Cisco Talos Analyzes Phone Number Reuse in Scam Campaigns
Cisco Talos researchers have uncovered how attackers are leveraging API-driven VoIP services to rotate through phone numbers in scam emails to evade detection.
Cisco Talos has identified a growing trend of attackers utilizing VoIP providers to provision and rotate through sequential blocks of phone numbers for scam email campaigns. By leveraging API-driven services, threat actors can maintain operational continuity while making their activities difficult to track and block.
This tactic allows for high-volume, cost-effective scam operations. The reuse of these numbers across multiple campaigns serves as a key indicator of compromise (IOC) that security teams can use to identify and mitigate malicious email traffic.
Organizations are encouraged to monitor for these patterns and incorporate phone number intelligence into their email security filters. Talos continues to track these developments to provide better visibility into the infrastructure supporting modern scam operations [Cisco Talos].