While standard email security training often emphasizes the risks of clicking suspicious links or downloading unverified attachments, recent telemetry indicates a shift toward techniques that bypass these traditional triggers. Telephone-Oriented Attack Delivery (TOAD), a method where the email payload is simply a phone number, has become a significant factor in gateway evasion.
Researchers from StrongestLayer have published an analysis of approximately 5,000 email-based threats that successfully bypassed secure email gateways (SEGs) in enterprise environments between December 2025 and early 2026. The data suggests that while typical social engineering tactics. Such as PDF attachments, QR codes, and URL redirects—remain prevalent, TOAD accounted for nearly 28% of all detections that evaded initial defenses.
The Mechanics of Simplicity
The effectiveness of TOAD lies in its structural simplicity. In these scenarios, a target receives a notification impersonating a trusted service, such as PayPal or Docusign. The message typically claims a charge has been processed and provides a phone number as the sole method for dispute or resolution.
Because the email contains no malicious binaries or reputation-flagged URLs, it presents a challenge for traditional detection models. Once a user calls the provided number, the interaction moves to a voice channel, outside the purview of email security monitoring. On the call, threat actors attempt to engineer the disclosure of credentials, request remote device access, or help unauthorized financial transactions.
According to the research team, this technique operates outside the parameters many security architectures were designed to detect. A phone number is indistinguishable from a legitimate business contact string. Consequently, blocking rules based on the combination of financial language and phone numbers would likely generate an unmanageable volume of false positives, flagging legitimate billing notifications across the enterprise.
Compounding Complexity
The analysis highlights that evasion techniques are rarely used in isolation. The average detection in the dataset employed more than four distinct evasion techniques simultaneously. Researchers tracked over 1,400 unique evasion combinations, representing a 130% increase over the previous study period.
Defensive performance varied across platform architectures:
QR Code Vectors: These were more effective against Microsoft environments lacking specific E3/E5 protections compared to Google environments.
Spoofing Trusted Sources: Google Workspace environments showed higher susceptibility to notifications spoofing legitimate domains.
TOAD: This technique demonstrated consistent effectiveness against both Microsoft and Google-hosted email platforms.
This variance suggests that threat actors are tailoring campaigns to specific infrastructure. Sophisticated attempts often utilize a multilayered approach, where each layer is designed to bypass a specific detection capability—using a legitimate service like SharePoint to bypass reputation filters, and a phone-based call to action to evade content scanning.
Addressing the "Docusign Factory" Challenge
Alan Lefort, CEO and co-founder of StrongestLayer, notes the operational difficulty in filtering these threats, particularly for organizations with high document throughput. A law firm, for example, may process thousands of legitimate Docusign envelopes daily. Because TOAD attacks rely on mimicking authentic notifications without distinct malicious markers, strict filtering rules risk disrupting essential business workflows.
The economics of these campaigns also influence their prevalence. The barrier to entry for high-quality social engineering has lowered significantly. Where targeted reconnaissance and drafting convincing emails previously required significant time or capital, generative AI tools have reduced the cost of scaling these operations to cents per attempt.
Strengthening Defenses
To counter structurally invisible threats, security teams should consider moving beyond static rulesets toward reasoning models capable of analyzing the context and subtle patterns associated with TOAD communications. Lefort recommends evaluating current security coverage against the attack taxonomy detailed in the report to identify specific gaps.
Procedural controls and user education also play a vital role. Organizations can build resilience by establishing clear communication protocols:
Validate Channels: Employees should be aware that legitimate invoices rarely require immediate resolution via a phone call found in the email body.
Authorization Flows: Financial payments and authorizations should follow strict internal workflows, never originating solely from an inbound phone request.
Verification: Guidance on how to independently verify a request, such as navigating directly to a vendor portal rather than using email contact details—remains a foundational control.