Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link.
Researchers at Check Point Software Company’s security firm, Avanan, have discovered a new wave of phishing attacks in which actors use the Geo Targetly product, Geo Link, to redirect users to malicious links.
What’s worse, following this modus operandi, scammers can launch targeted attacks according to the victim’s region and language through this service.
For your information, Geo Targetly is a legitimate website that lets businesses and advertisers redirect users to ads or pages in their local markets. Its Geo Link service is essentially a URL shortener, according to the company, just like Bitly.
Threat actors use Geo Targeting to target potential victims at specific locations through phishing emails. This could be a massive blow to the cybersecurity fraternity, as exploitation of get targeting may be the ultimate game-changer for cybercriminals.
“In this attack, hackers redirect users via Geo Targetly … and provide them with customized, localized phishing pages,” Avanan researchers stated.
The said tool is used to display ads based on the user’s location. So, the ads viewed by someone in France would be different than those shown to someone in the US. Now, hackers can launch geo-specific phishing content and send malicious emails customized by region and language to their targets.
One of the emails Avanan researchers analyzed was in Spanish and was sent to users in Colombia. It appears to be about a speeding subpoena. The email’s subject line translation is as follows:
“Subject: Notification of subpoena for excess of maximum speed allowed on urban roads of 60 km/h.”
The email contains a link. When the recipient clicks on “See Compared,” they are redirected to the Geo Targetly page. Since the user is in Colombia, the email will redirect them to a Colombian page.
But that’s not the exciting part. The customization that hackers perform to attack their targets according to their location is the exciting part. With this trick, they can target multiple users in different parts of the world simultaneously.
By exploiting Geo Targetly, attackers can create phishing URLs that redirect users in certain regions to inauthentic login pages that appear legitimate. Due to this personalization, victims will be trapped and click on the link. This technique is based on the “spray-and-pray” method, in which thousands of phishing emails are sent at once.
How to Stay Protected?
Researchers recommend users check the URLs included in their emails and browsers before clicking on them. Avanan’s cybersecurity researcher Jeremy Fuchs stated that this is a widespread attack campaign.
Since there is no security flaw in Geo Targetly that threat actors have exploited, the only line of defence is staying vigilant. Geo Targetly has confirmed that hackers used its service to target users.
The company removed Geo Link from its free trial, considerably reducing its exploitation in phishing campaigns. Geo Targetly has also limited the creation of new accounts unless the user shares their legitimate company email account and domain.