A massive phishing effort targeted over 130 businesses, including Twilio and Signal

The phishing campaign’s targets were given text messages that pointed them to a phishing site. According to the Group-IB assessment, “from the victim’s perspective, the phishing site seems fairly convincing since it is quite similar to the login screen they are accustomed to seeing.” Victims were prompted to provide their login, password, and two-factor authentication code. This data was then sent to the attackers.

Surprisingly, Group-study IB’s indicates that the attackers were unskilled. “The phishing kit was improperly constructed, and the manner it was built allowed for the extraction of stolen credentials for additional study,” said Roberto Martinez, a senior threat intelligence analyst at Group-IB.