VoIP Security Focus: How to Prevent VoIP Theft of Service
Theft of service is the most common type of VoIP fraud. The various types of theft of service include stealing usernames, passwords, and account information.Sometimes known as subscription fraud, VoIP...
Theft of service is the most common type of VoIP fraud. The various types of theft of service include stealing usernames, passwords, and account information.
Sometimes known as subscription fraud, VoIP theft of service costs consumers and companies around the world over $5.2 billion annually.
Since VoIP (Voice over Internet Protocol) has rapidly become an essential business communication tool, it is important to understand exactly what theft of service is. During a theft of service attack, a hacker accesses a user’s phone information and use the stolen information to set up fake phone subscriptions – and the victim gets the monthly bill.
There are ways that businesses can prevent or minimize the risk of this type of fraud. If you are installing your VoIP phone system for the first time, you can take proactive steps to prevent your new system from being hacked. If you already have a system, reviewing the VoIP security protocols you have in place can help mitigate the risk of a theft of service attack.
What is theft of service?
From a legal standpoint, theft of service means obtaining service from someone or some company without paying for it. Theft of service includes things like:
- Deleting or changing invoicing records
- Unauthorized invoicing
- Taking the property of a service provider
How does theft of service relate to VoIP?
VoIP phone systems use the Internet just like computers do. Therefore, hackers can gain access to your servers and data network through VoIP phones, just like they can through unsecured or poorly secured computers. Additionally, hackers can introduce viruses into your system to crash it or steal user passwords.
Once hackers access your network, if VoIP service is their goal, they can use your company’s information to create false billing and service request to your VoIP provider. They then use your VoIP system to make calls or sell services to third parties.
How does VoIP theft of services occur?
VoIP sends your voice as a packet of audio data through the Internet to the receiving caller. Conventional phones send your voice along copper wire or fiber optic cable, directly using switching boxes along the way to and from the callers. VoIP, since it uses packets, has no particular route, and millions of packets can use the same “line” or data network connection. Hence, multiple calls can be made at once.
Hackers may simply want to crash your system and will flood the network with packets of data so that callers can’t access the network to make calls.
Hackers also may try to intercept the packets to eavesdrop on calls.
A third type of VoIP hack involves spammers. Once hackers access your VoIP system, they can allow spammers to flood your office with promotional calls similar to junk email. This type of attack is called SPIT (spam over Internet telephony).
What is SPIT?
SPIT stands for Spam over Internet Telephony. Some people call it VAM (voice/VoIP spam). SPIT operates in similar fashion to email spam. Once a VoIP hacker can access your communications system, they will broadcast unsolicited messages, advertisements, or other commercial messages over your VoIP.
In addition to a phone number, each VoIP phone must have an IP address. Spammers will use spambots to obtain your VoIP addresses and then flood your network with junk email.
How do I protect myself against VoIP theft of service?
Protecting again VoIP theft of service requires common sense and education as well as technical preventative measures.
- Keeping your antivirus software up-to-date
- Insisting that your vendor uses fraudulent call routing detection software
- Using encryption software
Companies may want to consider limiting softphone or computer phone usage or, at the very least, ensure that only company-approved software for these systems is downloaded on company computers or smartphones.
Common sense preventative techniques:
- Make your passwords as secure as possible
- Educate users on the basics of VoIP operations
- Prevent unauthorized access and use of VoIP phone instruments
What about a dedicated VoIP server?
The more layers of security, the more protection you have against theft of service. A dedicated VoIP server would protect your computer network from direct attacks through the VoIP network. This would prohibit anyone from obtaining corporate, user, or client data using VoIP.
Defending against theft of service does not require anything new or unusual. VoIP communications use the Internet. Like any computer-based service, you need to take technical as well as physical precautions to protect your system.