Twilio employees fell for phishing texts claiming to be from IT department

Share post:

Employees at Twilio fell for a text-based phishing scam last week, responding to messages pretending to be from the company’s IT department that compromised their credentials and led to the theft of customer data. It’s the latest example of staff members being tricked into giving away their user names and passwords, resulting in data theft. Twilio, which makes a messaging platform used by marketing departments for its ability to integrate with Facebook Messenger, WhatsApp, SMS, voice, email, and more, said a “limited” number of customer accounts were compromised. Still, it’s a blow to a company that counts huge multinational corporations as its customers. Szilveszter Szebeni, CISO and co-founder at Tresorit, a European encryption-based security software company, said that while continuous phishing testing of employees is the minimum organizations should do for protection, companies are not even safe using two-factor authentication. With a targeted attack, even accounts protected by 2FA can be hacked by stealing a session using a fake website. “The real solution for the industry is to go password-less,” he said, “Unfortunately the industry does not support it in every use case.” Related content: Successful phishing attacks up in 2021 In a statement, Twilio said on August 4th it became aware of unauthorized access to its information. Current and former employees reported receiving text messages purporting to be from Twilio’s  IT department. Typical messages suggested that the employee’s passwords had expired, or that their schedule had changed, and that they needed to log in to a supplied URL. The URLs used words including “Twilio,” “Okta,” and “SSO” to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page. The text messages originated from U.S. carrier networks. Those URLs were controlled by the attacker. example phishing message 1 (An example of a phishing text sent to a Twilio employee) “The threat actors seemed to have sophisticated abilities to match employee names from sources with their phone number,” Twilio added. Victims who clicked on the link and entered their credentials had the username and password stolen. The attackers then used the stolen credentials to gain access to some of Twilio’s internal systems. “We have heard from other companies that they, too, were subject to similar attacks, and have co-ordinated our response to the threat actors,” Twilio said, “including collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs. Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks.” Twilio has revoked access to the compromised employee accounts. it has also  “re-emphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago. We have also instituted additional mandatory awareness training on social engineering attacks in recent weeks. Separately, we are examining additional technical precautions as the investigation progresses.” The post Twilio employees fell for phishing texts claiming to be from IT department first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways