Daily Twilio OTP attacks, why, just why?

Question

We're experiencing daily twilio OTP attacks that create accounts. We block IPs and have throttled rate of account creation. But other than running up our bills (~$10 / day) I don't understand what they gain from this. Why are they doing this? What am I missing?

tripue · Accepted Answer

They often take a share of the revenue from those attacks through iprn number or other fraud schemes

Raed667 · Answer

If your business is local, maybe limit the accepted numbers to a specific area or country.
Otherwise try to understand if they're automating account creation or are they doing it manually? maybe a captcha/turnstile during sing-up can slow them down?
Anyway, Twillio really dropped the ball on this problem, but why should they care as long as it keeps making them money?