More Vishing Coverage: Voice-over-IP Under Fire?
Here is an IT obeserver article entitled Voice over IP under threat which talks about the potential problems of Voice-over-IP. The article describes a number of theoretical problems. However, what really stands out is the phishing example.
Let’s imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name “Bank”, with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of email addresses using code that simply enters users’ address books and modifies any entry under the name “Bank” to 987-65-43. The problem has now been created.
A few months ago, there was coverage about the same issue. The term vishing (Voice Phishing) was coined to describe this new form of phishing exploit. I did provide a few tips on how to watch out for these vishing scams. However, attackers are becoming more and more creative. It goes to show the social solutions are required to resolve these issues such as the one employed by Yahoo. For example, banks and customers alike can employ security questions to validate identity over and above the destination address (such as a telephone number).
