09097998394 SIP Scam

I got caught this month with a SIP-based scam. I have an Trixbox (Asterisk) VOIP phone system. When I set it up it was a bit of a struggle and I consequently didn’t think to hard about security. This month someone managed to log in as a SIP extension and dial their premium rate number. Lots of times. Luckily, my VOIP provider, sipgate.co.uk, have only charged me the usual 1.19p/minute and not the £1.50/minute…

Learning lessons:

  1. NEVER use the extension number as the password (D’Oh!, D’Oh!, D’Oh!)
  2. Block outgoing calls to premium-rate numbers.
Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to 09097998394 SIP Scam

  1. Unknown says:

    I have also been stung by this. However my extension password was very secure 😦 no idea how they got hold of it. (It contained a-z A-Z and 0-9 chars) Luckily you\’re pre pay billed. The calls were made via two of my postpay carrier accounts. One carrier stopped the calls after about £85 worth, the other (british telecom) did not and I would estimate about £300 worth of calls that I shall be disputing.In the mean time it will definitely be worth it heading over to http://www.phonepayplus.org.uk/output/default.aspx, then putting the number into the search box, searching and then submitting a complaint using the link just under the address/contact telephone numers.Today I have contacted Opal Telecom who operate the 0909799XXXX block of telephone numbers in the UK, they have been unwilling to cooperate, however if you could report the issue to the police and they would be willing to file an IPA request with Opal then perhaps the details Opal would then disclose would be useful.Regarding when you search phonepayplus for the number there is a contact number listed. I contacted this number today and they provided me with the telephone number for head office in Spain. This is 0034 93600 2300, it may be worth complaining to these people – tho they were unable to assist me.I would love to contact you or anyone else that\’s been had by this to discuss this in more detail, drop me a line at spam@goodmanemail.com identifying this scam as the reason for your contact and I will reply from my personal or business email address.

  2. Kyle says:

    Burned by this as well. Not only did I have an insecure password and no blocking of 09*, but I had missed out the network permit/deny lines :-/ Thankfully it was £7 of calls, thanks to Sipgate. I suspect this type of thing will become more prevalent in the future…I doubt the authorities will do anything about it, as it was essentially our systems dialling a 3rd party. Unless we can provide proof (and my Asterisk install hasn\’t recorded the source IP address) that the destination party was involved in setting up the originating call, then it\’s pointless.Live and learn :-/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s