Friday, June 14, 2024

Hackers Using Geotargeting Tools to Launch Attacks Targeting Specific Locations

According to Avanan, a Check Point Software Company, hackers are employing geotargeting tools to tailor phishing attacks to certain regions.

Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link. Using this service, scammers can conduct specialized attacks based on the geography and language of the victim.

How are Threat Actors Improving Phishing Tactics By Geo-Targeting Websites?

According to the researchers, in this assault, visitors are redirected through the geo-targeting platform Geotargetly, where they are presented with personalized, regional phishing pages.

Email Sent to Users in Colombia

Researchers say utilizing the user’s location, the tool is utilized to display advertisements. As a result, advertisements displayed to users in France would differ from those seen to users in the US. Hackers can now launch geo-specific phishing content and send their targets harmful emails that are regionally and linguistically tailored.

In the aforementioned example, the original email originates in Colombia, so if the user is in Colombia, they will be forwarded to a page that looks like it is from the Colombian government. This is how it goes:
Redirected to a Colombian government look-a-like page

“What is interesting is the ability for hackers to customize their attacks by region and to attack multiple users in multiple parts of the world at once”, Avanan researchers.

Hackers Utilizing the ‘Spray-and-Pray’ Method

The threat actors frequently use the ‘spray-and-pray’ method. Throw a lot of stuff at the wall and see what sticks the idea. Volume is the name of the game, and you’re hoping for a few occasional successful phishes.

“The ‘spray-and-pray’ method allows for the ability for hackers to target a large number of people at once, and ensure that it’s relevant, and localized. It’s spraying without the praying”, researchers explain.

In this case, a hacker can make a phishing link that takes users in a specific region to a fake login page that resembles the real one using the Geotargetly redirect. 

The likelihood that a user may fall for the assault is increased by this personalization. The content would be appropriate for their language and location, and the redirect is legitimate.

Hence, it is now more likely that ‘spray and pray’ tactics would succeed, enabling hackers to operate effectively on a worldwide scale.


Security experts can take the following precautions to protect themselves from these attacks:

  • Check URLs in email and in the browser before proceeding
  • Confirm with IT if the site is legitimate.

Network Security Checklist – Download Free E-Book


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles