The email is send from the spoofed address “ADP_FSA_Services@ADP.com” or “ADPClientServices@adp.com” and has the following body:
Your Transaction Report(s) have been uploaded to the web site:
The URL will not lead you to the site that is mentioned but to hxxp://www.avrakougioumtzi.gr/PQB6j3HW/index.html where the following HTML code is executed:
Please note that your bank account will be debited within one banking
business day for the amount(s) shown on the report(s).
Please do not respond or reply to this automated e-mail. If you have any
questions or comments, please Contact your ADP Benefits Specialist.
ADP Benefit Services
Java Atomic reference vulerability.