The Agency Insider with Linda McGlasson

'Blippy' Gives Green Light to Spear Phishers

'Blippy' Gives Green Light to Spear Phishers

Blippy, a new social media data-sharing site that is a financial form of Twitter, has unleashed the unthinkable idea of publishing every single purchase for public consumption on the Internet.

It is claimed by Blippy's co-founder, Philip Kaplan, that it will change the way people think about privacy and money. Blippy follows the Twitter model, except instead of showing what users are doing at a given moment, it reveals their credit card transactions.

For privacy experts, this is a sign of the apocalypse. For others it could pose some problems, especially if you aren't used to people you know, or even strangers, knowing what you buy.

Think of it: It would be a nightmare for a shopaholic wife, having her husband know what she's bought. Never mind it was on sale; the look she'll get when she gets home will probably mean that the cute outfit that she just bought at Neiman Marcus is getting returned tomorrow.

Blippy may be a step too far for most of us concerned with privacy and data security. Me, I like to keep my personal purchases to myself. That is unless I'm buying a big 100" HD TV with Surround Sound. Then I'll just tell my friends what time to come over.

It may be changing the way people look at their personal spending, but nope; thanks, I'll pass. And not just because people would see what I've bought. I see this new service as another way that marketers will be able to follow you around, asking if you'd like to buy their product. There are also some real security concerns that must be considered when signing up for this kind of a service. Posting credit card purchases on a public website is akin to waving a red flag in front of a snorting bull. You're just asking for something bad to happen to you and your personal data.

Information security pros at financial institutions should take note to add it to their line of questions when investigating a customer's breach, asking "Do you use Blippy?" (If the answer is affirmative, then the search for a source point of information used to social engineer the information out of the hands of a customer ends there.) Maybe the harshest step for financial institutions to take would be to ban Blippy's use by their credit card-holding customers.

The security experts over at Cyveillance agree with my assessment of Blippy: It's a train wreck waiting to happen. They've dubbed Blippy "a spear phisher's dream." Think of all of the spear phishing that could emanate from generated posts that say someone has purchased anything. It would be like pouring kerosene on the already roaring fire that is phishing.

Of course, even if I did decide to join the blipping army of shoppers, my husband wouldn't be able to find me on Blippy or any other social media website for that matter. Heck, he can't remember his Facebook password!



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.