4d (edited) • 🐛 Questions
Attacked by Black Magic Scam - HELP 🥴🚨
I’m posting here to ask for advice and see if anyone has experienced something similar.
What happened (timeline):
- We have a GoHighLevel form on our website
- Fields: Name, Email, Phone NumberCTA: “Enter your phone number and test our AI – receive a call”
- In a very short time window, the form received 300+ submissions (see screenshot)
- Submissions used different names, emails, and phone numbers
- We strongly believe this was automated bot traffic, not real users
Important context (this is key):
- We had already blocked all high-risk countries (India, Nigeria, Pakistan, etc.)
- Outbound calling was restricted only to “safe” countries:
- 🇬🇧 United Kingdom (+44)🇺🇸 United States (+1)🇦🇺 Australia (+61)
- The attacker specifically used UK numbers (+44)→ This allowed every call to pass country filters→ And made the attack extremely expensive
The impact:
- Our AI workflow automatically triggered outbound calls via Twilio
- Many calls:
- Were successfully connectedLasted 20–30+ minutes
- Result:
- Hundreds / thousands of Twilio minutes consumedSignificant unexpected cost on our Twilio account
- Twilio later flagged this as suspicious outbound activity to UK prefixes and blocked it
- Unfortunately, this happened after the spend already occurred
What makes this confusing:
- We listened to multiple call recordings
- The calls connect to a pre-recorded destination
- There’s no obvious scam benefit:
- No upsellNo verification abuseNo chargebacks
- It feels more like:
- Intentional cost-draining abuseOr a targeted troll attack
Evidence:
- GHL form submissions showing 300+ entries
- Twilio logs showing:
- Repeated calls to similar UK prefixesLong call durations
- Sample call recording (pre-recorded destination):👉 https://dxc03zgurdly9.cloudfront.net/b8473a15576e7c695d7b8883d8daf130b66f267c6b52808c4d8939678d1f0be2/recording.wav
Questions :
- Why would someone do something like this? What the motive, what would benefits them? This really take a very skilled person to executed.
- Has anyone experienced bot abuse using “safe country” numbers?
- Is this a known Twilio cost-draining attack pattern?
- What are the best ways to protect call-triggered workflows?
- CAPTCHA before submission?Rate-limiting per IP / per phone?SMS or call verification before AI call?Delayed/manual approval for first call?
- Any Twilio + GHL hardening strategies you’d recommend?
1
3 comments
Attacked by Black Magic Scam - HELP 🥴🚨
skool.com/assistable
We give you the most dominantly unfair advantage in the agency space. The most installed GoHighLevel AI ever.
Leaderboard (30-day)
1
+48
2
+31
3
+25
4
+23
5
+13
Powered by