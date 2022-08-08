ContributorsPublishersAdvertisers
Public Safety

Don't click on that Twilio message - it could be a scam

By Sead Fadilpašić
TechRadar
TechRadar
 2 days ago
(Image credit: Vektor Illustration/Shutterstock)

If you get an “urgent” message from Twilio (opens in new tab), be extra careful, as it’s most likely a scam aiming to trick you into giving away sensitive data, or hard-earned money.

This warning was sent out by the company itself, confirming it suffered a recent data breach with attackers using the stolen (opens in new tab) data to attack its customers.

Twilioy says it doesn’t know just yet who the perpetrators are, but it did describe them as “well-organized, sophisticated and methodical in their actions”. Whoever it was, they first tricked a couple of Twilio employees into giving away their login credentials. Then, they used that information to sneak into the company network, map out the endpoints, and steal even more data.

Usual phishing topics

Once enough data was collected, the attackers then used it against Twilio users and employees. The company said that recently, both current and former employees started getting text messages, seemingly from the company’s IT department. The threat actors are able to match employee names from sources with their phone numbers, which Twilio describes as a “sophisticated” move.

These messages are all the usual phishing topics, from expired passwords, to changed schedules, and anything else that might trick the user into clicking the provided URL right away.

Furthermore, the URLs used words including "Twilio," "Okta," and "SSO" to try and trick people into believing the link was legitimate.

The texts came from U.S. carrier networks, Twilio further said. Jointly, they managed to shut the bad actors down, after which the company reached out to the hosting providers serving the malicious URLs, and had those terminated, as well. Twilio is not the only victim here, too. Other companies, it was said, were subject to similar attacks, prompting all victims to join forces.

“Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks,” the company concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Public Safety
laptopmag.com

17 innocent-looking Android apps are stealing banking credentials — delete them before you're next

Your banking credentials aren't safe, according to Trend Micro (opens in new tab) research, especially if you have one of the malware-infested apps they've discovered in their cybersecurity report. These Google Play Store apps appear to be innocuous, but they are injected with banking trojans and behind users' backs, they're collecting sensitive information, including banking details, passwords, emails, texts, and more.
PERSONAL FINANCE
TechRadar

Why VPN no longer has a place in a secure work environment

Remote work (opens in new tab) is the new way of working and that’s not going away. In fact, according to 2022 research from Envoy, a workplace platform that helps teams manage hybrid work, more than 55% of employees surveyed in the UK say they’d look for a new job if their employer didn’t offer hybrid work. In light of this shift in the workforce, companies need to make sure their employees can easily, reliably, and securely access the data and applications (opens in new tab) they need to be productive from anywhere.
INTERNET
Business Insider

How to delete a Facebook group on desktop or mobile

To delete a Facebook group, the owner has to remove every member and then leave the group. Only owners are able to delete Facebook groups — admins can just archive them. Archiving a Facebook group means that no new members will be able to join. Facebook group owners can...
INTERNET
Digital Trends

Hackers have found a way to log into your Microsoft email account

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group. The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks. As reported...
TECHNOLOGY
BBC

Meta's chatbot says the company 'exploits people'

Meta's new prototype chatbot has told the BBC that Mark Zuckerberg exploits its users for money. Meta says the chatbot uses artificial intelligence and can chat on "nearly any topic". Asked what the chatbot thought of the company's CEO and founder, it replied "our country is divided and he didn't...
INTERNET
TechRadar

Picktime review

We consider Picktime one of the best appointment scheduling apps for every business. The company behind Picktime (opens in new tab) is headquartered in Austin, Texas, USA. It was founded in 2018 as an alternative appointment scheduling solution for enterprises in an already-crowded market. So far, it has attracted over 1 million users from 100+ countries.
INTERNET
TechRadar

Google Workspace wants to make sure hackers don't get into your juicy files

Google Workspace has announced it is upping the ante in its fight against hackers with increased security measures for its business-oriented accounts. In order to protect users against hijacking attacks which “can have far reaching consequences for the account owner or the organization it belongs to,” Google is introducing a new evaluation step that will request additional verification if an action is deemed “risky.”
INTERNET
TechRadar

TechRadar

