Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio.
The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful.
The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to deceive the employees into handing over their credentials.
Cloudflare said three of its employees fell for the phishing scheme, but noted that it was able to prevent its internal systems from being breached through the use of FIDO2-compliant physical security keys required to access its applications.
