Hi infosec professionals,
Based on this article, a few days ago "Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials".
What could be done better to prevent this from happening in the future? Which tools, techniques and solutions could help to avoid this from happening?
In case of sophisticated social engineering attack designed to steal employee credentials there is a need to pay attention regarding education of employee first and if not already in place apply Zero Trust approach by implementing OTP and using it as mandatory for all employees. Any technical solution is not good enough to avoid willing leak of employee credentials by themself.