{"id":217076,"date":"2025-07-03T06:15:31","date_gmt":"2025-07-03T11:15:31","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/hackers-using-pdfs-to-impersonate-microsoft-docusign-and-more-in-callback-phishing-campaigns"},"modified":"2025-07-03T06:15:31","modified_gmt":"2025-07-03T11:15:31","slug":"hackers-using-pdfs-to-impersonate-microsoft-docusign-and-more-in-callback-phishing-campaigns","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/hackers-using-pdfs-to-impersonate-microsoft-docusign-and-more-in-callback-phishing-campaigns","title":{"rendered":"Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-using-pdfs-to-impersonate-microsoft-docusign-and-more-in-callback-phishing-campaigns.jpg\"><\/a><\/p>\n<p>Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.<\/p>\n<p>\u201cA significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing,\u201d Cisco Talos researcher Omid Mirzaei <a href=\"https:\/\/blog.talosintelligence.com\/pdfs-portable-documents-or-perfect-deliveries-for-phish\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a report shared with The Hacker News.<\/p>\n<p>An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. \u201cA significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-217076","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/217076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=217076"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/217076\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=217076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=217076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=217076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}