VoIP deception poses a significant and escalating menace to enterprises, as attackers are increasingly focusing on cloud-based phone systems to exploit vulnerabilities for financial advantages. This kind of deceit involves illicit entry into a VoIP network, often for initiating expensive international calls or redirecting traffic to high-rate numbers.
However, various forms of VoIP dishonesty exist, and not all of them hinge on high-rate number strategies. In this article, we will delve into common VoIP deception techniques and propose pragmatic measures to safeguard your business from such risks.
1. Vishing
Termed as voice or VoIP phishing, vishing involves socially engineered attacks to extract corporate credentials, such as logins, passcodes, employee IDs, and other categories of business or personal information.
Fraudsters commonly deploy VoIP, alongside voice-altering software, and other strategies to mask their identities to pose as someone else, frequently someone in a position of power. Callers then coerce their targets into releasing valuable data.
This form of scam can manifest in various guises. With AI and deep fake technologies, scammers can create a much more convincing persona. For example, a UK-based energy firm’s CEO fell victim to a $243,000 deep fake vishing ploy.
Educate employees on exercising caution when answering unexpected phone calls and identifying prevalent socially engineered stratagems, like scammers instigating urgency or dodging specific inquiries. Obtain this free social engineering cheat sheet to reinforce your business’s security against such perils.
2. Wangiri
Wangiri translates approximately to “one ring and cut” in Japanese (where this deception originated) and operates just as its name suggests. Your phone rings once and then disconnects abruptly.
This ruse aims to pique your curiosity and prompt you to return the call, leading to exorbitant international call charges. It often involves pre-recorded messages to deceive you into believing you are conversing with the original caller.
These messages typically claim difficulty in hearing you and implore you to call back to prolong the call duration and goad you into returning the call, initiating additional charges.
VoIP systems and automated dialers have proliferated this deception. They empower scammers to execute numerous calls simultaneously at minimal costs.
There is also a variant of this deceit tailored for targeting businesses—Wangiri 2.0. It entails bots inundating business contact forms with premium-rate numbers to incite callbacks. If businesses do respond, they will face financial repercussions.
The positive aspect is, Wangiri is relatively easy to identify once you grasp its workings. The unmistakable one-ring (or sometimes, two-ring) calls along with the international phone numbers serve as telltale signs that should be communicated to employees.
3. VoIP toll fraud
If perpetrators gain illicit access to a business’s VoIP system, they can inundate it with fraudulent calls to high-cost international or premium-rate numbers. Typically, this involves a revenue-sharing pact between the attacker and the premium number owner.
I conversed with a managed service provider who recounted how one of his clients (prior to engaging their services) discovered $18,000 in fraudulent charges on their business phone system. The hapless company had to bear the entire burden and only detected the deceit upon receiving their vendor’s bill.
This fraud typically commences with attackers pinpointing a susceptible phone system and breaching its defenses. It could be an exposed port, insecure endpoint, or compromised login credentials. Once inside, the attacker commences making undetected calls, often during off-peak hours or staggered intervals.
To shield against this, corporations should adopt VoIP security best practices, such as deploying firewalls, regularly updating software, and utilizing robust passwords. Monitoring call detail records for irregular activity and imposing call thresholds can also aid in thwarting large-scale deception.
4. Caller ID spoofing
Caller ID spoofing is not invariably malicious, but it is frequently leveraged as part of broader deceptions to obscure the attacker’s identity and heighten the chances of victims answering the call.
This stratagem entails manipulating the caller ID to exhibit a different name or phone number than the actual one — making the IT personnel’s number appear local, while in reality, it originates from another country. That’s the essence of caller ID spoofing.
Apart from aiding them in assuming false identities, assailants can also exploit caller ID spoofing to conceal robocalls with costly international numbers — akin to Wangiri, yet less overt.
Exercise caution with unexpected calls, even if the caller ID seems familiar. Abstain from sharing personal information and try posing specific queries to stump attackers. If encountering pre-recorded messages, terminate the call; it presumably is a robocall.
5. PBX breach
Through various techniques, cyber intruders manage to breach your private branch exchange (PBX).
EXPLORE: Discover essential PBX information.
For example, hackers gain remote access to a company’s voicemail by uncovering the voicemail personal identification number (PIN). Some companies overlook changing the default PIN, typically the last four digits of the phone number, which is a simple task for hackers.
Subsequently, hackers modify the business’s call forwarding configurations to direct calls to their pay-per-minute line. This results in calls being redirected to the expensive pay-per-minute line whenever a call is made.
In the case of cloud-based PBX systems, hackers identify the IP address of a PBX and attempt to breach the login credentials through trial and error. Once successful, hackers utilize the PBX to make calls to their pay-per-minute lines, usually occurring during off-peak hours to avoid detection.
It is crucial to never rely on default PINs or passwords and to frequently update login credentials.
Deactivate any unused voicemail boxes and voicemail functions such as call forwarding. Implement firewalls to prevent traffic from questionable sources and regularly monitor for any suspicious after-hours outbound calls.
Additionally, establish rate restrictions. These restrictions help in limiting the number of outbound calls made within specific timeframes or during certain times of the day, reducing the impact of a potential system breach.
6. Data interception
VoIP communication involves the transmission of small data packets via RTP (Real-time Transport Protocol) streams over the internet.
Data interception entails intercepting these data packets within RTP streams. If these packets are not encrypted, hackers can easily monitor conversations and extract sensitive information, such as credit card details or personal data.
By identifying your network’s IP address and utilizing a packet analyzer such as Wireshark, hackers can eavesdrop on your conversations, similar to someone tuning into your frequencies to listen in on your walkie-talkie conversations.
To mitigate this risk, follow encryption best practices by enabling Secure Real-time Transport Protocol (SRTP) streams and Transport Layer Security (TLS) protocols. Most major VoIP providers already have these security measures in place.
7. Interception tactics
Although data interception seems concerning, it is often part of a broader scheme known as Man-in-the-Middle (MitM) attacks. While not a new concept, MitM attacks are still utilized to exploit VoIP phone systems.
In essence, this approach positions hackers between the data exchange process between you and the intended recipient, enabling hackers to intercept the data before it reaches its final destination.
This is achieved through Address Resolution Protocol (ARP) poisoning. Network devices have two types of addresses: MAC address (physical address) indicating the physical position within a local network and IP address associating with the device’s internet connection. ARP protocols link these two addresses to ensure internet traffic reaches the correct devices within a network.
ARP poisoning targets MAC addresses by substituting the MAC addresses of target devices with the attacker’s address using tools like Ettercap. Consequently, internet traffic between two IP addresses redirects to the attacker’s system first, granting them full control over the intercepted data.
Attackers may delete the data to prevent it from reaching you or the recipient, modify the data for malicious objectives, or leave it unchanged. Additionally, there are similar attacks like Session Initiation Protocol (SIP) server impersonation involving counterfeit SIP server proxies.
To prevent such incidents, implement Dynamic ARP Inspection (DAI) and enforce network security in adherence to current best practices. DAI monitors IP-to-MAC addresses and halts ARP cache updating upon detecting a mismatch, likely caused by ARP poisoning, preventing data from flowing through the tampered connection.
EXPLORE: Discover the top network security configuration errors.
8. DDoS assaults
These attacks aim to overwhelm VoIP phone systems, rendering them inoperable, resulting in substantial recovery expenses and detrimental impact on the company’s reputation.
One prevalent form of VoIP DDoS attacks involves RTP flooding, where hackers flood your system with fabricated calls (commonly from premium-rate numbers) by infiltrating your RPT stream and injecting fraudulent packets.
The objective of this attack is to push your system to process more fake calls than legitimate ones, leading to substantial international charges and potential system crashes. Enabling SRTP protocols can prevent such attacks.
VoIP fraud is entirely preventable
Although the aforementioned tactics may sound alarming and have severe repercussions for businesses, they are entirely avoidable. By prioritizing system security and not treating it as an afterthought, businesses can safeguard their operations.
Furthermore, the leading enterprise telephony services offer a diverse range of features and security measures to ensure protection. Security ultimately lies in the “human layer,” meaning employee training on common fraud tactics and enforcing robust, unique passwords.
About Author
