Next up: spoofed voicemails?

* Spoofing on steroids

Almost all of us have been the victims of e-mail spoofing – e-mails that purport to come from a trusted source, but are really sent by someone else. Spoofing is a serious problem for a variety of reasons; not least of which is the fact that many recipients are fooled into believing the source of the message they receive is valid. There are a variety of methods that can be used to reduce spoofing, including domain authentication and the use of SSL/TLS.

However, I believe that we’ve seen is just the tip of the iceberg with regard to spoofing, a problem that will be made worse as adoption of unified messaging systems become more widely adopted. The problem is not in the unified systems themselves, but rather because users will likely be even more easily fooled by voicemails in their inbox that supposedly come from a trusted source.

For example, I received a telephone call last week from a company that issued one of my credit cards. I had made some purchases from a Web site in Europe and the company wanted to find out if the purchases were legitimate. However, the inquirer was an automated system that requested my credit card number, month and date of birth, the last four digits of my Social Security number and other confidential information. The call was legitimate.

Now, imagine a scenario in which e-mail spoofers decide to send voicemails to companies that use unified messaging. A user receives a voicemail in their inbox, listens to a spoofed request for anything from credit card numbers to PIN numbers to employee ID numbers, and then provides that information, believing the request is legitimate. Compared to a spoofed e-mail, there are typically fewer clues in a voicemail to indicate the authenticity of the sender – users who today are fooled into responding to a spoofed e-mail will likely respond in like manner to a spoofed voicemail. The fact that spoofed IP-based voicemails can be sent in enormous numbers, just like spoofed e-mails, means that even if only a tiny fraction of users respond to these attempts the damage could be significant.

What’s your take on this? Is this a problem that just won’t happen or is it a legitimate concern for organizations that are considering unified messaging? Please send me an e-mail to share your thoughts.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)