Hackers Using Geotargeting Tools to Launch Attacks Targeting Specific Locations

According to Avanan, a Check Point Software Company, hackers are employing geotargeting tools to tailor phishing attacks to certain regions.

Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link. Using this service, scammers can conduct specialized attacks based on the geography and language of the victim.

How are Threat Actors Improving Phishing Tactics By Geo-Targeting Websites?

According to the researchers, in this assault, visitors are redirected through the geo-targeting platform Geotargetly, where they are presented with personalized, regional phishing pages.

Email Sent to Users in Colombia

Researchers say utilizing the user’s location, the tool is utilized to display advertisements. As a result, advertisements displayed to users in France would differ from those seen to users in the US. Hackers can now launch geo-specific phishing content and send their targets harmful emails that are regionally and linguistically tailored.

In the aforementioned example, the original email originates in Colombia, so if the user is in Colombia, they will be forwarded to a page that looks like it is from the Colombian government. This is how it goes:

Redirected to a Colombian government look-a-like page

“What is interesting is the ability for hackers to customize their attacks by region and to attack multiple users in multiple parts of the world at once”, Avanan researchers.

Hackers Utilizing the ‘Spray-and-Pray’ Method

The threat actors frequently use the ‘spray-and-pray’ method. Throw a lot of stuff at the wall and see what sticks the idea. Volume is the name of the game, and you’re hoping for a few occasional successful phishes.

“The ‘spray-and-pray’ method allows for the ability for hackers to target a large number of people at once, and ensure that it’s relevant, and localized. It’s spraying without the praying”, researchers explain.

In this case, a hacker can make a phishing link that takes users in a specific region to a fake login page that resembles the real one using the Geotargetly redirect. 

The likelihood that a user may fall for the assault is increased by this personalization. The content would be appropriate for their language and location, and the redirect is legitimate.

Hence, it is now more likely that ‘spray and pray’ tactics would succeed, enabling hackers to operate effectively on a worldwide scale.

Recommendations

Security experts can take the following precautions to protect themselves from these attacks:

  • Check URLs in email and in the browser before proceeding
  • Confirm with IT if the site is legitimate.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LLM Hijackers Exploit DeepSeek-V3 Model Just One Day After Launch

Hackers reportedly gained unauthorized access to the cutting-edge DeepSeek-V3 model within just 24 hours of…

16 minutes ago

GitHub Copilot’s New Agent Mode Enables Autonomous Code Completion

GitHub has once again raised the bar for productivity in software development with the launch…

1 hour ago

Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising major…

2 hours ago

Massive Brute Force Attack Launched With 2.8 Million IPs To Hack VPN & Firewall Logins

Massive brute force attacks targeting VPNs and firewalls have surged in recent weeks, with cybercriminals…

2 hours ago

Penetration Testers Arrested During Approved Physical Penetration Testing

A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed…

2 hours ago

Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network

Sensitive credentials from Cisco's internal network and domain infrastructure were reportedly made public due to…

3 hours ago