collect user IDs, passwords, 2FA confirmation flows, and highly sensitive personal information (including SSNs); the report includes screenshots and a malicious URL (https://myadpaccess.web.app/signin/v1/pin4nas) and emphasizes user education and email security to prevent account takeover and data theft.