Most phone numbers found in email threats leveraging the TOAD social engineering technique are Voice over Internet Protocol (VoIP) numbers.

Microsoft and Docusign were among the most frequently impersonated brands in phishing emails with PDF attachments.

NortonLifeLock, PayPal, and Geek Squad were among the most impersonated brands in TOAD emails with PDF attachments

A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, employing Telephone-Oriented Attack Delivery (TOAD) or callback phishing.

Phone numbers are sometimes reused on consecutive days in TOAD attacks.