Jul 14, 2025 Beware of TOAD Attacks

There has been a recent rise in the number of phishing attacks that incorporate a direct phone call with the target. This technique, known as Telephone-Oriented Attack Delivery (TOAD) often starts by sending the user a phishing email urging them to call a phone number. During the call, attackers pretend to be a legitimate customer service representative and attempt to trick their target into downloading malware or disclosing sensitive information.

Follow these tips to not fall victim to a TOAD attack.

- Always verify contact information by cross-referencing the phone number or email address in the message with the official contact details listed on the organization's website.

- Never share sensitive information over the phone, including passwords, PINs, or multi-factor authentication (MFA) codes.

- Be wary of urgent language, TOAD scammers use urgency or threats to push you into acting fast.

For more information, contact CSUCI's Information Security Team at infosec@csuci.edu or visit the ITS Information Security website.