Operation n

I like this combo attack of vishing and phishing…

Cloudmark reports that would-be fraudsters are taking advantage of VoIP systems to develop more convincing attacks. One recent email scam, for example, poses as a notification from a recipient’s bank requesting that they ring customer services to deal with a problem.
“If the recipient makes the call, it gets routed to a cheap VoIP answering system, which may have been set-up on a compromised host,” explained Neil Cook, UK technology chief at Cloudmark. “The system captures the user ID and pincode to sell on to the highest bidder, who then has full access to your account. All the while the call seems very genuine. The reassurance of speaking to an individual rather than working online will lead to many instances of consumers falling foul to such threats.”

Going back to bits and bobs relating to VoIP. VoIP spam isn’t new at all. It dates back to 2004. Take Network World.

“While acknowledging that VoIP spam isn’t yet creating the headaches that traditional e-mail spam has, Qovia plans to develop a tool that blocks unwanted voice mail messages so when spammers begin blasting IP networks with multiple copies of a voice recording, administrators will be able to defend their users’ voice mailboxes, says Richard Tworek, CEO of Qovia. In late June the company filed a patent application for a method of detecting and blocking VoIP spam, and plans to release a tool to implement that technology by year-end.”

This begs the question isn’t the tool working properly? Or is it really closed shop? Or has VoIP spam attacks evolved?
More recently, I love the irony that one of the co-author’s of SIP was V-hacked!

“According to a report in the Guardian, hackers are increasingly targeting VoIP services, such as Skype, with SPam over Internet Telephony (spit) attacks. Ironically, hackers have attacked the VoIP system at Columbia University, where Henning Schulzrinne is professor of computer science. Professor Schulzrinne was the co-author of the protocol that VoIP runs on - session initiation protocol (SIP). SIP is used by most VoIP services, with the notable exception of Skype. The attack left unsolicited marketing messages on multiple phone extensions at the university. Professor Schulzrinne supports the view that VoIP is becoming a major target for spammers, especially with filters becoming more effective at blocking email spam.”

Check out sipera’s vulnerability links for more articles about VoIP.