Scammers are once again abusing PDFs to trick victims into calling fake support numbers – 1v1 Video Chat & LIve Streaming & Influencer Subscription

By Sead Fadilpašić

Tech Radar Pro

Tech Radar Gaming

Tech Radar Pro

TechRadar the business technology experts

Search TechRadar

View Profile

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

Expert Insights

Website builders

Web hosting

Best website builder
Best web hosting
Best office chairs
Best antivirus
Expert Insights

Recommended reading

Fake IT support voice calls lead to cyber extortion and stolen company data

Tech support scammers are forcing their fake phone numbers into real webpages

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Look out for tax-themed scams this month, Microsoft warns

Criminals are pretending to be Microsoft, Google, and Apple in phishing attacks

This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts

Mass quishing attacks linked to organized crime gangs across the UK

Scammers are once again abusing PDFs to trick victims into calling fake support numbers

Sead Fadilpašić

3 July 2025

No, you’re not talking to a Microsoft representative

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock.com / Atstock Productions)

Cisco Talos warns of callback phishing scams on the rise
Phishing emails come with PDF attachments, in which are phone numbers
Threat actors are exploiting people’s trust in phone calls

Security researchers from Cisco Talos have warned of an ongoing phishing campaign in which victims are tricked into calling the attackers on the phone.

In a new report, the researchers said that between early May and early June 2025, they observed threat actors spoofing major tech companies, such as Microsoft, Adobe, or Docusign.
Cisco Talos calls this type of scam “callback phishing” – in the phishing emails, they would notify the victims of a problem, or an incoming/pending transaction, then share a phone number they control, and invite the victim to dial in and address these issues. During the call, the attackers would masquerade as a legitimate customer representative and explain to the victim that in order to sort out their problem, they need to either disclose sensitive information, or install a piece of malware on their device.

You may like

Fake IT support voice calls lead to cyber extortion and stolen company data

Tech support scammers are forcing their fake phone numbers into real webpages

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Get 55% off Incogni’s Data Removal service with code TECHRADAR
Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

Callback phishing
“Attackers use direct voice communication to exploit the victim’s trust in phone calls and the perception that phone communication is a secure way to interact with an organization,” the researchers explained.

“Additionally, the live interaction during a phone call enables attackers to manipulate the victim’s emotions and responses by employing social engineering tactics. Callback phishing is, therefore, a social engineering technique rather than a traditional email threat.”
Most phone numbers used in these campaigns are VoIP ones, Cisco Talos further explained, stating that these are more difficult to trace.
The key information, including the attacker-controlled phone number, is shared via a .PDF file sent as an attachment. This is usually done to bypass traditional email security mechanisms and ensure the email lands in the inbox.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
As an added layer of obfuscation, the attackers would sometimes add a QR code into the body of the PDF file, since most AV and email protection tools cannot scan that deep. Furthermore, QR codes are usually scanned via smartphone cameras, and mobile devices rarely have the same level of security as laptops or desktop computers do.
Via The Hacker News
You might also like

America is the top source of spam, and it’s getting worse thanks to growing data center infrastructure
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Fake IT support voice calls lead to cyber extortion and stolen company data

Tech support scammers are forcing their fake phone numbers into real webpages

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Look out for tax-themed scams this month, Microsoft warns

Criminals are pretending to be Microsoft, Google, and Apple in phishing attacks

This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts

Latest in Security

Signal clone used by federal agencies hit in attacks targeting major flaws – CISA says patch immediately

The AI-powered future of ransomware is coming soon – here’s what we need to look out for

Security breach reveals Catwatchful spyware is snooping on thousands of phones – here’s how to stay safe

Cisco warns of a serious security flaw in comms platform – and that it needs patching immediately

Google has patched another urgent security flaw in Chrome – so update now or be at risk

Security experts flag another worrying issue with Anthropic AI systems – here’s what they found

Latest in News

AMD’s impressive free RX 9070 XT speed boosts confirmed in new benchmarks – and they make the GPU a better buy than Nvidia’s RX 5070 Ti

An unannounced MMO from The Elder Scrolls Online developer has been canceled by Xbox after seven years of work

Signal clone used by federal agencies hit in attacks targeting major flaws – CISA says patch immediately

The Pixel 6a will get a mandatory update that will ‘reduce battery capacity’ soon – and other Pixel phones could be next

HPE and Juniper confirm merger deal

Phil Spencer somehow thinks that Xbox has ‘never looked stronger’ as multiple games are canceled