Vono, a leading Brazilian VoIP service, informed their customers about a phishing attempt involving their services. As usual, users were lead by different ways to a clonned website for password recording purposes. Until here no lesson to be learned, Vono service is a prepaid VoIP service that can be paind either by invoice or a non displayed credit card, this last payment method also offers a risky automatic recharge option. However it's interesting to notice that Vono uses the same credentials for both HTTP and SIP authentication. Therefore those that had been fooled by the phishing scam tend to suffer credit theft as consequence of their naivety. Separate authentication methods could provide the VoIP provider the ability to data mine for anomalous Web provisioning activities reducing the impact of the phishing activity.

Still that the impact of this phishing scam tend to be quite small.