Cybersecurity experts warn about sophisticated phishing campaigns using brand impersonation, QR codes, and callback techniques such as TOAD to deceive victims into sharing sensitive information or installing malware. These attacks leverage trusted brands like Microsoft, Docusign, and PayPal, and utilize methods like VoIP spoofing and AI-assisted phishing to expand their reach. #TOAD #CallbackPhishing
Keypoints
- Phishing attacks often impersonate popular brands to trick victims into calling attacker-controlled phone numbers.
- Attackers use QR codes embedded in PDFs that direct victims to fake login pages or malicious websites.
- Threat actors exploit features like Microsoft 365 Direct Send and VoIP numbers to conduct covert phishing campaigns.
- AI models sometimes direct users to unregistered or malicious domains, increasing risks of brand impersonation.
- Cybercriminals leverage compromised websites and search engine manipulation through marketplaces like Hacklink to spread malicious links.
Read More: https://thehackernews.com/2025/07/hackers-using-pdfs-to-impersonate.html