Hackers are reportedly impersonating brands like PayPal and Apple to steal information and send malware, according to recent research by Cisco Talos on a surge of instances in which victims call the scammers on the phone, responding to a request regarding an urgent transaction. “Brand impersonation is a social engineering technique that exploits the popularity of well-known brands to persuade email recipients to disclose sensitive information,” the researchers wrote. In these phishing scams, “adversaries can deliver brand logos and names to victims using multiple types of payloads. One of the most common methods of delivering brand logos and names is through PDF payloads (or attachments).” Many of these emails persuade victims to call “adversary-controlled phone numbers,” employing another popular social engineering tactic: telephone-oriented attack delivery (TOAD), otherwise known as callback phishing. Victims are told to call a number in the PDF to settle an issue or confirm a transaction. Once they call, the attacker pretends to be a legitimate representative and tries to manipulate them into sharing confidential information or installing malware on their computer.