VoIP Spam – the Next Major Challenge for the Industry?

VoIP has revolutionized voice communication for consumers and businesses alike. However, the technology has not become so popular without facing its fair share of obstacles and challenges. When the first VoIP call was made back in the 90s, no one imagined that it would, one day, replace the PSTN.

The earliest VoIP services suffered from a lack of quality, it wasn’t all that hard to distinguish a VoIP call from regular phone calls. Users would struggle to hear the person at the other end, words will often go missing and audio artifacts (echoes or other noises) were common. Fortunately for us, the technology has improved to the point where few people can tell the difference between a call made with VoIP technology and one that traveled over the PSTN.

Poor audio quality was not the only obstacle. Users had no guarantees that a VoIP call will complete, that calls wouldn’t suddenly disconnect or otherwise be interrupted. VoIP services and compete with PSTN operators on features, support, or user experience either. But that is not the case today. VoIP technology has overcome many challenges to reach its current position.

VoIP Spam

Unfortunately, the battle is far from over for VoIP. Security issues with VoIP implementations have made headlines recently. Organizations are beginning to realize that VoIP systems require the same security defenses as other IT tools. Without appropriate security measures in place, criminals can easily infiltrate enterprise business phone systems and cause havoc.

Apart from security, spam is becoming a big headache for VoIP users. Most users are familiar with email spam. It’s the junk mail that – for the most part – is filtered by the service provider before it even reaches your inbox. VoIP spam is similar in that it is unsolicited, unwanted, and even automated. Spam emails are more of a nuisance nowadays but VoIP spam can cause bigger problems.

What is VoIP Spam?

VoIP spam is also called SPIT (Spam over Internet Telephony). It is unsolicited phone calls made by automated dialing systems using VoIP technology. Like many other Internet systems, VoIP is subject to malicious abuse by third parties like telemarketers, criminals, and pranksters. It is aided by the fact that VoIP calls are extremely inexpensive and quite a few free software exists to make calls.

Robocalls are one type of VoIP spam. Automated dialing systems can be very useful for businesses that want to contact many customers for sales, marketing campaigns and even handling customer support incidents. However unscrupulous organizations like telemarketers also use the systems to make unwanted voice calls to consumers. Organizations have tried a variety of methods like maintaining blacklists, screening software, consent bases systems, and even legal action against robocalls. But it is very difficult to stop telemarketers, not least because the perpetrator may live in one country and uses the services of a provider in yet another country to make the calls.

VoIP Spam as Denial of Service Attack

DDoS attacks on websites and email systems are not uncommon, most security experts are familiar with them. Such attacks are orchestrated by hackers to overwhelm the target system and deny those resources to authorized users. Research has found that recent attacks are powered by large-scale bot networks that are difficult to shut down.

Now criminals are using a similar strategy against VoIP systems. Once a hacker or criminal organization targets a specific organization, they start broadcasting thousands of calls per minute from a VoIP gateway. Not only does it tie up the phone lines but such an attack makes it impossible for employees to communicate with each other. Customers cannot reach the support department, salespeople are unable to reach potential contacts, and executives cannot coordinate with each other.

Short of pulling the plug on the entire phone system, there are very few steps that a business can take to solve this problem. Not many companies have fallen victim to such type of attacks but it is only a matter of time before VoIP spam attacks become common.

Like the perpetrators of email spam, the malicious actors behind such VoIP attacks are difficult to trace. It is easy enough for anyone to sign up for a VoIP service in any country. Hackers can also purchase numbers with local area codes to mask the source of these calls. For instance, spam calls may appear to originate from Mexico even though the perpetrator lives in some other country.

Using VoIP spam as a form of DDoS attack is a new type of threat vector for enterprises. Until now, robocalling has been a mere annoyance. Developers cannot simply apply email spam mitigation techniques to VoIP since it is real-time communication. It is time for businesses, VoIP vendors, software developers, and other interested entities to create strategies that can deal with VoIP spam before it is too late.