These attacks have evolved beyond simple email phishing to incorporate telephone-oriented attack delivery (TOAD), also known as callback phishing, where victims receive PDF attachments containing fake invoices or security alerts with embedded phone numbers. The malicious campaigns operate through multiple attack vectors, with threat actors embedding entire phishing emails within PDF attachments to evade traditional email security filters. Cybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated phishing campaigns. This demonstrates how attackers layer QR codes with brand impersonation, while the attack sequence illustrates the complete TOAD attack sequence from initial email receipt through victim manipulation and malicious file download. By encapsulating brand logos, fake invoices, and deceptive content directly into PDF files, attackers bypass textual analysis systems that typically flag suspicious email content. Attackers position QR codes alongside legitimate-looking brand communications, directing victims to scan codes that redirect to CAPTCHA-protected phishing pages designed to harvest credentials. In analyzed samples, attackers embedded multiple URLs within PDF annotations, with one URL ( ) appearing legitimate while a secondary annotation contained the actual phishing destination ( ). Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Jul 2025 07:20:19 +0000