Twilio employees tricked in phishing attack

San Francisco-based company says customer accounts were hacked

Twilio employees tricked in phishing attack

In another reminder that there’s never enough cybersecurity training for your employees, Twilio has announced that it was hacked last week.

According to the San Francisco-based company, several employees were tricked into handing over their credentials, granting access to the communications giant’s internal systems. The attack used SMS phishing messages supposedly sent from Twilio’s IT department, informing employees that their password had expired or that that their schedule has changed.

Read more: How to integrate new team members following acquisition

The messages instructed employees to log in from a URL that the scammer controls, which contained words like “Twilio,” “Okta” and “SSO” to lure employees into clicking on a link taking them to a landing page that impersonated Twilio’s sign-in page. Additionally, the scammers were able to match employee names from sources with their phone numbers, which Twilio called “sophisticated abilities.”

The company says it worked with carrier networks in the United States to shut down the scammers and worked with the hosting providers serving the malicious URLs to shut those accounts down, too.

“Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks,” Twilio’s blog post said. “Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions.”

Since the phishing attack, Twilio has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on “high alert” for social engineering attacks. The company has also been contacting affected customers on an individual basis. Twilio has more than 150,000 customers, including Facebook and Uber.

The same hacker also set up phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, TechCrunch reported.

Nearly one in three (30%) employees don’t think they personally play a role in maintaining their company’s cybersecurity posture, according to new research from San Francisco-based email security company Tessian.

Furthermore, only 39% of employees say they’re “very likely” to report a security incident. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% said they just don’t care enough about cybersecurity to mention it. Obviously, that makes investigation and remediation even more challenging and time-consuming for security teams.

Virtually all IT and security leaders (99%) agreed that a strong security culture is important in maintaining a company’s cybersecurity posture. Yet, despite rating their organization’s security 8 out 10, on average, 75% of organizations experienced a security incident in the last 12 months. 

“Everyone in an organization needs to understand how their work helps keep their coworkers and company secure,” Kim Burton, head of trust and compliance at Tessian, said in a press release. “To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work.”