Report: 'Credit Card Twitter' Ripe for Phishing Attacks

Gallery.IdTheft2Blippy, the ‘Twitter’ for credit card users that went live this month, could be targeted by cyber criminals that could use the personal information posted on the social media site to create effective phishing emails, according to a prominent cyber security firm.
Blippy invites users to discuss what they are buying primarily by attaching a credit or debit card to the service. Postings reveal what they purchased, the amount and the retailer, whether online or in-store. ATM withdrawal amounts are also recorded.
The site has privacy safeguards in place, but there is enough revealed in the postings to help cyber fraudsters construct phishing schemes aimed at Blippy users, according to Cyveillance, a provider of online security solutions to protect organizations from cyber attacks, including phishing and malware. The firm has done business with a majority of Fortune 500 companies.
“From a cyber criminal’s point of view, Blippy currently offers great information to construct a highly-targeted spear phishing attack,” Cyveillance writes on its cyber intelligence blog.
Phishing attacks are attempts by cyber criminals to acquire sensitive personal information such as usernames, passwords, credit card numbers or social security numbers by pretending to be a trustworthy source in a professionally constructed email message.
Spear phishing, Cyveillance explains, takes things a step further by personalizing the email sent to the potential victim.
“The attack may address the victim by name or phone number, lending credibility to the attack and greatly increasing the likelihood that the recipient becomes a victim,” according to a posting on the firm’s blog titled: “Blippy, a Spear Phisher’s Dream.”
Blippy, a San Francisco-based start-up, has some well-established venture money behind its public launch, including Sequoia Capital, Charles River Ventures, Twitter CEO and co-founder Evan Williams, and other Silicon Valley investors.
Retailers are also starting to take notice of the potential marketing rewards of having their names appear repeatedly on Blippy’s home-page scroller.
But included on postings are pieces of information that a spear phisher can use in constructing an email, such as the following provided by Cyveillance as an example using a fictional name and the retail giant Best Buy:
“Dear Johann Gonzales, Thank you for your recent purchase of $52.99 at Best Buy. To receive credit for your purchase in our Best Buy Reward Zone program and receive valuable discounts on future purchases, click here…”
Cyveillance does say that Blippy can take the measure of “hiding usernames or otherwise referring any link to users’ real names.”
“Blippy does hold promise as a way for consumers to gain information about the prices of goods and services,” Cyveillance said. “But it also currently provides a literal wealth of information for spear phishers.” In circumstances like this where money is at risk of being stolen, there are ways in which online companies can stay protected online as well as the customer. Using VPN software will protect people from hackers and cyberattacks by shielding where they are and what they are doing online, e.g. transferring money. Researching the best VPN’s where you are will get you to see what will work for you, e.g. ‘best vpn canada‘ for Canadians who need that extra protection.

Leave a Reply

Your email address will not be published. Required fields are marked *