Be smart about online telephoning

Talking to people via your computer and broadband connection is called Voice over Internet Protocol (VoIP). Like all uses of the internet, there are risks with using VoIP if you are not properly protected.

Skilled hackers and computer criminals are capable of intercepting your conversation if security precautions not followed. Eavesdropping on your calls could allow someone to obtain personal and service information they could use to access your service to make calls at your expense.

If you use your computer and internet connection to talk to people instead of your telephone or mobile, make sure you do it safely.

Top tips

Make sure you have the latest version of anti-virus and anti-spyware software and a firewall on your computer. Make sure they are activated and regularly updated.
Use a strong password for your VOIP software to keep it private.
Don’t put any sensitive, private or confidential information on your public profile.
Regularly check your VoIP provider’s website to see if there are any updates or patches.
Do not divulge personal information to people you don’t know.

Fact sheets and resources

acma_website The Australian Communications and Media Authority website has a section on VoIP which includes key issues to consider when choosing a VoIP service.

What are the threats

Many of the threats associated with VoIP are similar to those inherent to using any internet service or device.

Service theft

If a hacker can obtain your service credentials they can use these to:

break into your voice mailbox
to make calls using your Caller ID at your expense, or
to make calls to you under a false Caller ID in order to get information from you or to lure you into fake moneymaking schemes or making fake purchases.

Breach of privacy and identity theft

VoIP data sometimes travels unencrypted over the internet. It is possible for someone to collect VoIP data and attempt to reconstruct a conversation.

It may be possible for someone to eavesdrop on your private conversations or to obtain personal information about you which could be used to steal your identity.

Vishing

Vishing is the VoIP equivalent of phishing (hoax) emails. Fake Caller ID’s and names are used to trick you into believing the person calling you is actually a representative from a legitimate business such as your bank in order to get your banks details, secondary authentication details or personal information.

This information can be used to steal money from your accounts or to steal your identity.

Since most VoIP users don't treat incoming calls with the same skepticism as email users reading an unsolicited email message, they may actually believe that the person on the other end of the line really is genuine.

Spam over internet telephony (SPIT)

SPIT is the VoIP equivalent of Spam. Like email spamming, sending commercial messages via VoIP is fast and cheap. Unlike traditional telemarketing, though, VoIP offers the potential for large volumes of unsolicited calls. Telemarketers could easily send large amounts of messages to VoIP customers.

Unlike traditional spam email messages, which average only 10–20 kilobytes in file size, VoIP voicemails can require megabytes of storage.

How to be smart with your online telephoning (VoIP)

The security risks involved in using VOIP can be minimised by:

making sure you have the latest version of anti-virus and anti-spyware software and a firewall on your computer, and making sure this software is activated and regularly updated
using a strong password for your VOIP software to keep it private
setting up your service to allow connections only from people you know and block everyone else to prevent strangers calling you out of the blue
checking regularly with the VOIP providers website to see if there are any updates or patches
using encryption software for both your installation and for those you wish to talk to.

News