Twilio staff fell for phishing texts claiming to be from IT division

Twilio staff fell for a text-based phishing rip-off final week, responding to messages purporting to be from the corporate’s IT division that compromised their credentials and led to the theft of buyer information.

It is the newest instance of employees members being tricked into giving up their usernames and passwords, leading to information theft.

Twilio, which makes a messaging platform utilized by advertising and marketing departments for its skill to combine with Fb Messenger, WhatsApp, SMS, voice, e-mail and extra, stated a “restricted” variety of buyer accounts had been compromised.

Nonetheless, it is a blow to an organization that counts giant multinational firms amongst its purchasers.

Szilveszter Szebeni, CISO and co-founder of Tresorit, a European encryption-based safety software program firm, stated that whereas steady phishing exams of staff are the least organizations ought to do to guard themselves, companies aren’t even protected with two-factor authentication. With a focused assault, even 2FA-protected accounts may be hacked by stealing a session utilizing a faux web site. “The actual resolution for the business is to cease utilizing password,” he stated, “Sadly, the business would not help it in all use circumstances.”

Associated Content material: Profitable Phishing Assaults in 2021

In an announcement, Twilio stated on August 4 that it turned conscious of the unauthorized entry to its data. Present and former staff reported receiving textual content messages purporting to be from Twilio’s IT division. Typical messages instructed that staff’ passwords had expired or their schedule had modified and so they wanted to log in at a offered URL. The URLs used phrases like “Twilio”, “Okta”, and “SSO” to attempt to trick customers into clicking a hyperlink that took them to a touchdown web page that masqueraded because the login web page by Twilio. Textual content messages originated on US service networks. These URLs had been managed by the attacker.

(An instance of a phishing textual content message despatched to a Twilio worker)

“Risk actors appeared to have refined talents to match the names of the sources’ staff to their cellphone quantity,” Twilio added.

Victims who clicked the hyperlink and entered their credentials had their username and password stolen. The attackers then used the stolen credentials to realize entry to a few of Twilio’s inside programs.

“We have now heard from different firms that had been additionally focused by related assaults and have coordinated our response to risk actors,” Twilio stated, “together with working with carriers to cease malicious messages, in addition to their registrars. and internet hosting suppliers to close down malicious URLs. Regardless of this response, risk actors have continued to rotate between carriers and internet hosting suppliers to renew their assaults.”

Twilio has revoked entry to compromised worker accounts. It has additionally “re-emphasized our safety coaching to make sure staff are on excessive alert for social engineering assaults, and has issued safety advisories in regards to the particular techniques being utilized by malicious actors since they began appearing a number of weeks in the past. We have now additionally instituted extra necessary consciousness coaching on social engineering assaults in current weeks. Individually, we’re inspecting extra technical precautions because the investigation progresses.”