VOICE OVER IP – INTERNET TELEPHONY PRESENTS NEW RISKS

At KnightsBridge Castle we have seen Voice Over IP (VoIP) used to facilitate credit fraud by spoofing caller ID’s. Many merchants use caller ID as one of several authentication techniques when purchases are made over a telephone. VoIP technologies are known to be used to spoof caller ID, or to present false caller ID’s when making a telephone call.

As VoIP technologies become more accepted additional risks have begun to emerge. Companies, such as banks and merchants, are switching their phone systems to VoIP. What they don’t realize is that they are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools.

We have been experimenting with VoIP technologies in our lab and while the benefits of this new technology are clear, the lack of security technologies and protections are very serious. Until these security issues are resolved we advise extreme caution in using these systems.

There are many risks to companies with these technologies, however the personal risk is very clear. You cannot rely on caller ID as a verification that someone calling you is from your bank, credit union, or trusted business supplier.