Man-in-the-middle attacks have plagued networks for many years. Tools from Dsniff/fragrouter to Cain & Abel help show how network communication methods are not secure. Using the same model, telephone communication via VoIP can fall into the same problem space. While Layer 2 man-in-the-middle attacks using ARP packets are by far the easiest way to eavesdrop on a call, access to the correct network space is required. Unfortunately, there are a few ways to eavesdrop without using ARP poisoning–using common phishing attacks in combination with call redirection.

The first kind of this attack is a targeted attack, involving Caller ID spoofing. The attacker essentially creates a three-way call between the credit card company and the target, staying on the line as a passive listener and recording the content. The attacker spoofs his Caller ID number as the one listed on the back of a credit card or on the credit card company’s website. Once the number has been spoofed, the attacker calls the target on one connection. The target, believing that the call is coming from the credit card company, answers the call thinking it is a trusted entity. Once the target answers the call, the attacker can send an automated computer voice informing him of supposed unusual activity on his account and asking him to verify his information. While the message is playing to the target on one connection, the attacker opens another connection with the real credit card company. Once the credit card company answers the call, the attacker can then connect (three-way call or conference) both the target and credit card company while remaining on the line. Before doing anything else, most credit card companies use an automated computer voice to verify credit card numbers. Once the conference has been enabled, the target is then asked by the real credit card company to verify his information by typing or speaking his credit card number, PIN, and the card’s expiration date. The attacker secretly remains on the call and records all the information.