| the other point that should be made about voip is that callerid is | trivial to spoof. | | so if you are counting on the calling party being who they say the | are, or even within your company, based on callerid, don't. | | i predict a round of targeted attacks on help desks and customer | service, as well as more general scams with callerid set to (say) | "Visa Security". To open a trouble ticket with IT where I work, you go to a Web page; or, if you have problems using the network, you can use the phone. When the phone is replaced by one that use VoIP, just how will one report network outages? I can't wait....
| does anyone know if time ANI from toll free services is still | unspoofable? The last I heard, it was fairly easy to *suppress* ANI (using games that redirected calls the network saw as going to toll-free numbers), but still difficult to *spoof* it. Since ANI drives Telco billing - unlike Caller ID, which is simply delivered to customers - the Telco's have an interest in making it difficult to fake. On the other hand, LD revenues have been falling for years, so the funding to attack LD fraud has probably been falling, too - given how many people now have "all you can eat" plans, there's less and less reason to worry about them stealing. | some of my clients have been receiving targeted phishes recently that | correctly name their bank and property address and claim to be about | their mortgage. this is information obtainable from public records. I probably get an offer to refinance my mortgage every other week or so. The letters cite real information about me and my mortgage: They know its size, or at least the know the amount at the time I took out the mortgage. In low-income areas, there's a long history of fraudulent refinancing - claiming you are getting a better loan for the person but really getting him deeper and deeper in the hole while you pocket various fees. I wouldn't want bet that all the come-on letters I receive are legitimate! The only difference between some of this stuff and phishing is the medium used. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]