Cybercriminals using VOIP services to bypass transaction authentication.
Cybercriminals using VOIP services to bypass transaction authentication.

Flashpoint researchers spotted Russian speaking cybercriminals using Voice over Internet Protocol (VOIP) services to bypass phone call transaction verifications.

Researchers spotted three VOIP services Narayana, SIP24, and SIP Killer being sold in cybercriminal forums and used to make online purchases using compromised bank or online retail accounts, according to an Aug. 15 blog post.

Narayana boast a long list of features including support for Session Initiation Protocol, SIM cards based on the global system for mobile communication, and free iNum number for each user. Researchers say Narayana's ease of use and affordability add to its appeal.  

SIP24 has features similar to Narayana but is available by invitation only has reportedly higher call quality, and has additional features and restrictions aimed to bolster security. SIP Killer is used primarily to enable “call-flooding” or to send high volumes of call traffic over VOIP services to render call service unavailable.

Researchers said it's important that financial institutions and e-commerce retailers, who may be unable to differentiate between legitimate transaction confirmation calls and fraudulent ones made and/or received by criminals using VOIP services, take note.