Why 'Call This Number' TOAD Emails Beat Gateways
Summary
Attackers are using telephone-oriented attack delivery (TOAD) to bypass email security gateways. These attacks involve emails that contain only a phone number, which recipients are then tricked into calling, leading to further exploitation.
IFF Assessment
TOAD attacks represent a novel way for attackers to bypass traditional email security measures, making it harder for defenders to detect and prevent these attacks.
Defender Context
Defenders need to be aware of TOAD attacks and educate users about the risks of calling unknown phone numbers from suspicious emails. Organizations should consider implementing additional security measures, such as analyzing phone calls for malicious activity, to detect and prevent these attacks. This trend highlights the need for multi-layered security approaches that address both email and telephone-based threats.