One of the articles making the rounds today is a Techweb piece called "
Phishers Snare Victims with VoIP" which, frankly, seems mostly like a promotional piece for the security firm Cloudmark. That I can see, it really has next to NOTHING to do with VoIP.
The scenario is that phishers sent out a bogus email to people
asking them to call a phone number. When the victims called the number, they wound up in an interactive voice response (
IVR) system (as we do pretty much everywhere these days). The system prompted them to enter their account number and PIN and was set up identically to the way that the target bank's IVR system was set up. Victims enter personal data. Bingo, thieves get the data and clean out the bank accounts. Nice and simple.
Okay, so where's the VoIP?
Ummm... gee, according to the report, the phishers: a) used Asterisk; and b) might have used phone numbers (up to three!) provided by a VoIP service provider, which could be easily directed to the aforementioned Asterisk system.
So Asterisk was used instead of a "traditional" PBX and some VoIP service provided the numbers - THIS merits saying that the phishers "snared victims with VoIP"? Huh?
Sure, it was probably easier for the phishers to modify Asterisk's voicemail prompts - and sure, it was easy to get phone numbers - but it's the same old scam! Absolutely nothing new and unique other than being a bit easier for the phishers to set up.
Let's look at it in a different context - say a gang of thieves rob a bank and use a beat-up station wagon as their get-away car. The headline is probably going to read
"Local bank robbed by thieves"
Say they do it again, only this time they use a Ferrari as their get-away car. Should the headline now be?
"Local bank robbed by a Ferrari"
C'mon people, get a clue! The victims were NOT snared by VoIP. They were snared by an obviously well-written piece of spam and their own misplaced trust in the authenticity of email messages. THAT is what snared them. The fact that the crooks used VoIP is only a sidebar to the story.... just as mention of the Ferrari in my scenario above would only be a sidebar to the main point that the bank was robbed.
It's not a VoIP security issue... it is just a plain old human gullibility issue.
Tags: voip, voip security, voipsecurity
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
Previous