Home / Industry

IP Geolocation: How to Locate and Stop Phishing Threats

The web has made the world a smaller place by reducing the relevance of location. How so? Anyone, no matter where they are, can now reach out to anyone else with useful information ranging from breaking news events to commercial proposals.

Not everyone is appreciated or can be trusted online, however. Spammers are one of these unfriendly characters who waste the time of people they don't know with communications of little value. But the worst of their kind are certainly phishers — who take advantage of blurred physical distance not to get caught and use refined techniques to extract valuable login or bank account information from unsuspecting victims.

So how can you deal with such perpetrators? In an online environment where it's hard to put a face to a name systematically, IP geolocation data can support businesses and organizations to avoid the wrecking damage and havoc to computer or system defenses once their users commit human errors.

More precisely, here's what you can hope to achieve with the technology:

1. Create Phishing Profiles

Through IP geolocation data, a cyber attack on a company's network can be traced back to its source. Indeed, devices used on the web — no matter whether they're simply a means to browse around or have become a phishing weapon — and their corresponding IP addresses are footprints of their online undertakings.

Such marks may not always be precise enough to locate exact latitude and longitude points at all times, but they can certainly inform cybersecurity teams on dangerous locations from where fraud is knowingly conducted. Over time, specialists can spot patterns and build geo-profiles of common phishing perpetrators and, if applicable, the criminal network behind them.

2. Secure Email Network Against Phishing

Once you know where the danger is coming from, you can take steps to protect your staff from phishing. For example, you may use geo-data to indicate your email service providers when incoming messages from certain devices and IP netblocks should be marked as spam.

Doing so will make your employees more cautious, prompting them to:

  • Check for spoofed email addresses used for BEC scams
  • Avoid downloading or opening files attached that may compromise your systems
  • Be wary of external URLs that may redirect to typoed domains registered for web impersonation

Taking this approach a step further, you might decide to block all communications coming from areas recently known for online fraud or nation-state attacks.

3. Monitor Online Fraud

Even when users have fallen for a phishing trick, IP geolocation analysis can still prevent harm and alert both customers and providers before it's too late.

Take e-commerce as an example. People certainly enjoy sparing the hassle of physically being present in a waiting line or having to visit brick-and-mortar stores, but that does not make online shopping location-less or force sites to accept orders from anywhere on the planet.

For instance, isn't it suspicious when a new IP address shows up to purchase items due for delivery in a radically different place than a few hours or days earlier?

Of course, people go places and sudden changes of device and location do not always equate to fraud. Still, e-commerce companies may want to check with customers (e.g., through a verification SMS or phone call) that login information and sensitive bank or credit card details have not got stolen and used against their will when unlikely operations arise.

* * *

IP geolocation data is a useful source to strengthen business security management processes to stop phishing and other threats. For more information, I have made a detailed comparison of some of the best IP geolocation API providers, including our proprietary and fully functional IP Geolocation API.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
Related topics: Cybersecurity, Email, IP Addressing
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Cybercrime

Sponsored byThreat Intelligence Platform

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias