Threat Alert: TOAD Attacks Trick Users into Downloading Remote Access Software

• A series of phishing messages are delivering fake invoices to recipients.
• In some cases, attackers exploit legitimate services like Intuit, Zoho, or DocuSign.
• These invoices contain purported charges of several hundred dollars.
• The lures also contain a phone number that recipients are directed to call about payment questions.
• Calling the number leads to a fake call center, which instructs users to download remote access software. This allows attackers to access the victim’s data and launch further attacks.

Key Action: Report Suspicious Emails 

• Keep in mind that cybercriminals may abuse legitimate services like Intuit, Zoho, or DocuSign. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy. If you see an unexpected email, it should be regarded as potentially malicious. Do not reply to potentially malicious emails.
• Confirm numbers provided in emails before calling. Do not use numbers provided in emails. Instead, use a known, trusted number or find a confirmed number on a company’s website.
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.