While most discussions about phishing focus on avoiding suspicious links or attachments, a new attack technique is emerging that utilizes a phone number as the sole payload in phishing emails. Alarmingly, these emails are successfully bypassing security defenses.
Researchers from the email security firm StrongestLayer recently released an analysis of approximately 5,000 email-based threats that managed to evade secure email gateways across various enterprise environments from December 2025 to the present.
The analysis highlighted many common phishing and social engineering tactics, including PDF attachments, QR codes for payload delivery, requests to switch to phone calls, and URL multi-hop redirects. The effectiveness of these tactics varied against email platforms hosted by Microsoft and Google.
However, a significant portion of StrongestLayer's research focused on telephone-oriented attack delivery (TOAD), which accounted for nearly 28% of all detections that bypassed email gateways.
TOAD: Simplicity’s the Point
This attack method is deceptively straightforward. The target receives a fake billing notification, often impersonating a well-known entity like PayPal. This notification claims a charge has been processed and provides a phone number as the only means to address the issue. There are no malicious attachments involved. Once the target makes the call, scammers attempt to extract sensitive information such as credentials, gain remote access to devices, or persuade victims to purchase gift cards for dubious transactions.
Researchers noted, "TOAD bypasses every email security architecture because the payload a phone number is indistinguishable from a legitimate business contact. A rule blocking financial language combined with a phone number would trigger on every billing notification in the enterprise. This type of attack operates outside the detection model that email security was designed for, making it the largest category in this dataset."
This tactic is particularly challenging as the average detection employed more than four attack techniques simultaneously. In total, researchers tracked over 1,400 unique evasion combinations, marking a 130% increase compared to the previous study period.
When comparing platforms, gateway blocking rates varied. QR codes were more frequently successful in Microsoft email environments lacking E3/E5 protections than in Google environments. Conversely, Google Workspace struggled more with notifications that spoofed legitimate and trusted sources. According to StrongestLayer, TOAD worked effectively against both Microsoft and Google-hosted email systems.
This situation reflects the high prevalence of evasion tactic combinations, as attackers often tailor their campaigns based on the platform an employee uses. The most sophisticated attacks utilize a multilayered approach, where each layer defeats different detection capabilities.
For instance, an attacker might send an email through Google Calendar or SharePoint to avoid reputation-based filters, use a QR code payload that does not resemble traditional malicious binaries, and prompt the target to communicate via phone call or SMS, moving to channels that gateways cannot monitor.
To Catch a TOAD
Alan Lefort, CEO and co-founder of StrongestLayer, explained that TOAD attacks become even more complex when considering larger organizations, such as a law firm with 5,000 employees that often receives communications from services like DocuSign. These firms face the challenge of not being able to block legitimate DocuSign emails, making standard email rules ineffective against such threats.
Furthermore, the cost of executing phishing campaigns has significantly decreased. Lefort pointed out that a targeted phishing email that might have cost $15 to $20 five years ago now costs only a few cents, thanks in part to advancements in technology like ChatGPT.
About one-third of the attacks identified in the report were "structurally invisible," highlighting the need for reasoning models that can detect the subtle signatures and trends left by TOAD emails. StrongestLayer is among the vendors that utilize AI-powered email protection to combat these threats.
For organizations, Lefort recommends evaluating their detection coverage against the attack family taxonomy outlined in the report. Companies using basic service plans may want to consider upgrading to tiers that offer stronger detection capabilities tailored to their needs.
On the employee training front, he emphasizes recognizing consistent patterns of abuse in bad sender ecosystems. Organizations can combat phishing campaigns by informing employees that they will never ask for a phone call to address an invoice, that payments over the phone will only be authorized through finance departments, and to avoid scanning QR codes in PDFs. Additionally, providing guidance on how to verify requests before responding to potentially malicious emails is crucial.
