Cyber criminals have shifted to using PDF attachments to impersonate major brands like Microsoft and PayPal in phishing attacks. These PDFs instruct victims to call specified numbers to resolve issues, leading to direct interaction with attackers posing as company representatives. This method, known as Telephone-Oriented Attack Delivery (TOAD), bypasses traditional phishing tactics like fake websites. Attackers exploit victims' trust in phone communication, often employing social engineering to extract confidential information. Research indicates that this tactic is increasingly common, with prominent brands like Docusign frequently targeted.
Attackers use direct voice communication to exploit the victim's trust in phone calls and the perception that phone communication is a secure way to interact with an organization.
Additionally, the live interaction during a phone call enables attackers to manipulate the victim's emotions and responses by employing social engineering tactics.
Using Cisco Secure Email Threat Defense's brand impersonation detection engine, we uncovered how widespread these attacks are.
Microsoft and Docusign were among the most frequently impersonated brands in phishing emails with PDF attachments.
Collection
[
|
...
]