The latest in a long line of social engineering techniques used by email attackers is geolocation, which creates bogus emails with local information to make them appear legitimate. The recent “dirty bomb” email spoofed a Reuters article in a report that told of a “dirty bomb” that had exploded in the recipient’s hometown. The text changes depending on the recipient’s location.

The email, which replicates a Reuters article (but is not written in proper journalistic style), includes a video, which contains a spyware virus.

Unfortunately, this type of hack corresponds with the legitimate recent use of public safety applications for mass notification. Some college campuses for example, use text messaging as a means of issuing safety warnings. As a result, some recipients may believe the email to be a legitimate public safety message. The sense of urgency created in the message may cause more people to click on the infected links in order to gain more information about the bogus incident.

The attackers are using IP geolocation, which is a technique used by attackers to determine a user’s approximate physical location based on their IP address. The IP address, which is easy to derive, is compared against a database to determine location.

This type of attack is likely to increase. Widespread social networking sites give attackers information that includes a person’s email address and location, and other data like birthday, which may be used in creating these highly targeted, and very specific attacks. If you receive an email like this, don’t click on the links, and check in with your local news program or call a local public safety agency to verify the claim.

Another variation of this attack was seen just last month, which spoofed a legitimate coupon web site called The Couponizer, and used IP geolocation to create a bogus site that offered coupons for local stores that were linked to malicious sites.