Attackers continue to adapt classic phishing techniques to exploit trusted cloud infrastructure, and Microsoft Entra tenant invitations now sit firmly in their crosshairs. In this emerging campaign, adversaries abuse 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐭𝐞𝐧𝐚𝐧𝐭 𝐢𝐧𝐯𝐢𝐭𝐚𝐭𝐢𝐨𝐧𝐬 to deliver 𝐓𝐎𝐀𝐃 (Telephone-Oriented Attack Delivery) attacks that bypass traditional URL-centric defenses and drive victims toward attacker-controlled phone numbers. Instead of asking users to click a suspicious link, the phish arrives as a genuine guest user invitation from invites@microsoft[.]com, complete with realistic tenant names and fabricated billing details, which makes it far more convincing at first glance.
𝐒𝐡𝐢𝐟𝐭 𝐟𝐫𝐨𝐦 𝐥𝐢𝐧𝐤-𝐛𝐚𝐬𝐞𝐝 𝐩𝐡𝐢𝐬𝐡𝐢𝐧𝐠 𝐭𝐨 𝐓𝐎𝐀𝐃
𝐓𝐞𝐥𝐞𝐩𝐡𝐨𝐧𝐞-𝐎𝐫𝐢𝐞𝐧𝐭𝐞𝐝 𝐀𝐭𝐭𝐚𝐜𝐤 𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲 evolved as email security improved at catching obvious malicious URLs and attachments. In TOAD campaigns, the initial email usually contains no payload at all. Instead, it pushes the victim to call a phone number, where a human or scripted operator walks them through fake support steps, credential capture, and sometimes remote-access tooling. Several detailed breakdowns of TOAD trends show that callback phishing regularly evades secure email gateways because the email content often looks harmless at a static level.
Because of this shift, defenders must treat phone numbers inside cloud-delivered messages with the same suspicion they once reserved for attachment-based lures. In the 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐭𝐞𝐧𝐚𝐧𝐭 𝐢𝐧𝐯𝐢𝐭𝐚𝐭𝐢𝐨𝐧𝐬 𝐓𝐎𝐀𝐃 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 described here, that phone number sits inside a legitimate guest invitation that many users instinctively trust.
𝐇𝐨𝐰 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐠𝐮𝐞𝐬𝐭 𝐢𝐧𝐯𝐢𝐭𝐚𝐭𝐢𝐨𝐧𝐬 𝐧𝐨𝐫𝐦𝐚𝐥𝐥𝐲 𝐰𝐨𝐫𝐤
Under normal circumstances, Entra B2B collaboration allows administrators to invite external guests into their tenant. The platform creates a guest account, sends an invitation, and walks the external user through a redemption process so they can access Teams, SharePoint, or other resources. Microsoft’s documentation explains that invitations can be sent through the Entra admin center, PowerShell, or APIs, and that external collaboration settings control who can invite guests and how domains are restricted.
Furthermore, Entra external collaboration configuration includes options for domain allowlists or blocklists, guest visibility, and entitlement restrictions, all of which influence how B2B invitations move across environments. Because guest access underpins many modern partnerships, organizations often keep these paths open, and attackers take advantage of that openness.
𝐓𝐡𝐞 𝐓𝐎𝐀𝐃 𝐜𝐚𝐦𝐩𝐚𝐢𝐠𝐧: 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐭𝐫𝐮𝐬𝐭 𝐰𝐢𝐭𝐡 𝐟𝐚𝐤𝐞 𝐭𝐞𝐧𝐚𝐧𝐭𝐬
In this specific Microsoft Entra tenant invitations TOAD campaign, adversaries create their own Entra tenants and assign names that resemble legitimate Microsoft-affiliated services, such as “Unified Workspace Team,” “CloudSync,” or “Advanced Suite Services.” These labels appear plausible enough that busy users rarely question the origin. Once the infrastructure exists, the attackers send guest invitations from invites@microsoft[.]com, relying on the fact that the sender address and Entra branding match expectations for a real collaboration invite.
Inside the invitation, the message body contains a detailed scenario about a supposed 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝟑𝟔𝟓 𝐚𝐧𝐧𝐮𝐚𝐥 𝐩𝐥𝐚𝐧 renewal. The text lists fabricated reference numbers, customer IDs, and a charge of roughly 𝟒𝟒𝟔.𝟒𝟔 𝐔𝐒𝐃, which looks consistent with business-grade subscription pricing. The instructions urge the recipient to call a phone number labeled as Microsoft Billing Support to dispute or confirm the charge. That number routes to an attacker-run call center instead of any legitimate Microsoft support channel.
𝐀𝐭𝐭𝐚𝐜𝐤 𝐬𝐭𝐚𝐠𝐞𝐬: 𝐟𝐫𝐨𝐦 𝐢𝐧𝐯𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐭𝐨 𝐜𝐫𝐞𝐝𝐞𝐧𝐭𝐢𝐚𝐥 𝐭𝐡𝐞𝐟𝐭
First, the victim receives the invitation email that appears to originate from Microsoft’s infrastructure. Then, the billing narrative creates urgency and fear of an unwanted charge. As soon as the user calls the number, a TOAD script takes over. Numerous analyses of callback phishing show that operators typically walk victims through verification questions, pressure them into sharing Microsoft 365 credentials, and push them into remote-support sessions using legitimate remote-access tools.
During these calls, adversaries may reset passwords, enroll their own devices into conditional access flows, or register additional multi-factor authentication methods. Several public briefings on TOAD note that once attackers hold live phone control, they can sidestep many typical phishing indicators, because the victim willingly reads codes, approves prompts, and authorizes device registrations.
𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐢𝐧𝐠 𝐭𝐡𝐞 𝐄𝐧𝐭𝐫𝐚 𝐢𝐧𝐯𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐦𝐞𝐬𝐬𝐚𝐠𝐞 𝐟𝐢𝐞𝐥𝐝
The campaign hinges on a subtle design gap in the Entra invitation process. The guest invitation message field accepts relatively long, free-form text. That flexibility allows the platform to carry collaboration context; however, it also lets attackers embed complete phishing scripts and billing stories directly into the invite. Public research on this specific attack notes that the primary motive is to exploit the message field rather than any code execution flaw.
Because the message rides inside an invite generated by Microsoft, many email security solutions treat it as benign system mail. Some defenders already document that callback phishing and TOAD emails often evade detection for the same reason: the content contains no obvious payloads, just text and a phone number.
𝐈𝐧𝐝𝐢𝐜𝐚𝐭𝐨𝐫𝐬 𝐭𝐨 𝐡𝐮𝐧𝐭 𝐟𝐨𝐫 𝐢𝐧 𝐥𝐨𝐠𝐬 𝐚𝐧𝐝 𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲
Security teams can start by reviewing email and Entra audit logs for invitations sent from invites@microsoft[.]com that include:
– Tenant names matching or resembling the attacker patterns, such as x44xfqf.onmicrosoft[.]com, woodedlif.onmicrosoft[.]com, and xeyi1ba.onmicrosoft[.]com.
– Subject lines that indicate a generic invitation to access applications within another organization’s tenant.
– Message bodies that describe unexpected Microsoft 365 renewals or invoices, particularly around mid-value amounts like the 𝟒𝟒𝟔.𝟒𝟔 𝐔𝐒𝐃 example.
Additionally, defenders can mine call-detail records, help desk notes, and security incident tickets for repeated reports of suspicious “Microsoft billing” calls that tie back to a handful of phone numbers. Multiple industry write-ups highlight how TOAD activity often clusters around small sets of VoIP numbers that attackers recycle across campaigns.
𝐑𝐢𝐬𝐤 𝐢𝐦𝐩𝐚𝐜𝐭 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝟑𝟔𝟓 𝐭𝐞𝐧𝐚𝐧𝐭𝐬
From a risk perspective, Microsoft Entra tenant invitations TOAD attacks matter because they blend three high-impact factors. First, they rely on legitimate Microsoft infrastructure, which reduces the chance of outright blocking. Second, they drive victims directly into phone-based social engineering, where technical controls lose influence and user behavior becomes the main defense line. Third, they specifically target identity and access: the attacker wants account credentials, MFA codes, or device enrollment approvals.
As several TOAD case studies note, successful callback phishing often leads to lateral movement inside cloud tenants, data exfiltration, and business email compromise rather than just a single mailbox takeover. Once adversaries hold valid tokens and devices, many downstream controls treat them as normal users.
𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐬: 𝐬𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧𝐢𝐧𝐠 𝐄𝐧𝐭𝐫𝐚 𝐞𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐜𝐨𝐥𝐥𝐚𝐛𝐨𝐫𝐚𝐭𝐢𝐨𝐧
To reduce exposure, organizations should revisit Microsoft Entra external collaboration settings with TOAD in mind. Microsoft’s guidance outlines how to constrain which roles can invite guests, how to restrict domains, and how to limit guest user capabilities inside the directory.
Teams can tighten guest invitation flows by limiting invitation rights to specific admin roles, applying explicit domain allowlists for B2B collaboration, and regularly reviewing guest accounts for unusual naming patterns or inactivity. Additionally, security operations centers can integrate KQL-based hunting queries against Entra sign-in and audit logs to surface suspicious spikes in guest invitations or repeated invitations from newly created tenants.
𝐔𝐬𝐞𝐫 𝐚𝐰𝐚𝐫𝐞𝐧𝐞𝐬𝐬 𝐟𝐨𝐫 𝐜𝐚𝐥𝐥𝐛𝐚𝐜𝐤 𝐚𝐧𝐝 𝐓𝐎𝐀𝐃 𝐚𝐭𝐭𝐚𝐜𝐤𝐬
Technical controls alone will not stop Microsoft Entra tenant invitations TOAD attacks. Therefore, organizations need targeted awareness campaigns that explain callback phishing in clear language. Training should emphasize that:
– Users must distrust any billing-related email or invitation that demands a phone call to resolve an unexpected charge.
– Staff should call official support numbers retrieved from the organization’s internal portal or Microsoft’s official site, never from the body of an email or Entra invitation.
– Employees must report any suspicious Microsoft billing calls to security teams, especially when combined with recent Entra invitations.
Government and financial-sector advisories already warn that TOAD and voice-phishing scams rely on urgency, confusion about charges, and trust in the phone channel. When users understand that a legitimate-looking invitation can still be weaponized, they become more resilient to these blended social engineering attacks.
3 thoughts on “Hackers Exploit Microsoft Tenant Invitations for TOAD Phishing”