Friday, March 1, 2024

Hackers Using Geotargeting Tools to Launch Attacks Targeting Specific Locations

According to Avanan, a Check Point Software Company, hackers are employing geotargeting tools to tailor phishing attacks to certain regions.

Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link. Using this service, scammers can conduct specialized attacks based on the geography and language of the victim.

How are Threat Actors Improving Phishing Tactics By Geo-Targeting Websites?

According to the researchers, in this assault, visitors are redirected through the geo-targeting platform Geotargetly, where they are presented with personalized, regional phishing pages.

Email Sent to Users in Colombia

Researchers say utilizing the user’s location, the tool is utilized to display advertisements. As a result, advertisements displayed to users in France would differ from those seen to users in the US. Hackers can now launch geo-specific phishing content and send their targets harmful emails that are regionally and linguistically tailored.

In the aforementioned example, the original email originates in Colombia, so if the user is in Colombia, they will be forwarded to a page that looks like it is from the Colombian government. This is how it goes:
Redirected to a Colombian government look-a-like page

“What is interesting is the ability for hackers to customize their attacks by region and to attack multiple users in multiple parts of the world at once”, Avanan researchers.

Hackers Utilizing the ‘Spray-and-Pray’ Method

The threat actors frequently use the ‘spray-and-pray’ method. Throw a lot of stuff at the wall and see what sticks the idea. Volume is the name of the game, and you’re hoping for a few occasional successful phishes.

“The ‘spray-and-pray’ method allows for the ability for hackers to target a large number of people at once, and ensure that it’s relevant, and localized. It’s spraying without the praying”, researchers explain.

In this case, a hacker can make a phishing link that takes users in a specific region to a fake login page that resembles the real one using the Geotargetly redirect. 

The likelihood that a user may fall for the assault is increased by this personalization. The content would be appropriate for their language and location, and the redirect is legitimate.

Hence, it is now more likely that ‘spray and pray’ tactics would succeed, enabling hackers to operate effectively on a worldwide scale.


Security experts can take the following precautions to protect themselves from these attacks:

  • Check URLs in email and in the browser before proceeding
  • Confirm with IT if the site is legitimate.

Network Security Checklist – Download Free E-Book


Latest articles

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...

Hackers Hijack Anycubic 3D Printers to Display Warning Messages

Anycubic 3D printer owners have been caught off guard by a series of unauthorized...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles