Entertainment Don’t click on that Twilio message – it could be a scam
Don’t click on that Twilio message – it could be a scam
If you get an “urgent” message from Twilio (opens in new tab), be extra careful, as it’s most likely a scam aiming to trick you into giving away sensitive data, or hard-earned money.
This warning was sent out by the company itself, confirming it suffered a recent data breach with attackers using the stolen (opens in new tab) data to attack its customers.
Twilioy says it doesn’t know just yet who the perpetrators are, but it did describe them as “well-organized, sophisticated and methodical in their actions”. Whoever it was, they first tricked a couple of Twilio employees into giving away their login credentials. Then, they used that information to sneak into the company network, map out the endpoints, and steal even more data.
Usual phishing topics
Once enough data was collected, the attackers then used it against Twilio users and employees. The company said that recently, both current and former employees started getting text messages, seemingly from the company’s IT department. The threat actors are able to match employee names from sources with their phone numbers, which Twilio describes as a “sophisticated” move.
These messages are all the usual phishing topics, from expired passwords, to changed schedules, and anything else that might trick the user into clicking the provided URL right away.
Furthermore, the URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick people into believing the link was legitimate.
The texts came from U.S. carrier networks, Twilio further said. Jointly, they managed to shut the bad actors down, after which the company reached out to the hosting providers serving the malicious URLs, and had those terminated, as well. Twilio is not the only victim here, too. Other companies, it was said, were subject to similar attacks, prompting all victims to join forces.
“Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks,” the company concluded.