By Elinor Mills
October 1, 2009
Payroll processor PayChoice said Thursday it is investigating a breach
in which customers received targeted e-mails purporting to be from the
company but were designed to trick people into downloading malware.
Workers received e-mails last week that directed them to download a
browser plug-in or visit a Web site so they could continue accessing the
Onlineemployer.com PayChoice portal. Malware in the download and on the
Web site turned out to exploit holes in Internet Explorer, Adobe Flash,
and Adobe Reader, PayChoice said.
The e-mails were targeted to individuals and included their user names,
login IDs, and partial passwords, thus increasing the chance that
recipients would be likely to fall for the ruse.
In a statement, PayChoice did not say how many people received the
e-mails but said most of the employees served by PayChoice do not use
the portal. PayChoice, based in Moorestown, N.J., provides payroll
software and services to 125,000 businesses.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News