Risk: Low
Voice over IP calls can quite easily be accessed by hackers using a free download called Vomit (voice over misconfigured Internet telephones), which converts ordinary IP conversations into a wave file that can then be played through ordinary speakers.
Although Skype maintains that it encrypts conversations, many VoIP solutions don't, and it can be relatively easy for conversations to be eavesdropped. It is also possible that VoIP connections could be flooded with spam, which could clog voice accounts and cause Denial of Service attacks. Many VoIP systems are Windows-based, and therefore susceptible to Windows flaws. Another potential risk associated with using VoIP programs is that they quite often use multiple ports, which potentially opens up more holes in firewalls and therefore, increased exposure to attackers.
During Infosec 2006, held at the end of April at Olympia, a presentation entitled, "This house believes that the business advantages of VoIP outweigh the security concerns" met with disagreement from security professionals, indicating that many do not believe the technology is ready for large-scale deployment.
Those who use VoIP should use a solution that encrypts conversations. Users should not disclose any confidential information using VoIP and remain aware of any new security issues that arise.