Blippy, a great service for phishers?

Blippy, a new service that lets you twitter (blipper?) your recent purchases made with a credit card of your choice, could be a valuable tool for cyber criminals, warns Cyveillance.

Consider the information you can glean from a post:

The things you (and prospective fraudsters) now know about this guy is the following: his name, what he bought, where and when he bought it, and how much he paid for it.

What’s to stop phishers to use this information to mount a spear phishing campaign, sending an email peppered with this information and purporting to be from the seller in question? The information will definitely add to the credibility of the message and increase the chances of the person falling for the scam.

Let’s see an example of how a phishing email could be crafted from a similar batch of information:

Dear Johann Gonzales,

Thank you for your recent purchase of $52.99 at Best Buy. To receive credit for your purchase in our Best Buy Reward Zone program and receive valuable discounts on future purchases, click here…

Sending such an email to a bundle of likely email addresses that uses a wide array of combinations of first and last name almost guarantees some reaction. Come to think of it, people who can also be at risk from this kind of attack are the namesakes of Blippy users – they might be tricked into following the link because they are sure that they did not make that purchase, but fear that someone might have somehow used their information to buy things on their account.