Fraud messages were sent by my Twilio number - twilio

I am a big fan of Twilio and I love to use Twilio
Since a month ago, some unexpected things occurred on my Twilio account,
Fraud messages were sent by my Twilio number around 4 times so far,
Every time, the fraud happened, Twilio suspended my account to ask me to investigate this fraud,
I tried to find something wrong with me, but I wasn't able to find what is wrong here
I never shared my credentials, but fraud messages were sent by my Twilio number.
Here is a number of things I want to mention
Only one number was used for each time
I released the numbers used for fraud when I found the fraud, but another number was used for the fraud again
3,000 fraud messages were sent at once
The fraud messages were related to some other services like Amazon ads, Apple ads, etc.
What I think
I don't think someone hacked my account and send this fraud message using my Twilio number since only one number is used for this Fraud
Maybe these numbers are shared by other VoIP services, meaning two services are using one number at the same time
I want to know
if someone could send messages using my number without auth token and account sid on Twilio?
if Twilio doesn't know how to prevent this fraud?
if anyone else has this experience on Twilio?
what is the best and secure service for SMS, I am considering Telnyx, any idea?
Thanks in advance

Related

Restrict outgoing Twilio SMS messages to Verified Caller IDs

By default, Twilio trial accounts can only send SMS to numbers that are listed as Verified Caller IDs in the Twilio console. These numbers have to be added manually, and require a verification message before they can receive SMS. This is an excellent feature for development, as it prevents accidentally sending SMS to wrong numbers.
My problem, is that I am developing for a client whose account is already out of trial status. I don't want the software in development to be able to send text messages to any number, because there is a risk of sending dev messages to the client's actual customers. However, we need to be able to send to some numbers for testing. Is there any way to turn the trial behavior back on? That is, can we somehow configure Twilio to only allow sending SMS to verfied numbers, even if it is not a trial account?
If this isn't possible, I think I can query the Outgoing Caller IDs resource from my program to verify the recipient number against the list before sending. However, this puts the responsibility back on my development team, and the possibility for mistakes remains. I'd like to be able to block the behavior at the Twilio level.
This behavior is only applied for trial accounts, however I'll pass this feedback on internally.
You'll need to replicate this behavior yourself for your applications using an upgraded account.
As you mentioned, you can query the Outgoing Caller IDs to get the phone numbers you have already verified with Twilio and use that as an accept list.
However, for your use case, you can store and fetch the accept list using whatever way is most convenient for you, like in code, file, database, etc.
Depending on your needs, you could embed this logic directly into your app, or use a single shared library, or create a web API that all other apps have to use to send texts.
Good luck! We can't wait to see what you build!
Update after getting internal feedback.
You can create a new trial account, even with the same Twilio profile, which would give you promotional credits and the same verified Caller ID limits again.
The promotional credit should last you a long time for test scenarios.

I'm unable to use a Twilio phone number for Apple Two Factor authentication

I am trying to use a Twilio phone number for Apple's two factor authentication, but when I set up the phone number on Apple's site the initial verification SMS is never received by the Twilio number. I have confirmed that Apple is able to send the text to a Google Voice number. I have also confirmed with Apple support that the message sent is a standard SMS. Is there something on Twilio's side preventing receiving the message?
This is actually by design. By default, Twilio long code numbers can't receive SMS messages from short code numbers. Look for the section titled "Are you expecting to receive SMS from a short code?" at the following link. https://support.twilio.com/hc/en-us/articles/223133447-Not-Receiving-Incoming-SMS-and-MMS-Messages-on-Twilio-Phone-Number
When I asked this question the functionality wasn't available at all, but now the feature can be requested. There are caveats. https://support.twilio.com/hc/en-us/articles/223181668-Can-Twilio-numbers-receive-SMS-from-a-short-code-
As a followup to ryechus' answer, I requested this functionality and was still not able to receive 2fa codes from apple in Twilio. Their support said:
the unfortunate limitation you're likely facing is that I have know
Apple to prevent verification codes from being sent to virtual phone
numbers.
Some services review the offered number and only send verification SMS
to phone numbers associated with genuine handsets as a measure to
protect against fraud.
Unfortunately, regardless of the Twilio configuration, in my
experience Apple will not delivery verification messages to Twilio.
Interestingly, it does work with google voice.

Does Twilio allow people to send a text message to a twilio account free of charge?

I was wondering if its possible to allow people to text to a twilio number without charging them sms charges by their carrier? So, for each text message that is sent to a twilio phone number, I will cover the cost. Basically, free or charge text messaging for users to a specific twilio number.
Twilio developer evangelist here.
We support incoming SMS messages on toll free numbers in certain countries, so yes!
I recommend opening up the advanced search in the phone number console and checking the boxes for toll free and SMS.

Twilio Trial SMS 'from' number different from the assigned number

I have got a trial account on Twilio with a free number. When I send an SMS through the Rest API I do receive the SMS, but from a different number than the one I have been assigned.
Is this so because of the trial? Will it be fixed when I upgrade my account?
I need the users to be able to reply back with the message to the same number they received the SMS from.
Twilio developer evangelist here.
My guess is that you are sending messages to a country that doesn't support maintaining the original sender ID. I see from your profile that you're from Pakistan, you can check out the guidelines for sending SMS to Pakistan here.
As you can see from the support table, we can't guarantee that your Long Code (that is the phone number) sender ID is preserved and Two Way SMS is not supported.
So, this is not due to your trial account, but limitations with sending SMS messages into Pakistan.

What is the deal with Twilio and International SMS?

I've been working with Twilio to program SMS functionality on my app, and it seems that Twilio works best with US numbers and not so well with international numbers. I've done some research and have learned about an August 16th fiasco that resulted inthe SMS functionality being shut off by Twilio. Also through testing I have learned that some international carriers are not supported by Twilio. So some of my friends abroad aren't receiving my Twilio SMS messages.
Can anyone provide further insight into this issue? Is international SMS well supported by Twilio? If not, how many carriers and which ones ARE supported? Finally is there a better SMS service provider that can guarantee full support for all if not the more prevalent carriers internationally?
Thanks for the support everyone and any clarification on this issue.
Good questions all - this information can be kind of hard to find on our website right now. If I'm picking up what you're putting down correctly, you're curious what kind of availability Twilio SMS has internationally and what the deliverability is like.
The matrix on what kind of Twilio service is available where can get a little complicated (which we have here a little buried in our FAQ: http://www.twilio.com/help/faq/phone-numbers/which-countries-does-twilio-have-phone-numbers-in-and-what-are-their-capabilities), but for SMS it breaks down like this:
Twilio phone numbers that can send and receive SMS are available in the US, Canada and the UK.
US and Canadian numbers can send and receive to 190 countries to over 1,000 carriers. To see what the pricing for each country and carrier per message, check out this page: https://www.twilio.com/sms/pricing
UK numbers can currently send and receive SMS reliably within the UK. As the numbers themselves are geographic, some international carriers do not allow messages to be sent or received to them. This might be a possible root cause for some of the deliverability issues you experienced.
All other phone numbers we make available in other countries only have support for Twilio Voice - these numbers cannot send or receive SMS at all.
I'm not aware of any SMS related incident on 16 August, though we did have intermittent service interruption the week before on 9 August lasting a little under 90 minutes. For future reference, we communicate all our service issues on an independently hosted status board here: http://status.twilio.com/ Any issue, root cause and resolution are posted there for your review.
Finally, if you have a specific question about a number, deliverability to a particular carrier or handset, or would just like to share a cool hack, I definitely encourage you to engage one-on-one with our support crew at help#twilio.com or come meet one of my fellow developer evangelists when you're out at a programming event. We'd love to see what you're working on and if there is anything we can do to help.
Thanks Kev!
Rob - devangel at Twilio
I have a slightly different issue, but my discussion of the problem addresses some of the questions here. In essence, if you want to SMS internationally without upgrading, your limitation is that you can only text to numbers that have been manually verified through this website. You have to log in, use a US phone number, and then "Verify" your international numbers. By upgrading your account you no longer have to manually verify each number.
Twilio is very strong in USA, however, you may try to use several SMS suppliers for delivery of your messages internationally. Also, if you would like to test a delivery of your messages to a certain country where you do not have a testing mobile phone number, you can send it on telqtest.com testing numbers.

Resources