ADVERTISEMENT

New TOAD phishing campaign targets Microsoft Entra guest invitees with fake invoices

Cybercriminals are targeting recipients of Microsoft Entra B2B guest invites, taking advantage of Entra’s cloud-based infrastructure to bypass email filters in a new Telephone-Oriented Attack Delivery (TOAD) phishing campaign.

Microsoft, Azure

Image by Cybernews.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Nov 18, 2025 Updated: 19 November 2025 4 min read
Key takeaways:

Actual threat intelligence! A few friends and I identified a new reverse phishing campaign leveraging Entra Guest User invitations. This campaign was newly discovered and corroborated. I recommend reviewing organization email for these invitations. taggart-tech.com/ent...

[image or embed]

undefined Taggart (@taggart-tech.com) November 14, 2025 at 1:12 PM

Breaking down the TOAD attack

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
Microsoft Entra phish email
Image by Taggart-tech.com
ADVERTISEMENT
  • Trusted delivery mechanisms (Microsoft Entra infrastructure)
  • Minimal technical indicators (no malicious attachment or link to analyze)
  • Social pressure (urgent account issues prompting a phone call)

What can organizations do to protect themselves?

Microsoft Entra TOAD phish header
Image by Taggart-tech.com

ADVERTISEMENT