Asterisk Vishing Attacks "Endemic"

Ian Lamont writes "Remember the report last year that the FBI was concerned about a 'vishing' exploit relating to the Asterisk IP PBX software? Digium played down the report, noting that it was based on a bug that had already been patched, but now the company's open-source community director says that attacks on Asterisk installations are 'endemic.' There have been dozens of reported vishing attacks in recent weeks, says the article: 'The victims typically bank with smaller regional institutions, which typically have fewer resources to detect scams. Scammers hack into phone systems and then call victims, playing prerecorded messages that say there has been a billing error or warn them that the bank account has been suspended because of suspicious activity. If the worried customer enters his account number and ATM password, the bad guys use that information to make fake debit cards and empty their victim's bank accounts.'"

Re:_All_ prerecorded calls are spam.

[Deanalator]

I was getting a recorded message from a spoofed cid at 000-000-0000 and would always kill the call as I saw it come in. Turns out it was the my gas company trying to resolve some billing issues.

A note to all "legit" businesses out there, blocked numbers and especially spoofed cids are super sketchy, don't do it.