Researchers at Secure Science recently discovered ways to make unauthorized calls from both Skype and the new Google Voice communications systems, according to Lance James, the company's cofounder.

An attacker could gain access to accounts using techniques discovered by the researchers, then use a low-cost PBX (private branch exchange) program to make thousands of calls through those accounts.

The calls would be virtually untraceable, so attackers could set up automated messaging systems to try and steal sensitive information from victims, an attack known as vishing. The calls might be a recorded message asking the recipient to update their bank account details, for example.

"If I steal a bunch of [Skype accounts], I can set up [a PBX] to round-robin all those numbers, and I can set up a virtual Skype botnet to make outbound calls. It would be hell on wheels for a phisher and it would be a hell of an attack for Skype," James said.

In Google Voice, the attacker could even intercept or snoop on incoming calls, James said. To intercept a call, the attacker would use a feature called Temporary Call Forwarding to add another number to the account, then use free software such as Asterisk to answer the call before the victim ever heard a ring. By then pressing the star symbol, the call could then be forwarded to the victim's phone, giving the attacker a way to listen in on the call.