May 24, 2011 archive

FBI’s Newest VoIP Fraud Case Shows Danger of Social Engineering

Fbi 1Over on the Voice of VOIPSA blog yesterday, I wrote about a new VoIP fraud case were a group of people stole over $4.4 million in services from a variety of Internet Telephony Service Providers (ITSPs) / carriers, including AT&T and Verizon.

As I note in that blog post, this wasn't a "VoIP security" attack as much as it was a social engineering attack. This group went to rather remarkable lengths to convince ITSPs that they were legitimate businesses to whom the ITSPs should extend credit... and then they abused that credit once it was given.

In the book, I talk about these issues of both fraud and social engineering. From a protection point-of-view, this latest fraud case really highlights the uncertainties in the "SIP Trunking" space (a topic I focused on in Chapter 5) and the need to perform adequate due diligence on the ITSPs from whom you are purchasing SIP connectivity. (Although, admittedly, this particular group went to such lengths that it is not surprised they duped do many companies.)

The reality is that as the market for Unified Communications and IP communications continues to grow and expand, it will only become more tempting for scammers and thieves... so I expect we'll see even more fraud cases in the time ahead.