Fraud and threats in the IP-telephony network via the SIP protocol

Covery Blog / Antifraud, Covery, Fraud prevention, Fraud types / Fraud and threats in the IP-telephony network via the SIP protocol

Fraud and threats in the IP-telephony network via the SIP protocol

VoIP (Voice over IP address) telephony is steadily becoming the mainstream technology for communication. The convenience of calling someone across the world via WhatsApp, Telegram, Viber, Facebook Messenger, or Slack can’t be overestimated. However, IP-telephony network fraud is a thing that plagues web and mobile applications, as the SIP protocol is vulnerable to several kinds of threats.

Today’s article from Covery is dedicated to fraud prevention for web and mobile applications that use the SIP protocol to deliver VoIP communication services. We explore the most common IP-telephony network fraud cases and show the ways to prevent them. This article is based on expertise Covery gained as an anti-fraud tool operating in the UK, Europe (Germany in particular), and worldwide.

What is IP telephony?

In simple words, IP telephony transfers voice and video over the Internet using the SIP protocol — Session Initialization Protocol. This pure software layer can be configured on any network, enabling VoIP calls wherever there is Internet uplink. SIP can initiate, edit and terminate all kinds of online multimedia sessions — VoIP, streaming, teleconferences, etc.

Is IP calling safe?

In general – yes. VoIP has several important benefits that make this type of communication very appealing for businesses large and small.

  • Good connection quality. Due to Voice HD features, VoIP providers can guarantee excellent voice/video quality without distortion (given a stable Internet uplink).
  • Negligible installation and maintenance costs. VoIP works over your existing network infrastructure, no additional hardware is needed — only a SaaS subscription.
  • High flexibility and scalability. With landlines, the end number of users is always limited. With VoIP, it scales up and down easily depending on the business needs.
  • Call recording and more. SaaS VoIP tools provide a wide range of additional features like configurable call recording or IVR menus, which are hard to implement for a landline phone network.

But, being a software layer, VoIP service is subject to various types of IP-telephony network fraud. We cover the most widespread SS7 and SIP protocol threats below in brief.

What are the types of VoIP threats?

Fraudsters try to emulate their identifiers to impersonate trustworthy persons and organizations, use bots for phishing and DDoS attacks, and employ various account takeover schemes. Let’s take a closer look.

Phishing and spoofing

Scammers spoof their credentials to appear to be calling from a legitimate organization. This allows them to fool their victims into phishing — providing their account details, so fraudsters can later sell them on the Dark Web or use them for account takeover fraud, creating fake reviews, or acting as a part of a bot network. This leads us to the next point…

DDoS attacks

According to a recent 2022 fraud statistics report, 7 out of 10 organizations experience 20 to 50 DDoS attacks monthly. With cloud computing resources becoming more and more easily available, fraudsters can launch DDoS attacks much cheaper and more rapidly than before. As a result, your customers experience service unavailability and you risk losing data or even control over your resources.

Tampering with calls

Specialized monitoring tools can assess the volume of traffic currently routed through any given connection. This enables fraudsters to tamper with your customer’s calls — from eavesdropping to overloading the channel aiming to make communication incomprehensible. This is usually done by competitors who aim to force your customers to switch their VoIP providers.


A particular case of tampering, Voice Over Misconfigured Internet Tools or VOMIT is an eavesdropping technique allowing scammers to intercept data packages, replace call recipients or issuers, and gather valuable information about the calls.


A case of spamming, where fraudsters send thousands of malware-loaded voicemails over the VoIP daily. Answering such a call can cost your users a ton of money, as expensive overworld calls can be disguised as cheap local calls. In addition, such files can be infected with viruses that can steal account details, banking details, and other sensitive information from your customer’s phone.

As you can see, despite important business benefits, VoIP telephony can pose quite a serious threat. How to withstand it?

What is fraud on VoIP and how to deal with it?

No service is hackproof, but most importantly — none is foolproof. Therefore, the most efficient way to prevent your customers from suffering IP-telephony network fraud is to educate your employees and users on the threats they might face and the best ways to avoid and overcome them.

The simplest (yet quite useful) approaches to SIP protocol fraud prevention are as follows:

  • Encrypt your data. SSL/TLS certificates are essential tools for ensuring the safety of your business. Even if fraudsters steal the call data, they will not be able to do anything with it due to encryption.
  • Strong password policy. Forcing people to generate 12-digit long passwords with capital letters, numbers and special symbols might seem excessive — but only until some of them lose their accounts due to the dictionary stuffing or guesswork by fraudsters.
  • Timely updates. Interactions of various software create complex and ever-changing cybersecurity landscapes in your production environments. Developers constantly look for loopholes and backdoors and close them — but you need to keep your platform components updated to ensure you benefit from these patches.
  • Counter-phishing drills. In times of crisis, your employees will not rise to the height of your expectations but will be on the level of their training. Regular training on identifying and mitigating phishing attacks will help your employees provide positive and secure environments for your customers.

These are efficient but pretty standard approaches to fraud prevention, but what about automated anti-fraud tools?

Covery — anti-fraud system for VoIP providers

Despite certain software specifics, IP-telephony network fraud has all the signs, markers, and vulnerabilities of other types of online fraud. This ensures Covery can deal with it just as easily as with any other DDoS attack, bot attack, an account takeover attempt, phishing, fraudulent payments with stolen credit card details, affiliate fraud, triangulation fraud, etc

Contact us and order a free demo to learn more about how Covery can help you deal with IP-telephony network fraud over the SIP protocol. We will be glad to show you various features Covery uses to identify fraud in real-time and ensure reliable fraud prevention.