- Статьи
- Internet and technology
- Give back the initiative: why scammers force their victims to call them back
Give back the initiative: why scammers force their victims to call them back
Fraudsters can use the so-called reverse phishing model to deceive Russians. Unlike classic attacks, where the attackers initiate contact themselves, in this model the victim voluntarily calls the number provided by the attackers, which significantly reduces the suspicion of what is happening. For more information about how reverse phishing works, how dangerous it is, and how to protect yourself from it, see the Izvestia article
What is known about "reverse" phishing
The fact that attackers are increasingly using a new approach called TOAD (Telephone-Oriented Attack Delivery), reverse phishing interaction over the phone, was reported by experts from the American company Cisco Talos. According to experts, as part of such attacks, potential victims are forced to independently call scammers posing as employees of well-known companies.
"Unlike classic attacks, where the attackers initiate contact themselves, in the TOAD model, the victim voluntarily calls the number indicated in the phishing email, which significantly reduces the suspicion of what is happening," says Nikolai Dolgov, an expert on cybersecurity at Angara Security, in an interview with Izvestia. — This approach creates a sense of control over the situation and makes the victim more susceptible to manipulation.
By calling the specified number, the user gets to the "call center". Its employees are represented by employees of well—known companies such as Microsoft, Norton, PayPal and others. Using pre-prepared communication scenarios and fake attributes (background noises, voice menus, IVR systems), the attackers ask the interlocutor to provide confidential data, install malware, or provide remote access to the device. Thus, the attack takes the form of a legitimate user request.
What is the risk of using "reverse" phishing against Russians
Operator's anti-fraud systems primarily evaluate incoming calls for the presence of a number in a certain high-risk list, Dmitry Dudkov, a specialist at F6 in combating financial fraud, said in an interview with Izvestia. If, for various reasons, the user calls the scammers himself, this allows the call not to fall under many protection systems — and this is one of the risks of TOAD.
— The scheme when the victim initiates the call himself is not new for Russia, — says the product manager of Solar WebProxy (Solar Group) Anastasia Khveschenik. — However, TOAD is an evolution of this method, transferred to a digital environment. It is much more dangerous because it exploits the user's trust in the interface of a familiar brand.
According to Anastasia Khveschenik, the risks of using this tactic against Russian users are enormous — and they fit into the overall picture of escalating cyber threats. Data from Solar Group shows that in the first quarter of 2025, the total number of attacks recorded by the company's trap systems increased by almost 160% compared to the end of last year. This suggests that attackers are constantly looking for and scaling new, more effective attack vectors.
Ekaterina Edemskaya, an expert and analyst engineer at Gazinformservice, agrees that the risks of using reverse phishing in Russia are extremely high. According to the expert, the Russian audience actively uses e-mail, messengers and digital services, and trust in well-known brands and services (including the Gosuslugi portal) creates favorable conditions for the implementation of such schemes.
"Telephone scams are already widespread in Russia, in which the victim receives calls from "bank employees" or "security services," and TOAD may become the next stage in the evolution of these attacks,— Ekaterina Edemskaya notes.
What fraud schemes can use "reverse" phishing?
Reverse phishing can be used in almost any fraudulent scenario, Alexander Vurasco, Director of Development at the Solar AURA External Digital Threat Monitoring Center (Solar Group), says in an interview with Izvestia. Moreover, such an application is possible even in isolation from the Internet: it is enough to hang a fake ad in the entrance on behalf of a management company with a phone belonging to scammers, and immediately there will be people who will dial this particular number.
— As for the online version of TOAD, here we are talking about creating a phishing site, which data is posted on social networks or sent during mailing, while specifying a phone number for communication, — says Alexandra Shmigirilova, GR director of the Security Code Information Security company. — If a person does not suspect that the site may be fake, he calmly uses the number to make a call, and then the fraudster, who introduces himself as a technical support employee, can force the potential victim to perform any actions, including installing some additional software.
Fraudulent schemes using "reverse" phishing can be aimed at a wide range of people with segmentation by user groups of certain services and services to increase the effectiveness of the attack, adds Lev Afanasyev, head of the anti-fraud department at Innostage. At the same time, many "merged" databases help attackers to carry out such segmentation, from which not only the facts of using the services are extracted, but also other additional data used to enhance the effect of data reliability.
"A side effect of using such fraudulent schemes is that the real owners of brands, services or services are discredited, which can have an impact on their business or even on the entire industry in which they operate," the expert emphasizes.
How to protect yourself from fraud schemes with "reverse" phishing
The danger of fraudulent schemes using "reverse" phishing is that attackers can obtain personal data or corporate accounts for subsequent attacks and theft of money, says the head of BI.ZONE AntiFraud Alexey Luzhnov. In addition, the victim may be forced to transfer funds or install malware, which can lead to data encryption and loss of access to accounts.
"For companies, such attacks carry financial and reputational risks, as the use of their brand in phishing reduces customer confidence,— the source said.
The main principle of protection against TOAD schemes is the complete rejection of interaction through imposed communication channels, says Anastasia Hveschenik. Never call the phone numbers listed on pop-ups, banners, or e-mail, no matter how convincing they may seem. Contact information for contacting support should be taken exclusively from the official website of the company, which you yourself found in the search engine.
Ignore any messages that require you to take immediate action under threat of being blocked or losing your funds. There's a golden rule of digital hygiene: if you're being rushed, scared, and forced to panic, it's almost certainly scammers. For businesses, relying only on the vigilance of employees is a risky strategy: it is necessary to build a technical level of protection.
—Comprehensive corporate network security solutions, such as NGFW and SWG (Secure Web Gateway) class, allow you to filter traffic, block access to malicious resources, and control the installation of illegitimate software, creating an additional technological barrier to intruders," notes Anastasia Hveschenik.
In addition, SWG class solutions can participate in incident investigations due to the availability of proprietary feeds. They check the sources and metadata of the sites, qualifying the resource as allowed, potentially malicious or threatening. As a result, the client can protect himself from switching to an unreliable Internet resource, the expert concludes.
Переведено сервисом «Яндекс Переводчик»
