Thinking about Vishing VoIP security

How do you avoid being phished over VoIP? No, we're not talking about a Ben and Jerry's flavor, we're discussing the tactic of being called up over the phone and being socially engineered into disclosing confidential information.  

Phishing is now a widespread tactic, with bogus emails spammed out on a daily basis. Initial attacks were mostly for-profit in nature, with an inbox letter posing as a bank or the IRS requesting security and personal information. The information would then be utilized by the attacker for either a simple credit card exploit or a more elaborate identity theft exploit. Varients such as Spear Phising and Vishing are now in vogue, but phishing attacks can be broken down into four parts: Redirect, Disclosure, Impersonation and Unauthorized Usage.

Vishing is a faster way to gain information if the attacker feels confident in his or her social engineering skills. In the days before computers, this was known as "The art of the con."  Regardless, we still have to wonder if J. Michael Straczynski understood he was writing a double-entendre when he penned the line, "Who do you serve? And who do you trust?" A look at the general practices of phishing can help in the development of strategies against vishing.

For more:
- TopTechNews breaks down Phishing and Vishing. Article

Related articles
Trend: "Vishing," VoIP phishing on the rise - FierceVoIP
VoIP Security and the Circle of Trust - FierceVoIP