How to Combat VoIP Spam

Unwanted callers or messages has been a historic problem for human society. We have become used to dealing with door to door salesmen, junk mail in our mailboxes and advertisements on our television screens. In fact, every new change in technology just seems to put yet another tool in the arsenal of spam senders. Who among us can claim to have never received spam messages in our email inboxes or even our feeds on social networks?

With VoIP gaining ground steadily around the world, we should prepare for a bombardment of our phone systems with spam calls. Many of us recall having to deal with telemarketers but VoIP spam calls are actually much worse.

VoIP Spam or SPIT

Spam on VoIP systems is referred to as SPIT – SPam over Internet Telephony and although it isn’t yet a problem of the same proportions as email spam, it will get worse. Analysts predict that the growth and popularity of VoIP systems will lead to a corresponding increase in unwanted calls. Some people wonder why this should be a problem – after all telemarketers may be a nuisance but they are certainly not active threats to a company under normal circumstances.

The Problems with SPIT

Unfortunately, VoIP technology is vulnerable to SPIT because of many reasons:

• Sending thousands of unwanted calls to a business can be used by spammers or hackers to tie up their resources for extended periods of time. This would in turn cause many issues like preventing customers from contacting the business and affect employee morale when trying to deal with irate clients
• Repeated spam calls can dramatically affect employee productivity. Who can focus on work when the phone keeps ringing every few minutes with spam calls? Employees cannot simply ignore the phone either, it could be a client or a colleague on the line.
• Spam calls can be used in conjunction with more traditional Denial of Service attacks to cripple a business while hackers steal data amidst the crisis
• Bulk spam calls can cause a backlash against VoIP systems by users unwilling to deal with such a menace. It can erode customer confidence in the organizations they deal with and degrade the quality of calls that pass through the enterprise VoIP network
• Force businesses to implement counter measures to deal with SPIT – these measures may either be expensive, time consuming or degrade the quality of calls on the network

Dealing with SPIT

You may be wondering why we can’t simply use the same methods for SPIT that we use for fighting email spam. Email and voice calls are different types of communication channels with their own protocols, methods and infrastructure. This means that the methods we use on one system will not be effective on another.

For instance, the main defense against email is content filtering. ISP and email providers deploy software and applications that automatically scan email messages for keywords and patterns that suggest spam and prevent it from reaching your inbox.

This method would fail for VoIP because the latter is time sensitive. If you intercept the call for analysis first, the end user is going to see a difference. It doesn’t matter if you get an email message a few seconds later but those precious seconds count in a phone call.

Another reason is that you cannot filter voice calls until you know the content and you cannot know the content until after the user answers the call! By then it is too late as the spammer has successfully interrupted the user already.

How to Combat VoIP Spam

Of course, it is not all gloom and doom just yet. For one thing, SPIT isn’t actually a global problem on the scale of spam. Spam calls on VoIP networks do happen but not to the same extent as email spam. Secondly securing corporate networks in general – not just against spammers – should offer sufficient protection for your systems for the time being.

Vendors are trying to develop innovative solutions for SPIT in a bid to protect clients from such problems, even before they get out of hand. After all, their entire business model is at stake here. Some solutions block spam callers from ringing your phone at all based on behavioral characteristics such as word usage, previous history and so on.

Other common tools that are already employed to secure systems such as whitelisting and blacklisting certain IP ranges can also be effective against SPIT. In fact the standard protocol SIP – used by the vast majority of systems for IP telephony – has some provisions for dealing with SPIT.

The problem with spam of any kind is that businesses are often one step behind scammers. In essence we are trying to solve yesterday’s problems, while the other side has already moved on to a new technique. However keeping our networks securely patched/updated, alert users and other general security measures will work to combat VoIP spam in any form.