Spitting and Vishing: New Words to Add to Your VoIP Network Security Vocabulary on callsprout.com

It’s digital data, subject to the same hazards other data can be exposed to once it leaves your network.

The first mass produced automobiles started rolling off the assembly lines in the early 1900s—but it took a couple of decades before door locks were regularly installed on vehicles. Previously, there was no need to secure them.

Necessity is the mother of invention. Keeping VoIP secure wasn’t a concern when it was first introduced. Providers and customers were far more concerned about its cost and reliability. But now that these two determining factors have been nailed down and VoIP has become a mainstream communication option, organizations have discovered it’s time to put some locks on it. Here’s a look at some of the threats VoIP users can face.


We’re already used to phishing. Now we have to prepare ourselves for vishing. The most common version of this is tampering with the caller ID. Someone could set themselves up to look like your bank or another trusted organization. With VoIP, a visher can potentially send one message to thousands of recipients at the same time, creating a virtual number that can disappear without leaving any trace.

It’s not necessarily your VoIP system that’s at risk. It’s your users. Any type of phishing that’s been used in email can be duplicated using VoIP. Are you really sure it’s your bank calling just because you see their name on the caller ID? Never provide sensitive information over the phone, whether it’s via VoIP or otherwise.

Service theft

VoIP services can be stolen with a valid set of credentials and hackers try to obtain these by eavesdropping. Once they’ve got credentials for your VoIP network, they can make calls without paying—but that’s usually not why they go through the trouble of eavesdropping. They’re more interested in gaining access to confidential information that might be stored on voicemail.


Move over spam. VoIP is joining the party, and the flavor is called SPIT—which is an acronym for Spamming over Internet Telephony. You’ve got a voicemail, but it’s spam. This is a recent but developing problem for some organizations using VoIP platforms.

Every VoIP account has an associated unique IP address. Once obtained, spammers could send messages to an improperly secured voicemail. They can send a single spam voicemail message to thousands of IP addresses at the same time. Sure, this is a nuisance. Ultimately, it can also become an expense as more space will be needed to store this digital spam data.

DDoS attacks

Remember that VoIP telephony requires the Internet. In VoIP, a hacker with an axe to grind might try to carry out a Distributed Denial of Service (DDoS) attack by flooding your VoIP network with unnecessary SIP call-signaling messages. Your service would be degraded. Why would they do this? Well, why do websites suffer from DDoS attacks? Somebody out there just doesn’t like you.

Keeping things secure

This all may sound scary, but it doesn’t have to be with airtight security. And VoIP security is only as reliable as the network that supports it. It’s your provider’s responsibility to provide much of the protection that comes from being vigilant about gateway security, firewall configuration, wireless security, and system logins. Keeping some of that information secure is your responsibility.

Know what those threats are, and how to guard against them. Your VoIP provider is your partner. They’ll do most of the heavy lifting, but it’s still important that your people know what to look out for.

For more information about CallSprout’s security features, including our Unbreakable Internet, click here.

Pin It on Pinterest

Share This

Share this post with your friends!