Callback Phishing (TOAD): No Links, All Danger
You get an email from “Norton LifeLock” confirming your annual renewal at $499.99. You did not buy Norton LifeLock. There is no link to click, no attachment to open. Just a phone number to call if “this charge was made in error.”
So you call it. The person who answers sounds professional, patient, and genuinely helpful. They ask you to visit a website and download a “cancellation tool” so they can process your refund. What you are actually downloading is remote access software. Within minutes, the person on the other end controls your machine.
No malicious link was clicked. No attachment was opened. Your email security caught nothing because there was nothing to catch.
This is callback phishing, and it is one of the fastest-growing attack types in corporate environments.