Blippy Could be Highly Beneficial for Cybercriminals: Cyveillance

As per the warning issued by security firm Cyveillance, a recently-launched service "Blippy", which allows users to discuss their recent purchases, could prove to be a potential tool for cyber crooks.

Blippy basically invites people to discuss what they are purchasing, mainly by attaching a credit/debit card to the service. Postings show what the users bought, the retailer (be it online or in-store) and the amount.

According to the cyber intelligence blog of Cyveillance, the service (Blippy) offers an attractive source of information from the perspective of a cybercriminal to frame a highly targeted spear phishing assault, as per the news published by ecreditdaily.com on January 26, 2010.

In fact, Cyveillance posted phishing e-mail, for instance, using the fictitious name of retail giant Best Buy to elaborate its perspective.

The text of the e-mail addresses some Johann Gonzales, thanking him for this latest purchase at Best Buy of worth $52.99. It further asks the user to click a provided link in order to get credit for his purchase in the Best Buy Reward Zone Program as well as to receive lucrative discounts on his purchases in future. However, on following the link, user lands on a phishing site.

Cyveillance security experts commented that sending such a phishing e-mail to a batch of all the possible e-mail addresses, using a big deal of permutations and combinations, nearly assures certain response.

Though, the important thing to note is that the Blippy users' namesakes could also be at risk from such kind of targeted assault. These people may be deceived into clicking the malicious link as they are so certain that they had not made that purchase, but suspect that someone might have used their details to purchase things on their account.

The security firm suggested that Blippy can, however, take a precautionary measure to hide the usernames or otherwise pointing any link to the real names of the users.

Finally, Cyveillance noted that if, in case, any such thing happens, then it would give businesses a good chance to say that they will not be reimbursing the losses incurred, which is logical also as if a Blippy user is himself surrendering his important details to the criminals then the related businesses are certainly not blameworthy.

» SPAMfighter News - 2/4/2010