Over on the Voice of VOIPSA blog yesterday, I wrote about a new VoIP fraud case were a group of people stole over $4.4 million in services from a variety of Internet Telephony Service Providers (ITSPs) / carriers, including AT&T and Verizon.

As I note in that blog post, this wasn’t a “VoIP security” attack as much as it was a social engineering attack. This group went to rather remarkable lengths to convince ITSPs that they were legitimate businesses to whom the ITSPs should extend credit… and then they abused that credit once it was given.

In the book, I talk about these issues of both fraud and social engineering. From a protection point-of-view, this latest fraud case really highlights the uncertainties in the “SIP Trunking” space (a topic I focused on in Chapter 5) and the need to perform adequate due diligence on the ITSPs from whom you are purchasing SIP connectivity. (Although, admittedly, this particular group went to such lengths that it is not surprised they duped do many companies.)

The reality is that as the market for Unified Communications and IP communications continues to grow and expand, it will only become more tempting for scammers and thieves… so I expect we’ll see even more fraud cases in the time ahead.

As part of the publicity in the run-up to the book's release in a few weeks, Syngress has made a PDF available for free download of Chapter 3, "Eavesdropping and Modification".  In the chapter, I talk about how you can use basic tools like Wireshark to eavesdrop on UC traffic and discuss some of the tools that can be found on the VOIPSA VoIP Security Tools list and how they can be used to both observe and modify traffic.  I also suggest strategies for how to secure your UC systems against these attacks.  The chapter is out there for free download… please feel free to share it… and I'd love to hear your feedback, either as comments here or over on the Facebook page for the book.  Thanks!