Viewing a single comment thread. View all comments

despitegirls t1_j6guslm wrote

I forget which service I used but it was a free reverse lookup that listed the provider as Twilio.

Edit: This site is a lookup for 800 numbers that I've used: https://www.800forall.com/SearchWhoOwns.aspx

45

crank1000 t1_j6h9bhv wrote

I don’t understand. How did looking up your ceo’s phone number result in linking it to twilio?

24

Greggers42 t1_j6hqlf6 wrote

Our company has 800 employees and half can be fooled by spoof attempts were the email being spoofed is “<corporate persons first initial and last name>@gmail.com” where our domain email is completely missing and replaced with a gmail account. When we explain what phishing is, we get replies like, “but they said they were this person. Here, I’ll forward you the email so you can read it!” 🤦🏼‍♂️

Spoofing doesn’t have to be good, it just has to work.

26

okvrdz t1_j6i0ivw wrote

Granted that the email spoof is true, crank100 was asking about the tracing of the CEO’s number. Which is what the previous user mentioned as tracing it back to Twilio. That question remains unanswered AFAIK.

5

Greggers42 t1_j6i6ew5 wrote

Most companies don’t hand out CEO’s cellphone. So a late night text that ID’s itself as your boss and ask for info is not hard and doesn’t require the amount of suggested work earlier post have given regarding changing the caller ID, etc. Not saying that’s what happened, but having seen this done as well, and amaze me people fell for it, I can see this being an option.

1

okvrdz t1_j6i7m8b wrote

Yes those are all clues on how to detect a possible spoof text. Yet, what some of us want to know is how tracing back a spoofed number that displays a valid existing number, results in determining that the text originated from Twilo. How does it make that distinction?

3

Greggers42 t1_j6i8o3b wrote

The poster has corrected it to say there were two numbers. Which seems more sus to me but I’ll give the benefit. Personally, I’ve heard the term spoofed number to apply to any number being used in a spoof attempt. Not necessarily the actual number, so that was where I was going with the forgiveness of the explanation.

4

WhatTheZuck420 t1_j6hxfkc wrote

>Spoofing doesn’t have to be good, it just has to work.

correct. spoofing is what they are doing

being spoofed is what your employees are doing

−4

typing t1_j6hydh9 wrote

I thought just the CEO was being spoofed, or the real/fake employee. The target employees are being phished.

4

[deleted] t1_j6hjarf wrote

Spoofing can involve setting up a phone (or email) to look as if it came from someone you know. It's not always stealing their exact phone number or email address.

The number/email itself would be different, but the name and location will show up on the caller ID or in the address book as the person whose identity is being used.

8

despitegirls t1_j6i0vks wrote

Read my correction above. I traced the non-spoofed number.

3