Researchers at security companies describe how attackers might use VoIP to hijack calls made by customers to companies and trick customers into giving up their credit card numbers.
The VoIP Security Alliance warns that VoIP networks are susceptible to denial-of-service attacks the way IP networks are and traditional phone networks aren't. Unencrypted VoIP calls can easily be eavesdropped on. VOIPSA warns about spam over IP telephony (new acronym for your files: SPIT). And VoIP permits callers to easily change their Caller ID information, so criminals can identify themselves as being from legitimate companies and trick consumers into giving out credit card numbers and account numbers.
VOIPSA also provides tips on how to secure your VoIP network.
Security vendor Cloudmark warned in April about a scheme whereby grifters sent e-mail spam asking users to call a bank switchboard. The attackers used a computer and VoIP service to set up a voice line that sounded like the bank's normal voice-operated service.
So far, these attacks have been coming in at a trickle, by onesies and twosies. But longtime Internet users will remember that's how spam, phishing, and e-mail viruses started--a little at a time. Now we get hundreds of spam, phishing messages, and e-mail viruses every day, and these attacks have created huge problems on the Internet a couple of times. As VoIP grows more popular among both consumers and businesses, the threat has the potential to grow as large as e-mail-borne attacks.
Let's take precautions now so that the threat stays small.
What do you think? Are VoIP threats significant? What should we do about them?