Skip to content

Phishing at the Next Level – Geotargeted Attacks

Posted by Selina Coen on Tue, Aug 29th, 2023

Imagine receiving an email message from a business located oceans away telling you to confirm your password. You may know immediately that the message is malicious and would ignore it. In a global environment, phishing threats must be much more targeted toward their intended victims, so malware authors now use geotargeting tools similar to how advertisers geotarget their ads.

Why are Phishing Emails Geotargeted?

Geotargeting is used in legitimate advertising, but legitimate tools are also available to cyber-criminals. Organizations use geotargeting tools such as Geo Targetly to customize email messages, localize the message with the correct language, and change the advertising content based on a region's culture. Some geotargeted messages might link to pages with local laws and ordinances to make them look like legitimate legal entities. These tools can be used for productive, beneficial business reasons, but tools used for the good of a business can also be used for malicious purposes. 

Everyone is a target for cyber-criminals, especially as more businesses connect to the internet and integrate it into everyday productivity workflows. Email is necessary for most businesses, and most employees can access web browsing and incoming email messages. Although these benefits improve productivity, they also increase the business attack surface and the risks of a data breach from phishing and drive-by downloads.

To make phishing messages more effective, cyber-criminals use geotargeting tools to translate malicious messages into the correct language and dialect and use information that would give the impression that the sender understands local businesses and culture. By engaging in geotargeting, cyber-criminals gain more trust with users. Trust leads to more clicks on malicious links, and the attacker-controlled landing page also has geotargeted text and information to trick targeted victims further.

With geotargeted web pages, cyber-criminals have effective ways to trick users and gain trust. The amount of effectiveness delivered in a phishing threat depends on user trust. Every year, cyber-criminals improve their messages and methods to gain user trust and make their phishing threats more effective at tricking targeted users.

Can Users Identify Phishing Threats?

With the proper security awareness training from programs such as SafeTitan, users can be taught to identify a phishing scam. Users should be instructed on some common strategies in a phishing campaign. Cyber-criminals convey a sense of urgency so that the reader doesn't stop and think about what's being asked in the email message. Users should ask questions and verify that the message is legitimate. Any requests should be validated before acting, and messages that urge discretion should be taken with suspicion.

Phishing messages often include a link to an attacker-controlled web page. The landing page often mimics a real business. If the targeted user is an employee, the landing page might mimic the employer's business page, where internal users authenticate into the system. The URL might be a slightly misspelled variation of the official site, which can be easily overlooked by anyone not taking note of the address. A sophisticated phishing campaign might even use an official email notification familiar to targeted users.

Users must be taught to recognize sophisticated phishing campaigns, especially those that use landing pages with malicious content or drive-by malware downloads. Security awareness training teaches users to be aware of the address in the browser, but the best defense is typing the official address into the browser's address bar. Users should never click links from untrusted senders to avoid any cross-site request forgery (CSRF) exploits. CSRF happens when users click links with malicious query string input, allowing attackers to run scripts on a vulnerable web page.

When users have suspicions after receiving an email message, security awareness training teaches them to report it. Only some organizations have cybersecurity people on staff, so they must report it using the software integrated with the email service or report it to the managed service provider handling the email service's security.

Adding Security to Your Email Service

A managed service provider (MSP) should already have cybersecurity installed on the email server, but some small businesses handle their email services in-house. Whether an MSP or on-staff people handle email service management, cybersecurity should always be a priority. Email filtering software works in the cloud or on-premises so that administrators can choose the best setup for their business.

An email filtering solution analyzes messages reaching the email server and acts where appropriate. For example, suppose artificial intelligence determines that the message content could be linked to phishing. In that case, it will send the message to a quarantine section of the network instead of sending it to the recipient's inbox. The purpose of this filtering system is to remove responsibility from the targeted recipient and leave it to an administrator for review. The extra step in the inbox process reduces cyber risks and improves data protection from email-based threats.

Human error is the main culprit in a phishing-based data breach. Automated email filtering solutions eliminate the human element, so employees only need to rely on their security awareness training during a false adverse event. False negatives are extremely rare in comprehensive solutions such as TitanHQ's SpamTitan, so administrators and business owners can trust that malicious email messages are quarantined. 

Layered security is necessary for effective cyber-risk reduction, and email filtering solutions combined with security awareness training are two layers added to various antivirus programs, firewalls, and intrusion detection systems. No business should have a single cybersecurity layer for potential vulnerabilities, especially when an attack vector includes email targeting human mistakes. Overlapping layers act as failovers when one data protection strategy fails. However, having multiple layers forces cyber-criminals to bypass several protection strategies, making it virtually impossible to compromise a system. Note that it's always possible to compromise a system, even with layered security, but multiple strategies reduce cyber risks to a low percentage.

Email filtering, security awareness training, data archiving, DNS-based web content filtering, and encryption solutions are necessary for compliance and brand reputation protection for businesses that store sensitive consumer data. Never leave your business to employee discernment or expect employees to always catch phishing emails. This strategy is a road to an eventual data breach and system compromise.

TitanSecure offers Triple Threat Cyber Protection and includes:

  • Protection from phishing.
  • Archiving solutions for data protection.
  • Protection from drive-by downloads.

Sign up for a free trial today.

Discover how to protect against Geotargeted Phishing with TitanSecure: Triple Threat Protection!

Book Free Trial

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us