VoIPhishing coming soon?

For most of us - including ITPP - VoIP seems to be a God sent applications even if it harbours a security flaw deep in its womb and could become the favourite medium used by DDoSers to launch massive Zombie attacks.

But I am digressing. I was thinking of another way of using VoIP to undermine corporate and private security. It might only be a theory, a mental proof on concept but hopefully, it will never see the light. Could there ever be something called "VOiPhishing" where basically the hacker plays the role of the one making the call or receiving it?

So, the company receiving the call could eventually be talking to a dummy customer service assistant and similarly, a customer being asked for his personal details might be talking to a hacker instead.

Whether is farfetched or not, I don't know. It is a real possibility if flaws are discovered and exploited in the software and packages used for VoIP services. Unlike physically tapping a traditional phoneline, VoIP does not require a physical access to your line since basically, voice is transmitted as data over the internet.

It is entirely possible to get Trojan horses, churned out by botnets, to modify or take over your skype application to transmit over the internet or use a rootkit to do the dirty job.

Voice over IP is likely to encounter the same kind of teething problems that plague traditional emails. We have already seen how Spam Over Internet Telephony (SPIT) ready to take over the whole Voiposhere and if traditional telephone scams work very well right now, they will probably thrive in the VoIP setup.