Hi, I have two customers who recently installed new VoIP systems. Both are relatively small businesses (<50 FTE), and have an in-house "IT" employee who doubles as something else as well.

Both of these clients experienced spear-phishing attacks that were quite good.

One had invoices go to their clients asking for payments with all of their correct information. The only difference was the payment information which stated it should go to a new ACH account. Invoice looked EXACTLY like theirs, all names and addresses were correct.

The second was very similar, but the request was for credit card payments...

The common element here was the installation of the new VoIP systems by relatively small re-sellers. The on-site IT personnel gave the vendors access to their routers and firewall to create the VLAN tunnels for the voice data.

Has anyone else seen this? I asked both companies to open cases with local authorities to try and get a trace (both are relatively large transaction amounts). Both are reluctant to do so..

Also, the Hold Hostage (where the 3rd party vendor changes all their admin passwords after changing). I find this is a new form of "ransomware".