- Cisco Talos warns of the phishing scams to return calling calls
- Phishing’s emails come with PDF attachments, in which there are telephone numbers
- Threat actors are exploiting people’s confidence in telephone calls
Cisco Talos security researchers warned about an ongoing phishing campaign in which the victims are deceived to call the attackers by phone.
In a new report, the researchers said that between the beginning of May and the beginning of June 2025, they observed the threat actors that falsified the main technological companies, such as Microsoft, Adobe or Docusign.
Cisco Talos calls this type of scam “Phishing to return call”: in the emails of Phishing, they would notify the victims of a problem, or an incoming/slope transaction, then they would share a telephone number that control and invite the victim to mark and address these problems. During the call, the attackers would disguise themselves as a legitimate representative of the client and explain to the victim that to solve their problem, they must disseminate confidential information or install a piece of malware on their device.
PHISHING Return of Call
“The attackers use direct voice communication to exploit the victim’s trust in telephone calls and the perception that telephone communication is a safe way to interact with an organization,” the researchers explained.
“In addition, live interaction during a phone call allows attackers to manipulate the victim’s emotions and responses using social engineering tactics. The call return phishing is, therefore, a social engineering technique instead of a traditional email threat.”
Most telephone numbers used in these campaigns are VOIP, Cisco Talos explained, stating that these are more difficult to track.
The key information, including the attacker controlled phone number, is shared through a .pdf file sent as an attached file. This is generally done to avoid traditional email safety mechanisms and ensure that email lands on the entrance tray.
As an additional layer of obfuscation, the attackers sometimes add a QR code to the PDF file body, since most AV and email protection tools cannot scan so deeply. In addition, QR codes generally scan through smartphone cameras, and mobile devices rarely have the same level of safety as laptops or desktop computers.
Through The hacker news
