The FBI has issued a warning to companies about scammers spoofing voice over IP (VoIP) calls by exploiting PBX exchanges.
The warning concerns Asterisk software that is used to integrate PBX phone exchanges with VoIP systems. A vulnerability exists in versions 1.2 and 1.4 that would allow scammers to spoof calls over VoIP and harvest personal information from callers.
The current version of the software, 18.104.22.168, has fixed the flaw, and companies running the software are being urged to upgrade. Recipients of VoIP calls are also being warned to check the identity of callers.
“As with all types of scams, whether by computer, phone or mail, using common sense can protect you,” said special agent Richard Kolko, chief of the FBI’s National Press Office in Washington, DC.
FBI warns of VoIP spoofing threat
By Iain Thomson on Dec 12, 2008 10:35AM