<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1148227851863248&amp;ev=PageView&amp;noscript=1">

Cybersecurity: TOAD attacks

Posted by Kayla Eggert, AINS, ARM on May 3, 2023 8:30:00 AM

Chances are, as a business owner, you’re aware of many different cybersecurity issues. Ransomware, phishing attacks, and the importance of strong passwords are probably all on your radar. But have you heard of TOAD attacks? TOAD stands for “telephone-oriented attack delivery,” and these types of attacks can be hard to detect. Take some time to learn about these types of cyberattacks to protect your business’s finances and customer data. TOAD attacks

What are TOAD attacks?

TOAD attacks start with an email, like many cyberattacks. However, instead of including malicious software in links or attachments, TOAD emails often simply include a telephone number. The email may look like it’s coming from a legitimate company, with a phone number to call for a refund for a mistaken purchase or to pay an invoice among other schemes. Once you or your employee call the number, instead of reaching a legitimate call center, the call is answered by a criminal posing as a helpful employee.

After the malicious call center employee has you on the phone, he or she guides you through steps to add malicious software onto your computer that allows them remote access. From there, the criminals can access your business’s funds or data without restrictions which can have devastating impacts. The criminals are counting on you or your employee who placed the phone call to trust them, because you initiated the call.

Preventing TOAD attacks

It’s important for your employees to be trained on how to identify and avoid falling for TOAD attacks. Simply being aware that these attacks can happen will help. You can also teach employees to look up the phone number provided in an email prior to calling. Legitimate phone numbers should show up as being associated with a legitimate company in an internet search. Employees should never install any software onto their computers from any outside source. Finally, encourage employees to hang up if they do ever make a phone call that ends up feeling suspicious.

Additional cybersecurity resources

Employee social media use

Keeping devices safe with software updates

Defending your business against ransomware attacks

Crisis communication after a security breach

Strong passwords and backing up data

Phishing attempts

Physical device protection

Topics: Cybersecurity

If you’re a content writer and would like to contribute to our blog, click here to read our guidelines.