The NJCCIC detected an uptick in TOAD phishing campaigns. TOAD, or telephone-oriented, attack delivery , is a type of social engineering attack that lures potential victims to contact fraudulent call centers managed by threat actors in attempts to steal credentials or install malware onto their systems. The messages used in the observed TOAD attacks claim to originate from Norton, PayPal, McAfee, or other known companies and include details of a supposed bill or transaction fee for services. Recipients are instructed to view the invoice for
more information, which may also be sent as an attached PDF file, and informs the recipient to call the provided number to cancel or claim a refund. The messages attempt to convince recipients they accidentally signed up for a service; however, these alerts and invoices are fraudulent. They are used to initiate contact with a fake customer service helpline, which attempts to obtain account credentials and convince victims to download a malicious program to “fix” a problem or provide remote access to their devices. While unsuspecting users could fall victim to these attempts, the emails contain red flags, including unofficial sender email accounts (such as Gmail), vague account details, and plain formatting that lacks formal signature blocks.