FBI Seal Federal Bureau of Investigation Links to FBI home page, site map and Frequently asked questions
Federal Bureau of Investigation
Home Site Map FAQs Skip to Main Content

Contact Us
Bullet Your Local FBI Office
Bullet Overseas Offices
Bullet Submit a Crime Tip
Bullet Report Internet Crime
Bullet More Contacts
Learn About Us
Bullet Quick Facts
Bullet What We Investigate
Bullet Natl. Security Branch
Bullet Information Technology
Bullet Fingerprints & Training
Bullet Laboratory Services
Bullet Reports & Publications
Bullet History
Bullet More About Us
Get Our News
Bullet Press Room
Bullet E-mail Updates Red Envelope
Bullet News Feeds XML Icon
Be Crime Smart
Bullet Wanted by the FBI
Bullet More Protections
Use Our Resources
Bullet For Law Enforcement
Bullet For Communities
Bullet For Researchers
Bullet More Services 
Visit Our Kids' Page
Apply for a Job
 

Press Release

For Immediate Release
 December 9, 2008

Washington D.C.
FBI National Press Office
(202) 324-3691

FBI Warns of New Vishing Attacks Targeting Private Branch Exchange (PBX) Systems

The FBI has identified a new technique used to conduct vishing attacks where hackers exploit a known security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate Private Branch Exchange (PBX) systems with Voice over Internet Protocol (VoIP) digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

Digium, the original creator and primary developer of Asterisk, released a Security Advisory, AST-2008-003, in March 2008, which contains the information necessary for users to configure a system, patch the software, or upgrade the software to protect against this vulnerability.

If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised. To prevent further loss of consumers’ PII and to reduce the spread of this new technique, it is imperative that businesses using Asterisk upgrade their software to a version that has had the vulnerability fixed.

Further, consumers should not release personal information in response to unsolicited telephone calls. Providing your PII will compromise your identity.

“As with all types of scams, whether by computer, phone, or mail, using common sense can protect you,” said Special Agent Richard Kolko, Chief, National Press Office, Washington, D.C.

To receive the latest information about cyber scams, please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage.

# # #   

Press Releases | FBI Home Page