So, a guy decides to sell his business website including the rights to the software he was selling there and posts on a forum that has a market place for this type of business.
To justify the asking price he gives some Paypal screenshots that show the names of the people and companies that purchased his software, making it easy enough for someone to search them with Google and then send them a specially crafted spear phishing in order to scam the hell out of these folks. Knowing basic details of the purchase those customers made, such as the date and price (both listed in the screenshots) they could scam them easily.
To prove he owns the domain he also posts a screenshot with his GoDaddy account panel showing his customer ID, because yeah! if you’re an idiot then you must be all the way.
Now after all of that you’d imagine he couldn’t be more stupid and expose much more details, but as you scroll down the post you realize that he’s pretty stupid to also expose his customer’s email addresses (most of them associated with Paypal accounts and being business emails), by providing a screenshot from the website’s panel:
I blanked the emails myself, but posted the screenshot just so you can get an idea about how stupid this guy can be. Yeah! I know there’s more details like order ID, names, date and amount paid, but I can’t do more harm to these people than he’s already done by exposing their info’s on a public forum.
Later on, people wonder how a company can be scammed for $44 million with a simple email.