Checking it twice: How to spot a fake in your inbox and stay safe this holiday season

With the holiday season just around the corner, we know businesses are busier than ever connecting with their customers. It’s an exciting time of the year, but with all that digital traffic also comes more opportunities for fraud. Phishing campaigns targeting Twilio and SendGrid customers are on the rise, and we’re seeing scammers getting creative in their attempts to disguise themselves as us in your inbox.

These brand impersonation attempts can be convincing, but there are clear signs to watch for. In just a few minutes, we’ll help you learn how to recognize phishing attempts, check if an email is authentic, and protect your Twilio and Twilio SendGrid accounts. Whether you're managing API credentials, configuring webhooks, or accessing your Twilio Console, knowing what to look for will help you and your account stay secure.

How to spot brand impersonation and other suspicious messages

These days, phishing emails are designed to look like the real deal. Scammers will copy our logos and even clone our color palettes to make you lower your guard. They’re counting on you being in a hurry and they might use several tactics at once to make their phishing emails look legitimate, like:

• Fake sender addresses: Bad actors register domains that might look almost identical to ours at first glance. You might see things like “twilliio.com” (with two i’s). These domains are designed to pass a quick visual check but aren't actually from us.

• Copied branding: Our logos, color schemes, and email templates get stolen and reproduced in fraudulent messages. A professional-looking email with a Twilio logo doesn't guarantee authenticity. Always verify the sender and the domain name that the email came from. 

• Lookalike websites: Scammers create fake login pages that closely mimic our Console or SendGrid interface. The URLs might be just one or two characters different from the real thing, making them easy to miss if you're not paying close attention.

• Urgent or threatening language: Phishing emails often create artificial pressure with messages like “Your account will be suspended in 24 hours!” or “Immediate action required to prevent account closure!” This urgency is intentional and it's designed to make you act quickly without thinking about what you're clicking.

Pro tip: In most email apps, you can click, tap, or hover over the sender name to check if the email did actually come from a legitimate sender. If you receive any messages that look or feel suspicious, please forward them to the Twilio Fraud team at fraud@twilio.com and we'll investigate.

What Twilio will never ask you to do

Here's a good rule of thumb: If someone claiming to be from Twilio asks for any of the following, it's a scam. No exceptions. So, just to be clear, Twilio will never ask you to:

• Share your password, 2FA codes, or recovery codes over the phone or via email.

• Provide API keys or Auth Tokens through unsecured channels.

• Make payments using gift cards, cryptocurrency, or any payment method you haven’t previously set up on your account. 

• Provide sensitive credentials in response to an inbound communication

What to do if you've already clicked a link or entered information

We know accidents happen, and the important thing is that you act quickly to lock things down. Here’s what we recommend doing to help keep your account secure if you’ve clicked a suspicious link or entered info on a website that just didn’t feel right.

If you suspect a slip-up, close the window or tab immediately and go straight to the real Twilio or SendGrid site to change your password. For Twilio accounts, consider updating passwords and rotating API keys for other users on your account. If you're a SendGrid account owner, we recommend updating passwords for your teammates as well. Remember that using unique passwords for each service is another layer in keeping your data protected, and if you haven’t already, this is also a good time to set up Two-Factor Authentication (2FA) on your Twilio or Twilio SendGrid account.

Once you’ve taken those steps, have a look at your account’s recent activity, like changes to your settings or API calls you didn't make. If you spot something concerning, reach out to our Twilio Help Center Assistant and we'll work with you to make sure your account is secure.

Here’s to a safe, fraud-free holiday season!