Callback Phishing

What You'll Learn

• Recognize the structure of a callback phishing email, including fake invoices and embedded phone numbers that bypass link-based detection
• Verify billing claims independently using official company websites and known support channels before responding
• Identify conversational manipulation tactics used by attackers on the phone, such as scripted urgency and false reassurance
• Understand why callback phishing evades traditional email security filters that scan for malicious URLs and attachments
• Follow your organization's incident reporting process when you encounter a suspected TOAD attack

Training Steps

1. A Busy Wednesday

   It's Wednesday afternoon at Harmon & Blake Consulting. You are Alice, a senior consultant who frequently uses your corporate credit card for client expenses and travel bookings. You have a packed schedule today - two client calls this afternoon and a business trip to book for next week.

2. The Fraud Alert

   A new email arrives in Alice's inbox. The subject line catches her eye immediately - something about her corporate card.

3. Panic Sets In

   Alice's heart races. $2,847 is a significant amount, and she definitely did not make that purchase. The email mentions account suspension - that would be a disaster with the client trip next week. Despite the red flags, panic overrides caution. Alice grabs her phone and dials the number from the email: 1-888-445-9127 .

4. Identity Verification

   'Michael' sounds professional and reassuring. He asks Alice to verify her identity before they can discuss the charge - standard procedure, he explains.

5. The Secure Portal

   Michael explains that to complete the fraud claim, Alice needs to verify her card details through their 'secure online portal.' He provides a URL and stays on the line to walk her through the process.

6. Opening the Portal

   Alice opens her browser and navigates to the URL Michael provided. The website looks professional with a corporate card logo and secure-looking design.

7. Guided Through the Form

   Michael guides Alice through the form on the screen, asking her to enter her full card number, expiration date, and security code to 'flag the compromised card and issue a replacement.'

8. Entering Card Details

   Alice enters her corporate card details as directed by Michael over the phone.

9. The Final Piece

   Michael thanks Alice for her patience. He explains there is 'one more step' - they need to verify her corporate banking credentials to check if any linked accounts were also compromised.

10. Banking Credentials

    The page now shows a form asking for Alice's corporate banking portal login. Michael assures her this is the final step to complete the fraud claim.