Date: Wed, 15 May 2013 22:39:26 +0400
From: "email@example.com" [firstname.lastname@example.org]
ADP Instant Warning
Report #: 55233
Respected ADP Client May, 15 2013
Your Processed Transaction Report(s) have been uploaded to the website:
Sign In here
Please see the following information:
• Please note that your bank account will be charged within 1 business banking day for the sum shown on the Statement(s).
• Please don't try to reply to this message. automative notification system not configured to accept incoming email. Please Contact your ADP Benefits Expert.
This email was sent to existing users in your company that access ADP Netsecure.
As every time, thank you for using ADP as your business affiliate!
Rep: 55233 [redacted]
The link in the spam email goes through a legitimate but hacked site and ends up on a malware landing page at [donotclick]outlookexpres.net/news/estimate_promising.php (report here) hosted on the same IPs found in this attack:
22.214.171.124 (Chunghwa Telecom, Taiwan)
126.96.36.199 (Verizon, US)
188.8.131.52 (Matt Martin Real Estate Management / Rackspace, US)