Users embrace VOIP, Phishers included

Just as VOIP is beginning to take off, fraudsters are embracing the medium as a tool for money conversion. Using caller ID spoofing, scammers are blasting VOIP voicemails and foiling verfication of wire tranfer instructions. But that is not all.

This article has an anti-VOIP ring to it (pun intended), but it outlines some the issue (suspect or not) – Scam artists dial for dollars on Internet phones.

The new game in town seems to be spitting. SPIT, short for Spam over Internet Telephony, is a process where VOIP dialers tune their systems to dial large numbers of voicemail systems to leave messages. This is news to me, and something I don’t think needs worrying about if you are debating the switch from traditional service to VOIP. Reason: what is easily hacked is usually easily patched, and I suspect the bright folks at places like Vonage and Lingo are on it.

We have known for a while that services such as Western Union are a haven for scammers. There are “do not use” warnings on a lot of major ecommerce sites. So it doesn’t surprise me that they have been trounced by fraud once again.

I also was not surprised to hear that collection agencies are using spoofing tactics to get people to pick up the phone. The only comment I have there is..”Isn’t that illegal?” If a collection agent ever called me from a spoofed number (they don’t, as I pay my bills), I would report them to the FCC, and you should too.

But the idea that thieves are using caller ID spoofing for identity theft seems a little far fetched to me, kind of like the rumor that camera phones were being used to snap picture of people’s PINs at ATMs (an article from the Orlando Sentinel some time ago outlined this, but I can’t link to it because I couldn’t find it again – the folks in Florida likely found the idea so stupid after they published it, that they removed it from their archive). Some amount of social engineering would likely have to take place in advance, such as noting that the phone number target banks at a certain institution. There is some other hole here that is enabling scammers in the first place. And, the whole process still preys on the gullibility of the person at the receiving end of that call, something that no telephony security measure is ever going to prevent.

The conclusion reached from this latest news is that it is a poorly researched piece, loaded with FUD, but could be a precursor to issues that lie ahead. The lesson to be learned is an old one – don’t give out your personal account information to anyone, period. Your financial institutions already have that information – they don’t need you to tell it to them. And don’t use Western Union.

Wow, that was tough.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.