TOAD phishing is rising as a gateway-bypass trend in enterprise email environments
Target Trend
Summary
Hide ▲
Show ▼
TOAD phishing has become a major gateway-bypass pattern in enterprise email environments, increasing the risk that scam emails reach users despite secure email defenses. The trend matters because nearly 28% of bypass detections in a December 2025-to-present dataset used this phone-number-based technique, and attackers are layering evasion methods to improve delivery. It also shows that the same approach can work across Microsoft- and Google-hosted mail, reducing the value of basic filtering alone.
Related Happenings
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/Service
First: 28.04.2026 16:18
Last: 28.04.2026 16:18
Sources 1
About this happening:
**Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/ServiceAbout this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
UNC6692 email bombing and Microsoft Teams impersonation campaign
Campaign
First: 25.04.2026 18:07
Last: 25.04.2026 18:07
Sources 1
About this happening:
UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
UNC6692 email bombing and Microsoft Teams impersonation campaign
CampaignAbout this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
Email-attack shift toward behavioral and organizational weaknesses in 2026
Target Trend
First: 23.04.2026 14:06
Last: 23.04.2026 14:06
Sources 1
About this happening:
A large-scale analysis of **almost 800,000 email attacks** across **more than 4,600 organizations** shows attackers shifting toward **behavioral and organizational weaknesses** in...
Email-attack shift toward behavioral and organizational weaknesses in 2026
Target TrendAbout this happening: A large-scale analysis of **almost 800,000 email attacks** across **more than 4,600 organizations** shows attackers shifting toward **behavioral and organizational weaknesses** in...
Silent subject/null subject phishing campaign targeting executives and privileged users
Campaign
First: 22.04.2026 16:00
Last: 22.04.2026 16:00
Sources 1
About this happening:
A **widespread silent subject/null subject phishing campaign** is sending subject-less emails to **high-value users**, raising the risk of **credential theft** and follow-on **lat...
Silent subject/null subject phishing campaign targeting executives and privileged users
CampaignAbout this happening: A **widespread silent subject/null subject phishing campaign** is sending subject-less emails to **high-value users**, raising the risk of **credential theft** and follow-on **lat...
Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025
Target Trend
First: 13.04.2026 18:00
Last: 13.04.2026 18:00
Sources 1
About this happening:
In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...
Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025
Target TrendAbout this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...
Timeline
-
25.02.2026 16:00 2 articles · 3mo ago
StrongestLayer discloses TOAD phishing gateway-bypass findings
Initial DisclosureStrongestLayer published analysis of roughly 5,000 email-based threat detections that bypassed secure email gateways across multiple enterprise environments between December 2025 and 2026-02-25, finding that telephone-oriented attack delivery (TOAD) accounted for nearly 28% of bypasses and typically used a fake billing notice with a phone number as the only payload. The research also tracked more than 1,400 unique evasion combinations, described multilayered delivery techniques such as PDF attachments, QR codes, URL multi-hop redirects, Google Calendar or SharePoint delivery, and noted that TOAD worked well against both Google- and Microsoft-hosted email.
Show sources
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00
- Why 'Call This Number' TOAD Emails Beat Gateways — www.darkreading.com — 25.02.2026 16:00