Don’t click on that Twilio message - it could be a scam
Twilio confirms it was compromised and user data stolen
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
If you get an “urgent” message fromTwilio, be extra careful, as it’s most likely a scam aiming to trick you into giving away sensitive data, or hard-earned money.
This warning was sent out by the company itself, confirming it suffered a recent data breach with attackers using thestolendata to attack its customers.
Twilioy says it doesn’t know just yet who the perpetrators are, but it did describe them as “well-organized, sophisticated and methodical in their actions”. Whoever it was, they first tricked a couple of Twilio employees into giving away their login credentials. Then, they used that information to sneak into the company network, map out theendpoints, and steal even more data.
Usual phishing topics
Once enough data was collected, the attackers then used it against Twilio users and employees. The company said that recently, both current and former employees started getting text messages, seemingly from the company’s IT department. The threat actors are able to match employee names from sources with their phone numbers, which Twilio describes as a “sophisticated” move.
These messages are all the usual phishing topics, from expired passwords, to changed schedules, and anything else that might trick the user into clicking the provided URL right away.
Hackers are using this classic technique to hijack Microsoft 365 accounts>This Facebook Messenger phishing scam may have trapped millions of users>Remove viruses and ransomware with the best malware protection services right now
Furthermore, the URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick people into believing the link was legitimate.
The texts came from U.S. carrier networks, Twilio further said. Jointly, they managed to shut the bad actors down, after which the company reached out to the hosting providers serving the malicious URLs, and had those terminated, as well. Twilio is not the only victim here, too. Other companies, it was said, were subject to similar attacks, prompting all victims to join forces.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks,” the company concluded.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
