1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Don't click on that Twilio message - it could be a scam

    From TechnologyDaily@1337:1/100 to All on Mon Aug 8 17:15:04 2022
    Don't click on that Twilio message - it could be a scam

    Date:
    Mon, 08 Aug 2022 15:53:16 +0000

    Description:
    Twilio was compromised, and users are being targeted with phishing emails.

    FULL STORY ======================================================================

    If you get an urgent message from Twilio , be extra careful, as its most likely a scam aiming to trick you into giving away sensitive data, or hard-earned money.

    This warning was sent out by the company itself, confirming it suffered a recent data breach with attackers using the stolen data to attack its customers.

    Twilioy says it doesnt know just yet who the perpetrators are, but it did describe them as well-organized, sophisticated and methodical in their actions. Whoever it was, they first tricked a couple of Twilio employees into giving away their login credentials. Then, they used that information to
    sneak into the company network, map out the endpoints , and steal even more data. Usual phishing topics

    Once enough data was collected, the attackers then used it against Twilio users and employees. The company said that recently, both current and former employees started getting text messages, seemingly from the companys IT department. The threat actors are able to match employee names from sources with their phone numbers, which Twilio describes as a sophisticated move.

    These messages are all the usual phishing topics, from expired passwords, to changed schedules, and anything else that might trick the user into clicking the provided URL right away. Read more

    Hackers are using this classic technique to hijack Microsoft 365 accounts


    This Facebook Messenger phishing scam may have trapped millions of users


    Remove viruses and ransomware with the best malware protection services
    right now

    Furthermore, the URLs used words including "Twilio," "Okta," and "SSO" to try and trick people into believing the link was legitimate.

    The texts came from U.S. carrier networks, Twilio further said. Jointly, they managed to shut the bad actors down, after which the company reached out to the hosting providers serving the malicious URLs, and had those terminated,
    as well. Twilio is not the only victim here, too. Other companies, it was said, were subject to similar attacks, prompting all victims to join forces.

    Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks, the company
    concluded. These are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/dont-click-on-that-twilio-message-it-could-be-a -scam/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)