Voice Phishing Countermeasures

There are a few ways enterprises can prevent the phisher from contacting its employees in the first place.

Countermeasurs Preventing the Email "Come On" from Reaching the Victim

Standard email anti-SPAM security technologies work fairly well at limiting the number of phishing emails that get through to a potential victim. There are a variety of services, software, and appliances that address this multibillion-dollar market. Just a few of the commercial software and service offerings in this space include

  • Barracuda (http://www.barracudanetworks.com)

  • BlackSpider (http://www.blackspider.com)

  • CipherTrust (http://www.ciphertrust.com)

  • Cloudmark (http://www. cloudmark .com)

  • McAfee (http://www. mcafee .com)

  • MessageLabs (http://www.messagelabs.com/)

  • Microsoft (purchased FrontBridge) (http://www.microsoft.com/exchange/services)

  • Mirapoint (http://www.mirapoint.com/)

  • MX Logic (http://www.mxlogic.com/)

  • Postini (http://www.postini.com/)

  • Proofpoint (http://www.proofpoint.com/)

  • SonicWall (http://www.sonicwall.com)

  • Sophos (http://www. sophos .com)

  • Symantec (http://www. symantec .com)

  • Trend Micro (http://www.trendmicro.com)

Countermeasurs Preventing the SPIT "Come On" from Reaching the Victim

As we covered in the previous chapter, SPIT is a social issue that enterprises have limited ability to affect. Some solutions are the responsibility of the larger VoIP (and SIP) community. If the VoIP community does not work together to address SPIT before it is a big issue, enterprises will be forced to adopt "traditional" mitigation strategies, which are expected to be similar to those adopted for other voice security issues and/or email SPAM. Some of the countermeasures the VoIP community and enterprises can take are discussed at the end of the previous chapter and include measures such as authenticated identity, enterprise SPIT filters, black and white lists, and audio content filtering.

Countermeasurs Preventing the Victim from Calling Back to the Malicious IVR

Besides user education, there's really not much an enterprise can do to prevent its users from calling a malicious IVR phishing system. The most obvious advice for end users is to always confirm the number of your financial institution before calling them. You can find their number either on the back of your credit card or on the financial institution's website. In an enterprise setting, you might at some point see managed VoIP services start to blacklist potentially unsafe or forbidden outgoing phone numbers as a response, much like web proxy service offerings today. Today, some VoIP and traditional phone management systems have a call admission control policy, which customers can generally use to block bad numbers. To do so, you can create a rule with a group containing the bad numbers . Administrators can then add the new phishing phone number, so that gullible users are not able to call the number.



Hacking Exposed VoIP. Voice Over IP Security Secrets & Solutions
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
ISBN: 0072263644
EAN: 2147483647
Year: 2004
Pages: 158

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net