There has been a recent rise in the number of phishing attacks that incorporate a
direct phone call with the target. This technique, known as Telephone-Oriented Attack
Delivery (TOAD) often starts by sending the user a phishing email urging them to call
a phone number. During the call, attackers pretend to be a legitimate customer service
representative and attempt to trick their target into downloading malware or disclosing
sensitive information.
Follow these tips to not fall victim to a TOAD attack.
- Always verify contact information by cross-referencing the phone number or email address in the message with the official contact details listed on the organization’s website.
- Never share sensitive information over the phone, including passwords, PINs, or multi-factor authentication (MFA) codes.
- Be wary of urgent language, TOAD scammers use urgency or threats to push you into acting fast.
For more information, contact º£½ÇÉçÇøCI's Information Security Team at infosec@csuci.edu or visit the ITS Information Security website.