Beware of TOAD Attacks
by Anderson Hanchett in CyberSecurity, cyberthreats, phishing, phone
There has been a recent rise in the number of phishing attacks that incorporate a direct phone call with the target. This technique, known as Telephone-Oriented Attack Delivery (TOAD) often starts by sending the user a phishing email urging them to call a phone number. During the call, attackers pretend to be a legitimate customer service representative and attempt to trick their target into downloading malware or disclosing sensitive information.

Follow these tips to not fall victim to a TOAD attack:
- Always verify contact information by cross-referencing the phone number or email address in the message with the official contact details listed on the organization’s website.
- Never share sensitive information over the phone, including passwords, PINs, or multi-factor authentication (MFA) codes.
- Be wary of urgent language; TOAD scammers use urgency or threats to push you into acting fast.