Chances are, as a business owner, you’re aware of many different cybersecurity issues. Ransomware, phishing attacks, and the importance of strong passwords are probably all on your radar. But have you heard of TOAD attacks? TOAD stands for “telephone-oriented attack delivery,” and these types of attacks can be hard to detect. Take some time to learn about these types of cyberattacks to protect your business’s finances and customer data.
What are TOAD attacks?
TOAD attacks start with an email, like many cyberattacks. However, instead of including malicious software in links or attachments, TOAD emails often simply include a telephone number. The email may look like it’s coming from a legitimate company, with a phone number to call for a refund for a mistaken purchase or to pay an invoice among other schemes. Once you or your employee call the number, instead of reaching a legitimate call center, the call is answered by a criminal posing as a helpful employee.
After the malicious call center employee has you on the phone, he or she guides you through steps to add malicious software onto your computer that allows them remote access. From there, the criminals can access your business’s funds or data without restrictions which can have devastating impacts. The criminals are counting on you or your employee who placed the phone call to trust them, because you initiated the call.
Preventing TOAD attacks
It’s important for your employees to be trained on how to identify and avoid falling for TOAD attacks. Simply being aware that these attacks can happen will help. You can also teach employees to look up the phone number provided in an email prior to calling. Legitimate phone numbers should show up as being associated with a legitimate company in an internet search. Employees should never install any software onto their computers from any outside source. Finally, encourage employees to hang up if they do ever make a phone call that ends up feeling suspicious.
Additional cybersecurity resources
Keeping devices safe with software updates
Defending your business against ransomware attacks
Crisis communication after a security breach
Strong passwords and backing up data