VoIP and phishing

Bill Stewart bill.stewart at pobox.com
Sat Apr 29 02:05:57 EDT 2006 

There are two sides to the voice phishing here -
- getting the target to call a phone number you've emailed him
- using cheap voice calls to call the target with your offer.

VOIP doesn't affect the former case much,
since the target is paying for the call,
but it does separate callee geography from phone numbers,
so you can use a plausible phone number (e.g. New York)
that's directed to a location with cheap criminal labor,
without the effort that used to be required to set up
FX numbers or expensive international private lines
or locate your call center in the target's country or state.

I've received one Nigerian 419 phone call, a few years back,
which used a Deaf Relay Operator to relay the call from
the scammer, and apparently they used to be heavy abusers of that service.
VOIP also makes that more practical, and somebody's coined
the term "spit" to refer to Spam over IP Telephony.

But phone calls are cheap enough that labor is the
dominant cost of the calls.  I receive frequent
offers to refinance my mortgage or get credit cards
that use presumably-standard phone banks, usually calling
from India and claiming to be US banks.
For all I know, they really are legitimate rude bankers
instead of scammers, but I don't care either way.
VOIP may have replaced voice over frame as the transmission medium,
but it's often an enabling technology for the telco rather than
voice over internet to the end user.

I've been at a lot of telecom trade shows recently,
and vendors have been showing off session border controllers
and various security devices and presence servers,
and while there are lots of tools to let the recipient
indicate whether he's accepting calls or not,
there doesn't seem to be much out there to detect and
reject unwanted calls wholesale.  Most of what I've seen
that's somewhat in that direction are buddy-list tools that
let your spouse/boss/etc. reach you directly and divert other
callers to voice mail or whatever, but within a year or two
we'll start needing to get more sophisticated filters the
way we do with email.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list