posted                   

quote:

---

Voice-Over-Internet Services Beginning To Spawn Criminal Activity Aimed At Small Firms


To the ever expanding list of frauds being committed against small firms, even their Voice Over Internet (VOIP) is subject to criminal activity.

Smaller firms are finding out that some VOIP providers are really sham operations. In an eerie replay of the early days of DSL connections, some enterprising villains are using the newness of VOIP to snare smaller enterprises.

The most common crimes are selling cheap VOIP services utilizing “hacked” offerings and pocketing the funds. This approach leaves the small business vulnerable to having to pay twice and penalties.

In turn, this process leaves the small business open to becoming an unwitting “server” for other firms as the hacker turns the company’s computers into servers. There is ample evidence that these stings are growing.

According to InformationWeek, the owner of two Miami VoIP companies was arrested recently and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. Prosecutors say Edward Pena was able to collect fees from customers while stealing the infrastructure from other companies. It was the electronic equivalent of eating at a restaurant and sticking somebody else with the check. But the victim companies were stuck paying for a big meal—they were charged more than $300,000 for connectivity to the Internet backbone.

Researchers at security companies describe how attackers might use VoIP to hijack calls made by customers to companies and trick customers into giving up their credit card numbers.

The VoIP Security Alliance warns that VoIP networks are susceptible to denial-of-service attacks the way IP networks are and traditional phone networks aren't. Unencrypted VoIP calls can easily be eavesdropped on. VoIPSA warns about spam over IP telephony (new acronym for your files: SPIT). And VoIP permits callers to easily change their Caller ID information, so criminals can identify themselves as being from legitimate companies and trick consumers into giving out credit card numbers and account numbers.

VoIPSA also provides tips on how to secure your VoIP network. One security vendor, Cloudmark, has about a scheme whereby grifters sent e-mail spam asking users to call a bank switchboard. The attackers used a computer and VoIP service to set up a voice line that sounded like the bank's normal voice-operated service.

Longtime Internet users will remember that's how spam, phishing, and e-mail viruses started—a little at a time. Now we get hundreds of spam, phishing messages, and e-mail viruses every day, and these attacks have created huge problems on the Internet a couple of times. As VoIP grows more popular among both consumers and businesses, the threat has the potential to grow as large as e-mail-borne attacks.

Small firms in particular need to warn employees about these problems and reduce the chances of this happening to them by severely restricting the ability of staff to participate in them.

---