TOAD phishing in a browser platform: what IAM teams miss

TL;DR: ATHR packages email lures, AI voice social engineering, and credential harvesting into a single browser-based TOAD platform sold on cybercrime markets for $4,000 plus 10% of profits, while many messages still pass SPF, DKIM, and DMARC checks according to Abnormal AI. That shifts detection away from email content and toward behaviour, recipient context, and phone-number lure anomalies that IAM and security teams are rarely tuned to spot.

NHIMG editorial — based on content published by Abnormal AI: LLMjacking: How Attackers Hijack AI Using Compromised NHIs

By the numbers:

• ATHR is sold for $4,000 plus 10% of profits.
• At the time of capture, the live dashboard displayed 243 total interactions, 12 active sessions, and 87% campaign utilisation.
• ATHR's AI vishing agent follows a 10-section script automatically, letting one operator launch multi-brand attacks without trained callers.

Questions worth separating out

Q: How should security teams defend against TOAD phishing campaigns that use phone callbacks?

A: Security teams should combine email telemetry, telephony monitoring, and identity workflow controls.

Q: Why do SPF, DKIM, and DMARC not stop this kind of phishing?

A: They validate message authenticity signals, but they do not prove the communication is safe or legitimate in context.

Q: What do security teams get wrong about phone-based phishing?

A: They often treat it as a user-awareness issue instead of a multi-channel identity attack.

Practitioner guidance

• Add callback behaviour to phishing detection rules Correlate inbound messages that contain phone numbers with subsequent calls to help desks, verification teams, or support queues.
• Harden recovery and verification workflows Require additional identity proofing before resetting credentials, revealing recovery data, or accepting verification codes during phone-based interactions.
• Monitor brand-recipient anomalies across communication channels Flag sender identities and brand names that do not fit the normal communication graph for a department, tenant, or business unit.

What's in the full article

Abnormal AI's full blog post covers the operational detail this post intentionally leaves for the source:

• The exact ATHR mailer, telephony, and phishing-panel workflow used to run callback-driven campaigns.
• Screenshot-level detail on the 10-section AI vishing script and how operators steer the conversation.
• Brand-specific panel behaviour for Coinbase, Binance, Gemini, Crypto.com, Google, Microsoft, Yahoo, and AOL.
• The operator workspace layout that lets a single browser session manage lure creation, live calls, and credential capture.

👉 Read Abnormal AI's analysis of ATHR and TOAD phishing automation →

TOAD phishing in a browser platform: what IAM teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →