The following information was gleaned from a "Black Hat" security briefing on the web, and I composed these notes to put the vulnerability into the context of our typical call center client. - Ron.
Most companies have dozens, hundreds, or more phone numbers provisioned by the phone company for use with their telephone services. Unfortunately, most companies do not manage these numbers as a corporate asset. There is an important reason to actively manage a short, "defined purpose" (e.g. 'support', 'advertising tracking', etc.) set of numbers, and to publish only the necessary and few numbers for use by the calling customer.
Scam artists can rent and use the same, inexpensive SIP trunk, Voice over IP, and "Asterisk software-as-PBX" technology that we use to lower phone costs and improve call center metrics. If they can get your customers to think -their- 800 or local telephone 'scam' number is really -yours-, then this is what happens.
 |
|
