Banks and other companies switching their phone systems to VoIP are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher, quoted by an InfoWorld Daily report, said.
"People will be able to penetrate bank networks and hijack their phone lines," said an independent security researcher, known by his pseudonym The Grugq, in an interview.
He said VoIP was becoming increasingly common as companies and operators look to the technology to help cut costs, which made them more vulnerable to attack, he said.
The Gruqg, who spoke this week at the Hack In The Box Security Conference (HITB) in Kuala Lumpur, Malaysia, said VoIP phishing attacks would emerge by the end of this year. The attacks would allow hackers to steal personal data, including credit card numbers and bank account information, and there is little security managers could do to stop them, he said.
"Theoretically, you phone up your bank and the customer service line has been taken over by hackers," The Grugq said.In this scenario, the customer would be asked by the hacker to enter personal banking information before being passed on to an actual bank customer-service representative, according to the report.