I’m posting here to ask for advice and see if anyone has experienced something similar. What happened (timeline): - We have a GoHighLevel form on our website - Fields: Name, Email, Phone NumberCTA: “Enter your phone number and test our AI – receive a call” - In a very short time window, the form received 300+ submissions (see screenshot) - Submissions used different names, emails, and phone numbers - We strongly believe this was automated bot traffic, not real users Important context (this is key): - We had already blocked all high-risk countries (India, Nigeria, Pakistan, etc.) - Outbound calling was restricted only to “safe” countries: - 🇬🇧 United Kingdom (+44)🇺🇸 United States (+1)🇦🇺 Australia (+61) - The attacker specifically used UK numbers (+44)→ This allowed every call to pass country filters→ And made the attack extremely expensive The impact: - Our AI workflow automatically triggered outbound calls via Twilio - Many calls: - Were successfully connectedLasted 20–30+ minutes - Result: - Hundreds / thousands of Twilio minutes consumedSignificant unexpected cost on our Twilio account - Twilio later flagged this as suspicious outbound activity to UK prefixes and blocked it - Unfortunately, this happened after the spend already occurred What makes this confusing: - We listened to multiple call recordings - The calls connect to a pre-recorded destination - There’s no obvious scam benefit: - No upsellNo verification abuseNo chargebacks - It feels more like: - Intentional cost-draining abuseOr a targeted troll attack Evidence: - GHL form submissions showing 300+ entries - Twilio logs showing: - Repeated calls to similar UK prefixesLong call durations - Sample call recording (pre-recorded destination):👉 https://dxc03zgurdly9.cloudfront.net/b8473a15576e7c695d7b8883d8daf130b66f267c6b52808c4d8939678d1f0be2/recording.wav