The Rise of PDF-Based Callback Phishing: How Cybercriminals Impersonate Brands & Exploit AI

The invisible war between cybercriminals and organizations has taken a dramatic turn as hackers’ phishing campaigns embrace increasingly sophisticated strategies, using PDFs to impersonate trusted brands like Microsoft and DocuSign. Between May and June 2025, researchers from Cisco Talos observed a steady uptick in attacks employing “Telephone-Oriented Attack Delivery” (TOAD) — a callback phishing scheme that leverages branded PDF attachments to coax recipients into calling phone numbers operated by threat actors. Once on these voice calls, targets are manipulated with rehearsed scripts, spoofed caller IDs, and social engineering, often culminating in the theft of sensitive information or the installation of malware.

Anatomy of a Modern PDF Phishing Attack​

Today’s PDF phishing emails are meticulously crafted, using branding and design nearly indistinguishable from legitimate communications. Attackers mount these schemes by:

• Disguising malicious payloads as PDF attachments emblazoned with familiar corporate logos — including Microsoft, DocuSign, NortonLifeLock, PayPal, and Geek Squad.
• Embedding QR codes or URLs within the PDF, sometimes hidden in annotations, form fields, or sticky notes, exploiting both user trust and the popularity of paperless workflows.
• Crafting urgent message content that prompts recipients to “verify a transaction” or resolve a fabricated account issue, instructing them to call a provided phone number.
• Ensuring the linked QR or URLs sometimes land on authentic pages (for example, Microsoft’s own login pages) as a decoy, or directly on convincing phishing sites mimicking services like Dropbox and Microsoft 365.

Unlike traditional email-borne phishing, these PDF-centric attacks are able to slip past basic email security filters, especially if the QR code resolves to a whitelisted domain or the PDF attachment itself contains no obvious malware.

The Rise of Callback Phishing (TOAD): Tactics and Consequences​

Callback phishing — or Telephone-Oriented Attack Delivery — has become a perennial favorite among cybercriminals due to its dual-pronged attack surface. The phishing email builds authenticity and urgency, but the real manipulation occurs over the phone. Once the victim calls the adversary-controlled number:

• The attacker, posing as a support agent (IT, billing, tech, or security), uses social engineering to heighten anxiety, confusion, or fear.
• The caller may be guided to install remote access tools (like AnyDesk, TeamViewer, or lesser-known alternatives) under the pretense of “solving” a technical issue.
• In other variations, they’re routed through fraudulent payment portals, harvesting credit card and other sensitive personal details.
• In the worst cases, they’re convinced to hand over multi-factor authentication codes or passwords, granting attackers persistent access to email accounts, business data, and personal documents.

Observed by Cisco Talos, most TOAD campaigns lean heavily on believable support scripts, complete with hold music, faux escalation procedures, and even spoofed caller IDs — all designed to mirror legitimate corporate workflows. The illusion of urgency remains central, disrupting a victim’s ability to calmly analyze the message and thus increasing the attack’s success rate.

Brand Impersonation at Scale: Targeting Microsoft, DocuSign, and More​

Cisco Talos’ 2025 analysis confirms that Microsoft and DocuSign are the most commonly mimicked brands in callback phishing emails with PDF attachments. Following close behind, NortonLifeLock, PayPal, and Geek Squad round out the top five.
Brand trust works to the attacker’s advantage: recipients who see a logo they recognize — especially from a brand they use often — are more likely to believe the communication is genuine. This forms the basis for both psychological and technical deception:

• The PDF attachment may employ the precise color palette, design structure, and even regional branding of the impersonated entity.
• Instructions and “customer service” lingo reflect the brand’s standard communication style.
• QR codes and links, when scanned, sometimes take victims to decoy real pages before redirecting to malicious destinations, diminishing suspicion.

Researchers warn that this “brand impersonation arms race” is pressing security vendors to develop more advanced brand impersonation detection engines, which can analyze communications for subtle cues or artifacts that betray fraudulent intent.

Exploiting Microsoft’s Direct Send – The Evolution of Internal Phishing​

In an alarming development, attackers have adapted to exploit a legitimate Microsoft 365 feature: Direct Send. Here, phishing campaigns:

• Deliver spoofed emails that appear to originate from within the target organization, exploiting the default configuration where smart host addresses follow a predictable pattern (e.g., [tenantname].mail.protection.outlook.com).
• Circumvent normal authentication or relay protections, enabling phishing messages to evade inbound filtering and appear more authoritative to recipients.

Varonis, a noted cybersecurity firm, found that since May 2025, more than 70 organizations have been targeted with this Direct Send tactic. The messages, often styled as internal notifications (such as voicemail alerts), sometimes carry PDF attachments containing QR codes that redirect to credential harvesting pages. Because these phishing messages appear to be coming from a colleague or internal system — not an external attacker — users are more likely to trust them.

The Expanding Attack Surface: From Banking Trojans to Ransomware​

While the primary objective of PDF-based phishing has long been credential theft, new variants broaden the attack spectrum:

• Banking malware: On mobile (especially Android), attackers lure victims into installing trojans that monitor transactions, intercept texts, or even scan phones for crypto wallets.
• Persistent footholds: Remote access programs, once installed under the guise of support, remain on systems, allowing attackers to return later for extortion or data exfiltration.
• BEC and tech-support scams: Attackers urge victims to make payments, transfer funds, or convert assets (including cryptocurrency) under fraudulently obtained instructions.

Each iteration of these schemes pushes defenders to up their game. Current enterprise security strategies are increasingly shifting to focus on layered threat detection — encompassing email filtering, attachment analysis, behavioral analytics, and continuous user education.

Threat Actor Profiles: Luna Moth and the Use of VoIP​

The financially motivated group Luna Moth exemplifies the kind of skill and patience now typical in TOAD campaigns. Not only do they exploit brand impersonation, but they also:

• Rotate Voice over Internet Protocol (VoIP) numbers to maintain operational security and evade detection. Cisco Talos observed these numbers reused for several days at a time, enabling multi-stage social engineering and follow-up calls as needed.
• Exploit trust in phone calls and real-time interactions. Many users, conditioned to mistrust emails but view phone communication as inherently safer, are easy prey for these manipulative voice-based attacks.

According to a May 2025 FBI warning, Luna Moth actors routinely pose as IT department staff, guiding victims through steps that ultimately compromise network security or, in some cases, lead to full-blown ransomware deployment.

The Dark Side of AI: LLMs, Brand Login URLs, and Supply Chain Manipulation​

Recent months have exposed another disturbing vector: cybercriminals manipulating large language models (LLMs) — AI-powered chatbots and assistants — to serve up phishing URLs or unreliable login information for major brands. Netcraft, in a study covering 50 major brands, reported that:

• Two-thirds of queries to LLMs for brand login URLs returned genuine addresses.
• Almost 30% of responses pointed to unregistered, parked, or inactive domains — many open to takeover by malicious actors.
• A further 5% misdirected users to unrelated businesses, risking both credential loss and brand reputation.

This LLM-manipulation threat is far from theoretical. Cybercriminals have begun gaming AI algorithms by creating plausible-looking websites, seeding coding repositories (such as on GitHub) with “tutorials,” and inserting poisoned APIs expressly designed to be indexed by AI training data. For example, a project called Moonshot-Volume-Bot was pushed across scores of well-fabricated fake GitHub accounts, each with realistic profiles and activity, to attract both human and algorithmic trust.
The upshot: AI is not only automating the mass production of phishing lures and convincing brand impersonation pages — it can now inadvertently direct unsuspecting users to attacker-controlled pages simply through the logic of its own indexing.

Search Engine Poisoning and the Hacklink Economy​

An additional escalation in the threat landscape: the use of illicit marketplaces like Hacklink, where cybercriminals can purchase access to thousands of compromised websites and inject JavaScript or HTML designed to manipulate search engine results.
Key mechanics include:

• Compromising high-trust domains (such as “.gov” or “.edu”) and injecting links that boost the visibility of phishing or illicit websites in organic search results.
• Creating outbound links from legitimate websites, spammed with target keywords, to manipulate rankings.
• Editing the metadata or search result descriptions to fit attacker needs, increasing the likelihood victims will click the malicious link.

Recent research by Andrew Sebborn shows that threat actors aren’t simply hijacking sites — they’re actively aligning their hacked pages and metadata to mirrored search terms, impersonating brands, and further eroding consumer trust in legitimate domain names.

The Resurgence of QR Code Phishing via PDF Payloads​

QR codes, which enjoyed a revival during global health crises, have now become an invaluable tool for phishers. By embedding malicious QR codes:

• PDFs can bypass link scanners, relying on the victim’s mobile device to complete the malicious action.
• Code can be placed in hidden or unexpected places within the PDF, such as under images or inside annotation layers, further evading traditional sandbox analysis.
• Codes sometimes redirect users through short-lived landing pages or via “burner” redirects, complicating forensic investigation and blacklisting efforts.

Security teams have noted that even conscientious employees struggle to discern between legitimate and malicious QR codes, especially when paired with credible branding and urgent calls-to-action in a PDF attachment.

Implications for Enterprises and End-Users​

The cumulative impact of these developments is profound for both organizations and individuals:

• For enterprises: The blending of email-based and telephone-based phishing, compounded by AI-powered manipulation of search and support workflows, demands a rethink of both detection technology and user training. Standard perimeter defences are no longer sufficient. Organizations need real-time brand impersonation detection, robust endpoint security, continuous phishing simulations, and clear incident reporting procedures.
• For individuals: The rise in convincing callback phishing, especially when embedded in otherwise benign-looking PDFs, means even tech-savvy users are at increased risk. Abuse of QR codes and the manipulation of trusted AI advice further blurs the line between safe and dangerous actions online.

Defensive Best Practices and Industry Recommendations​

Cybersecurity experts and major vendors now uniformly recommend a defense-in-depth strategy that includes:

• Brand Impersonation Detection: Deploy advanced engines capable of analyzing not just sender addresses, but the structure, imagery, and language of email and PDF attachments for telltale signs of forgery.
• Multi-Factor Authentication (MFA): Although not foolproof, MFA remains a significant barrier to simple credential theft, especially when combined with phishing-resistant methods like hardware keys.
• User Education: Frequent, realistic phishing simulations that focus on the evolving tactics (such as QR code scans, callback instructions, and internal spoofing) dramatically raise vigilance.
• VoIP and Phone Security: Train users to verify phone numbers before calling and to be wary of unsolicited requests for remote access or financial transactions.
• AI Risk Management: Security teams should monitor known AI model behaviors, flag unexpected login URL responses, and maintain awareness of poisoned repositories or supply chain risks.
• Search Engine Manipulation Monitoring: Employ continuous monitoring services that scan for unauthorized links or code injections in your domains, and swiftly reclaim compromised SEO reputations.

The Road Ahead: An Escalating Cat-and-Mouse Game​

There is little doubt that attackers will continue iterating their techniques. As more businesses move their operations and communications into cloud environments — and as users continue to rely on PDFs, QR codes, and AI-powered tools — the cybercrime economy has many lucrative opportunities.
Future-looking concerns include:

• Attackers leveraging deepfakes or AI-generated voices in callback phishing, further eroding users’ confidence in phone-based support.
• Further development of AI efforts to manipulate or “poison” chatbot and search assistant logic, so victims are more often guided directly to attacker-controlled assets.
• Enhanced automation of multi-stage phishing campaigns, blending email, phone, web, and even SMS vectors with greater precision and contextual accuracy.

Conclusion​

The emergence of callback phishing using PDFs represents a critical evolution in cyberattack methodology, blending trusted enterprise brands with multi-factor social engineering and exploiting the very tools meant to ease digital workflows. Attackers are now not only mimicking logos and email workflows, but also co-opting phone communications, payment pages, QR codes, and even AI-powered search results to trap their prey.
Only a multipronged approach — combining advanced brand impersonation detection engines, continuous education, improved phone security practices, and a proactive approach to AI and supply chain manipulation — can offer robust defense. As the cybercrime economy continues to innovate, organizations and consumers alike must remain hyper-vigilant, adapting their defensive posture to stay ahead in this ever-escalating digital arms race.

---

Source: The Hacker News Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns