Cisco Talos Identifies VoIP Providers as Key Tools in Global Scam Email Campaigns
AI-generated from multiple sources. Verify before acting on this reporting.
SAN FRANCISCO (AP) — Cybersecurity researchers at Cisco Talos have identified a significant shift in how attackers operate email scams, finding that fraudsters are increasingly clustering and reusing phone numbers linked to Voice over Internet Protocol (VoIP) providers to bypass security filters.
The analysis, released Tuesday, details how threat actors are exploiting the flexibility of VoIP services to create a persistent infrastructure for phishing and business email compromise campaigns. By recycling the same phone numbers across multiple fraudulent accounts, attackers are able to establish a false sense of legitimacy while evading detection systems that flag new or disposable contact information.
Cisco Talos stated that the clustering of phone numbers allows malicious actors to maintain operational continuity even when individual email accounts are compromised or shut down. The researchers found that specific VoIP providers are being disproportionately targeted by these campaigns due to their ease of access and the difficulty in tracing the physical location of the users behind the numbers.
The findings highlight a growing challenge for organizations attempting to defend against sophisticated email threats. Traditional security measures often focus on the content of the email or the domain of the sender, but the reuse of phone numbers in the contact information provides a new vector for attackers to gain trust. When a recipient sees a phone number that has been used in previous legitimate communications, they are less likely to question the authenticity of the message.
Global enterprises are now urged to update their defensive postures to account for these evolving tactics. Security teams are advised to monitor for patterns in phone number usage across incoming communications and to implement stricter verification protocols for any requests involving financial transactions or sensitive data.
The report comes as email-based fraud continues to rise globally, with attackers adapting their methods to circumvent increasingly advanced filtering technologies. The use of VoIP providers in these schemes represents a significant evolution from previous tactics that relied on static, easily traceable contact details.
While Cisco Talos has provided detailed insights into the clustering patterns, the full extent of the VoIP providers involved remains unclear. Researchers noted that the landscape of available VoIP services is vast and constantly changing, making it difficult to create a comprehensive blacklist of compromised providers.
Industry experts suggest that the solution may lie in a combination of technical controls and user awareness training. Organizations must remain vigilant as attackers continue to refine their methods, leveraging the anonymity of digital communication tools to facilitate fraud.
The report does not specify the financial impact of these campaigns, but the potential for loss is significant given the global scale of email usage. As the threat landscape evolves, the ability to detect and mitigate these attacks will depend on the speed with which security teams can adapt to new patterns of abuse.
Further investigation is ongoing to determine if other communication channels are being similarly exploited. The cybersecurity community is watching closely to see if these tactics will spread to other forms of digital interaction beyond email.