VoIP (Voice over Internet Protocol) is a technology that allows you to make and receive phone calls using the internet instead of traditional phone lines and offers other features such as video calls, file transfer, and group calls. VoIP has many advantages over traditional phone systems, such as large cost savings, and the flexibility to use any internet connected device. The inclusion of cloud-based VoIP systems and soft phone applications in clubs has increased that flexibility even further but has opened up venues to increased risks from hackers.
Many VoIP telephone systems have moved from a traditional digital system to a VoIP cloud-based solution but are using hybrid hardware and firmware updates to support the VoIP technology. Unfortunately, the majority of VoIP systems were not designed with intention of being connected to the internet and lack the IT security required in today’s world.
Hackers are getting smarter
In a recent incident, a hacker utilised both email spoofing and telephony spoofing to validate a transaction:
- The hacker first compromised the Office 365 account of a medium size business, monitoring their emails until they identified a potential client of the medium size business.
- The hacker registered a domain name the same as the medium size business with a .com extension.
- The hacker sent an email to the client of the business advising of a bank account change for payments, using the .com domain extension.
- The hacker then approached the victim with a phone call (spoofing the number of the supplier to further validate the call) and using names gathered in the Office 365 compromise.
Whilst the hack was not successful due to a diligent employee following procedures before changing bank details, it highlights the depth of social engineering hackers are currently using.
Advice from the experts at Secom Technology Group
As Microsoft charges ahead with their Teams product, it is critical that clubs review the technology of their phone system, ensuring it has the advanced security features required for the current cyber security environment. Ensuring your telephone system can natively integrate with Microsoft Teams will ensure a seamless connection between traditional Digital Enhanced Cordless Telecommunications (DECT) technology used in clubs, and the Microsoft Teams calling platform.
Below is a list of area’s that the above attack exploited and should be high on a clubs’ security audit plan:
- Office 365 Security – ensure your club is using latest Office 365 email security, both Microsoft and third party-based technology options, including Office 365 backups.
- Ensure your club is using the most advanced VoIP security with password guessing protection / secure password policies and anti-call spoofing technology to reject invalid source numbers.
- Ensure your clubs Firewall technology has geolocation protection ensuring VoIP calls are only approved for specific countries.
The Secom Technology Group can ensure your VoIP telephone system is managed as part of the business’ overall cyber security plan.
To talk to the experts about your VoIP security as part of their Managed IT Security plan call Jason Drew or visit Secom Technology Group at Stand 791 at AGE 2023.
Secom Technology – Phone: 1300 781 224