TOAD phishing is rising as a gateway-bypass trend in enterprise email environments
Trend
Summary
Hide ▲
Show ▼
TOAD phishing has become a major gateway-bypass pattern in enterprise email environments, increasing the risk that scam emails reach users despite secure email defenses. The trend matters because nearly 28% of bypass detections in a December 2025-to-present dataset used this phone-number-based technique, and attackers are layering evasion methods to improve delivery. It also shows that the same approach can work across Microsoft- and Google-hosted mail, reducing the value of basic filtering alone.
Related Happenings
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
Vulnerability
H score16
First: 19.06.2026 23:25
Last: 19.06.2026 23:25
Sources 1
About this happening:
An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
VulnerabilityAbout this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
Non-email threat-detection confidence gap across collaboration channels
Trend
H score25
First: 19.06.2026 12:00
Last: 19.06.2026 12:00
Sources 1
About this happening:
A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
Non-email threat-detection confidence gap across collaboration channels
TrendAbout this happening: A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/Service
H score11
First: 28.04.2026 16:18
Last: 28.04.2026 16:18
Sources 1
About this happening:
**Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/ServiceAbout this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
UNC6692 email bombing and Microsoft Teams impersonation campaign
Campaign
H score32
First: 25.04.2026 18:07
Last: 25.04.2026 18:07
Sources 1
About this happening:
UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
UNC6692 email bombing and Microsoft Teams impersonation campaign
CampaignAbout this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
Email-attack shift toward behavioral and organizational weaknesses in 2026
Trend
H score44
First: 23.04.2026 14:06
Last: 23.04.2026 14:06
Sources 1
About this happening:
A large-scale analysis of **almost 800,000 email attacks** across **more than 4,600 organizations** shows attackers shifting toward **behavioral and organizational weaknesses** in...
Email-attack shift toward behavioral and organizational weaknesses in 2026
TrendAbout this happening: A large-scale analysis of **almost 800,000 email attacks** across **more than 4,600 organizations** shows attackers shifting toward **behavioral and organizational weaknesses** in...
Timeline
-
25.02.2026 16:00 2 articles · 4mo ago
StrongestLayer discloses TOAD phishing gateway-bypass findings
Initial DisclosureStrongestLayer published analysis of roughly 5,000 email-based threat detections that bypassed secure email gateways across multiple enterprise environments between December 2025 and 2026-02-25, finding that telephone-oriented attack delivery (TOAD) accounted for nearly 28% of bypasses and typically used a fake billing notice with a phone number as the only payload. The research also tracked more than 1,400 unique evasion combinations, described multilayered delivery techniques such as PDF attachments, QR codes, URL multi-hop redirects, Google Calendar or SharePoint delivery, and noted that TOAD worked well against both Google- and Microsoft-hosted email.
Show sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00