Cybercriminals Use PDFs to Launch Callback Phishing Scams Impersonating Major Brands
Cybersecurity experts warn about a growing scam called TOAD (Telephone-Oriented Attack Delivery). Attackers send fake emails that appear to be from trusted brands like Microsoft, DocuSign, PayPal, or Norton. These emails often contain PDFs with QR codes or phone numbers.
Victims are tricked into calling these numbers, where scammers pose as support agents to steal personal information or install malware.
Scammers make these attacks convincing by:
- Using brand logos and realistic email templates
- Spoofing caller IDs and playing hold music
- Reusing anonymous VoIP numbers
Some attackers use Microsoft 365's Direct Send to make emails appear internal. Others use QR codes and fake login pages to steal login credentials. Criminals also manipulate AI chatbots and search engines to spread fake login links through services like Hacklink.
How to Protect Yourself:
- Don’t trust unknown numbers or unexpected emails—especially those with urgent requests or instructions to call.
- Avoid scanning QR codes from emails unless you’re sure they’re legitimate.
- Check sender email addresses carefully—even messages that appear internal may be fake.
- Never share personal information or install software during unsolicited calls.
- Use multi-factor authentication (MFA) to secure your accounts.
- Report suspicious emails to your IT or security team right away.
- Use security software that includes phishing and malware protection.
- Stay informed—regular training helps identify and avoid scams.
Source: https://thehackernews.com/2025/07/hackers-using-pdfs-to-impersonate.html