Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images)
There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication provider Twilio, content delivery network Cloudflare, and network equipment maker Cisco said phishers in possession of phone numbers belonging to employees and employee family members had tricked their employees into revealing their credentials. The phishers gained access to internal systems of Twilio and Cisco. Cloudflare’s hardware-based 2FA keys prevented the phishers from accessing its systems.
The phishers were persistent, methodical and had clearly done their homework. In one minute, at least 76 Cloudflare employees received text messages that used various ruses to trick them into logging into what they believed was their work account.