Why 'Call This Number' TOAD Emails Beat Gateways

The phishing landscape has long been dominated by malicious links and attachments, but the latest StrongestLayer report shows a shift toward extreme minimalism. Telephone‑oriented attack delivery, or TOAD, reduces the email body to a single phone number embedded in a faux‑billing notice. This stripped‑down payload is indistinguishable from legitimate customer‑service contacts, allowing it to glide past rule‑based scanners that rely on keywords, URLs, or file signatures. As a result, TOAD accounted for nearly one‑third of all gateway‑bypassing detections in the 5,000‑sample dataset, making it the most prevalent evasion technique observed.

The simplicity of TOAD translates into a dramatic cost advantage for threat actors. Where a targeted spear‑phishing campaign once required dozens of dollars per email, generative AI tools now enable the creation of convincing invoice templates for a few cents each. Law firms and enterprises that process high volumes of Docusign or PayPal invoices are especially vulnerable, because blocking such messages would disrupt legitimate business flow. The report also documented a 130 % surge in unique evasion combinations, indicating that attackers are layering multiple tricks—QR codes, multi‑hop redirects, and brand spoofing—to increase success rates.

Defenders must move beyond static rule sets and incorporate context‑aware analytics. Machine‑learning models that profile sender behavior, detect anomalous phone‑number patterns, and cross‑reference known brand communication channels can flag TOAD attempts before a user picks up the call. Complementary employee training—emphasizing that finance departments never request payment verification via phone—adds a human layer of verification. As AI‑driven phishing continues to evolve, organizations should evaluate tiered email security offerings and consider dedicated TOAD detection modules to safeguard credential integrity and financial assets.