Archive for March 2007

VOIPSA releases a list of security tools

March 14, 2007

The folks over at VOIPSA today just released a comprehensive list of security tools. Quite a few of the tools referenced are the tools that we wrote for our book. It’s great to see the industry getting together to make these types of resources available. Kudos to VOIPSA!

Advertisements

New VoIP Phishing Scheme

March 8, 2007

Brian Krebs from the Washington Post reports on a new VoIP Phishing (Vishing) scheme targeting Bank of America customers. The scam appears as an official looking Bank of America email and tries to convince the victim to dial a toll free number to sort out some account problems. Once the victim dials that number, they’re prompted to enter in their account number and secret pin number. The evil doers are then able to easily access the bogus system and reconstruct all of the numbers you entered. Much like how traditional email phishing attacks flourished in the last couple of years, I absolutely believe that VoIP Phishing scams will skyrocket this year.

For some background, there was a compelling presentation at last year’s BlackHat security conference by Jay Schulman, entitled Phishing with Asterisk (PDF). In his presentation, Jay showed how easy it was for attackers to use Asterisk PBX to set up a spoofed banking automated attendant and route all calls to a toll free number through to that PBX. Additionally, we devoted an entire chapter to VoIP Phishing in our book, Hacking Exposed: VoIP.

We’ve included a snapshot below of one of the first VoIP Phishing emails targeting PayPal that emerged last year that we showcased in our book. Click on it to see the larger image.