This demonstration presents spam scenarios and a lightweight security mechanism for protecting spam calls in SIP- based VoIP services. Generally, VoIP providers have been applying only the HTTP digest scheme to authenticate a UA. They may be not consider protecting SIP signaling between the light-weight UA and the SIP proxy using the TLS mechanism since it suffers from the heavy overhead for computation on the resource-constrained UA. Therefore, the spammer can send SIP messages such as INVITE or 200 OK directly to the UA or the SIP proxy, and then communicate with the user by establishing a media channel. This paper demonstrates several spam scenarios when the TLS mechanism is not established at the light-weight SIP UA. Besides, we will show that these spam calls can be protected by using our proposed security scheme instead of TLS mechanism.