Scammers Utilize VoIP Numbers in Email Phishing Campaigns

Severity: High (Score: 64.5)

Sources: Gbhackers, Cybersecuritynews, Blog.Talosintelligence

Summary

Scammers are increasingly embedding phone numbers in scam emails, utilizing VoIP infrastructure to evade detection. This tactic, known as Telephone-oriented attack delivery (TOAD), manipulates victims into calling attacker-controlled numbers. Cisco Talos reported that six of the ten largest detected campaigns between February 26 and March 31, 2026, relied on VoIP numbers, which are favored for their ease of acquisition and difficulty in tracing. The analysis indicates that VoIP numbers, particularly from CPaaS providers, are exploited for rapid provisioning in fraud operations. The current landscape shows a growing trend in the reuse of these numbers across various campaigns, raising concerns about the effectiveness of existing detection methods. The use of disposable VoIP numbers complicates reputation blocking efforts, allowing scammers to scale their operations significantly. As the threat evolves, organizations are urged to enhance their defenses against these sophisticated phishing tactics. Key Points: • VoIP numbers are increasingly used in phishing campaigns due to their ease of acquisition. • Six out of ten major scam campaigns detected recently relied on VoIP infrastructure. • Scammers exploit disposable VoIP numbers to bypass detection and reputation blocking.

Key Entities

• Phishing (attack_type)
• T1566.001 - Spearphishing Attachment (mitre_attack)
• T1566 - Phishing (mitre_attack)