Beware TOAD Attacks: Protect Yourself from Phone-Based Phishing

Recently, cyber criminals have returned to a "retro" attack technique known as Telephone-Oriented Attack Delivery, or TOAD. Funny acronym, but a serious threat that has proven highly effective. The attack goes like this:

1. The victim receives a phone call from someone claiming to be from tech support. There's something wrong with the computer, and it has to be fixed remotely.
2. The attacker provides instructions on installing Remote Monitoring and Management (RMM) software, like ScreenConnect or TeamViewer.
3. The attacker will instruct the victim on how to initiate a remote session for "support."
4. Once initiated, the attacker will use their control of the system to gather personal data, credentials, browser secrets, and more. Sometimes the system is encrypted in a ransomware-style compromise.

TOAD attacks are so effective because phone calls seem more "authoritative" for most users than an email or text message. You're talking to a human being, and it isn't always easy to determine malicious intent when the other party is an expert at seeming like your friend. What's more, the attacker doesn't have to contend with an email system that catches phishing attacks automatically. Instead, they go right to their intended target, and all it takes is a phone number and a little information about you to make the call seem authentic. 

TOAD attacks are a kind of social engineering. The first line of defense against social engineering isn't a technical system—it's your own vigilance and awareness.

Luckily, defending against TOAD attacks is simple. The only official remote support tool used by UCLA Health is assist.mednet.ucla.edu. If remote support is necessary, a Customer Care/DGIT Desktop representative will send you a unique key for that site and your support session. No other remote support tools are authorized. If someone instructs you to install other software to access your computer, hang up!