Phishing Alert: Hackers Exploit PDFs to Mimic Microsoft, DocuSign in Callback Phishing Attacks
Discover how cybercriminals are leveraging PDFs to impersonate trusted brands in sophisticated callback phishing campaigns.
TL;DR
Cybersecurity researchers have uncovered a surge in phishing campaigns using PDFs to impersonate well-known brands, tricking victims into calling adversary-controlled phone numbers. This tactic, known as Telephone-Oriented Attack Delivery (TOAD), highlights a growing trend in social engineering techniques.
Phishing Campaigns Leverage PDFs to Mimic Trusted Brands
Cybersecurity researchers have issued a warning about an increasing number of phishing campaigns that impersonate popular brands. These campaigns employ a clever tactic: using PDFs to deceive targets into dialing phone numbers controlled by threat actors. This method, known as Telephone-Oriented Attack Delivery (TOAD), is becoming a prevalent social engineering technique.
Understanding the TOAD Technique
The TOAD technique involves sending emails with PDF attachments that appear to be from legitimate sources such as Microsoft and DocuSign. These PDFs contain persuasive content that urges the recipient to call a provided phone number, which is actually operated by the attackers. Once the victim calls, the threat actors use social engineering tactics to extract sensitive information, such as login credentials or financial details.
Impact and Implications
This trend underscores the evolving nature of phishing attacks. By leveraging PDFs, attackers can bypass traditional email filters and security measures, making these campaigns particularly effective. The use of well-known brands adds an extra layer of deception, as victims are more likely to trust communications that appear to come from reputable sources1.
Staying Protected
To safeguard against such attacks, individuals and organizations should implement robust email filtering systems and regularly update their security protocols. Employee training on recognizing and reporting phishing attempts is also crucial.
For more details, visit the full article: source
Additional Resources
For further insights, check:
References
-
Cybersecurity researchers(2025). “Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns”. The Hacker News. Retrieved 2025-07-02. ↩︎