Threat Alert: BEC Emails Use TOAD-Style Technique

• A series of business email compromise (BEC) attack emails are using telephone-oriented attack delivery (TOAD)-style techniques.
• The emails are all benign; however, they impersonate the recipient’s bank and warn of a targeted cyberattack.
• The emails encourage the recipient to call one of two provided phone numbers to update their banking information.
• Calling the numbers would likely lead to the attacker socially engineering the victim into carrying out further malicious activity.

Key Action: Report Suspicious Emails 

• Remember cybercriminals take advantage of strong emotions. A warning coming from what appears to be your bank about a targeted cyberattack can be extremely stressful. Cybercriminals seek to capitalize on moments of anxiety and the difficulty in thinking clearly.
• Be wary of emails telling you to call a provided number. Always verify phone numbers on a company’s website before calling.
• Report ANY suspicious emails using the Phish Alarm button.