How caller ID spoofing works
Spoofing caller ID information has been possible for years,
but it's much easier and less expensive to do it with VoIP. In fact, you don't
even have to have a voice line yourself to take advantage of it.
Numerous Web sites offer fake caller ID services. At least one company offers a US$10 "calling card" that you can use to dial a toll-free number, enter the number you want to call, and enter the caller ID info you want to display. In addition, instructions for spoofing caller ID information using a Linux computer running Asterisk PBX software are readily available on the Web.
Caller ID spoofing is particularly troubling because some credit card companies and banks rely on caller ID information to verify customers' identities. Spammers and scammers can also use it to disguise their identities. And since some systems will automatically allow voice mail access if you call from the phone number associated with the voice mail box, unauthorised persons can also use spoofed caller ID information to listen to someone else's voice mail.
What you can do about it
The good news is that VoIP spam, like e-mail spam, will
likely conform to certain patterns that systems can recognise, analyse, and
filter. The technology also makes it possible to block calls from specific
numbers or IP addresses.
It's likely that if -- or really, when -- SPIT becomes a problem, software companies will rush to offer solutions just as they have for e-mail spam. In fact, a number of companies are already working on it.
Qovia, which makes enterprise-level VoIP management utilities, filed patent applications in 2004 for technology that would identify and block VoIP spam. And companies such as BorderWare offer SIP-aware proxies and firewalls designed to protect VoIP sessions against SPIT, caller ID spoofing, and other VoIP abuse.
Summary
VoIP can save organisations money and make calling more
convenient, but like any other technology, it's bound to attract abuse and
misuse. The bad news is that you don't even have to be a VoIP user to be a
victim of VoIP misuse. The good news is that there are ways to thwart VoIP
spam, caller ID spoofing, and other misuses of VoIP technology.
Deb Shinder is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. She currently specialises in security issues and Microsoft products, and she has received Microsoft's Most Valuable Professional (MVP) status in Windows Server Security.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
6%
3%
All VoIP articles over the past decade contain the following statement (or similar) "VoIP can save organisations money and make calling more convenient". To date, I've not really seen any evidence of this and in fact, the contrary. I've been in the voice/data integration space since the late eighties (TDM, Frame, ATM, TCP/IP) and back then there were substantial savings to be made. I'll agree that TCP/IP trunking can save money but most of these savings have been erroded by dsl and call minute plans.
Given that the catch cry for VoIP is cost, I'd like to see the numbers for real implementations that include all the costs. Include infrastructure, maintenance, support reliability, quality etc.
I also know from experience that VoIP is not a good sales tool as voice quality issues will hinder sales effectiveness. You can usually tell if a call centre is VoIP as it sounds like the operator is calling from the moon! Personally, I just hang-up when dealing with VoIP enabled support centre's with quality issues (and this includes the biggest IP router vendor's site)
Am I the only person out there with concerns over the marketing of this technology?