I got caught this month with a SIP-based scam. I have an Trixbox (Asterisk) VOIP phone system. When I set it up it was a bit of a struggle and I consequently didn’t think to hard about security. This month someone managed to log in as a SIP extension and dial their premium rate number. Lots of times. Luckily, my VOIP provider, sipgate.co.uk, have only charged me the usual 1.19p/minute and not the £1.50/minute…
- NEVER use the extension number as the password (D’Oh!, D’Oh!, D’Oh!)
- Block outgoing calls to premium-rate numbers.