University of Southern California

Phishing Warning (February 14)

Posted on by beltzer

Please be aware that USC account holders are receiving the phish listed below. If you believe you have received additional phish that are not listed below, please report them by emailing

  1. Users have reported receiving messages from ADP Portal announcing changes to W-2 forms. Please be advised this messages is a phish. Although the username displays as ADP Portal, the message is actually from a domain in Peru. Please see the message below:

    From: ADP PORTAL (
    Sent: Tuesday, February 14, 2017
    Subject: Update Portal
    The Human Resources/Payroll Department has completed the final pay-stub changes for 2017 tax year.
    To view the changes to your pay-stub information and view/download your W-2 forms (2014 – 2016 tax years), go to: Adp Portal
    We hope you find the changes to your pay-stub information useful and welcome any comments you may have.
    Yours Sincerely.

    Do not respond to this message or click the embedded link. If you have responded or clicked the link, change your password immediately by going to the Popular Topics menu bar on the ITS website and clicking the link labelled change your password.

    If you are concerned that you may have provided your social security number to an illegitimate website in response to this or other phish, please see the Social Security Administration’s Identity Theft and Your Social Security Number page at

  2. USC account holders continue to receive phishing emails that claim to be from senior USC administrators. These phish share the following characteristics:

    • They ask you to open PDF attachments or click embedded links to access important or encrypted information.
    • They contain no substantive content.
    • Hovering your mouse over the From: field shows that the message comes from a non-USC email address.

    As phishing campaigns become increasingly sophisticated and harder to detect, we urge you to use extreme caution when clicking links in messages or attachments you receive from unknown senders. While antivirus programs may automatically scan messages for embedded malware, they do not normally scan for malicious links in attachments.

    ITS encourages you to consider the following tips when handling suspicious email:

    • If you are unable to see or do not recognize a link’s destination URL, do not click the link.
    • Never provide personal information, such as your passwords, social security number, or bank information, on a website you access by following a link in an unsolicited email or attachment.
    • If you must open an email attachment, first scan it using your antivirus software. To scan an attachment on a PC or Mac running USC’s free Sophos Antivirus, save the attachment to your desktop, right-click the file, and choose Scan with Sophos Antivirus.

    If you think you received these recent phish and have replied, opened the attachments, or provided your login information on an unknown website, change your USC password as soon as possible by going to the Popular Topics menu bar on the ITS website and clicking the link labelled change your password.

Comments are closed.