The exposure of millions of users’ phone numbers in the recent breach of Twilio’s 2FA app, Authy, has serious implications for users, who are now at a significantly heightened risk of phishing attacks and SIM swapping, endangering their privacy and security.
It’s important for users to be vigilant and learn the signs of phishing attacks in order to prevent falling victim to them.
#1 Urgent language: Phishing attempts will often contain language that displays a sense of urgency. This is because the cybercriminal wants the targeted victim to act as quickly as possible so they don’t second-guess themselves when sending their personal information.
#2: Discrepancies in email addresses and domain names: Another indicator is if an email claiming to be from a boss, coworker or company, has an email address and domain name that doesn’t match who they claim to be. The email or web address may have a subtle difference, such as an o replaced with a 0 or .com replaced with .net.
#3 Requests for personal information: Sudden requests for personal information are also a common phishing attempt indicator. If you receive an email, text message or phone call from an unknown number claiming to be a company or someone you know, think twice before giving out your personal information– especially if you weren’t the one who initiated the conversation.
#4 Misspellings and grammatical errors: Another common sign of a phishing attempt is when the message includes misspellings and grammatical errors. Before companies send out emails to customers, they go through multiple rounds of reviews to ensure there are no errors. If you receive an email claiming to be a company or individual and you notice errors, it’s best to not click on anything in the email because it could be a phishing attempt.
Authy users should consider investing in a secure password manager, which can store all of their passwords and sensitive information, including authorization codes. A password manager generates and autofills the codes, which simplifies the two-factor authentication process and negates the need for a standalone authenticator app. A password manager also provides a built-in warning about phishing sites. The password manager saves the web address with your login, so if your information does not autofill, that means you’re not on the authentic website.