Cyber attackers target online shoppers with a unique attack method known as web skimming. This process involves injecting malicious code into an online shopping website which will receive and transfer entered data of the online shoppers to the hacker’s computer. Above all, the payment details of the online shoppers are the major target and if it is acquired, the attack is a successful one. To help you secure your shopping online, it is best to use a trusted privacy protection software.
Hackers who engage in web skimming take some measures to ensure that the data flow to their computers is not noticed. They register similar domains to some top and tested domains. Google Analytics in particular has been used by most of these cyber criminals. They register domains like googl-analytics.com, google-anaIytics.com, google-analytcs.com, etc. Non-vigilant online users may not notice the difference from the genuine Google Analytics domain.
However, vigilant ones might also be at risk because some of the time, the hackers use the genuine Google Analytics domain (analytics.google.com). Usually, the Google Analytics configuration process involves inserting the account tracking ID and tracking code into their website. Sometimes, more than one tracking code can be used which then transfers data to more than one Google Analytics account.
In such a case, hackers can take advantage and insert malicious codes into the website. It’s like them connecting their analytics account to such a site and then user-entered data will be transferred to them as well as the original analytics account of the site owner.
About two dozen websites have been victims of web skimming with Google Analytics globally. Most of them include online stores in South America, North America, and Europe that sell cosmetics, spare parts, digital equipment, and foodstuffs amongst other things.
The Threat Web Skimming With Google Analytics Pose
Google is a renowned company and the Google Analytics service is trusted by so many site users for tracking their users and other site metrics. According to BuiltWith, at least over 29.1 million live websites use Google Analytics.
Site owners trust the Google Analytics service to the extent that they give their consent for it to collect and retain data in their Privacy Policies. It being used for hacking via web skimming means that the millions of websites who use it are at risk of their visitors’ data being compromised. Not only will this spoil business for some online sites if the users are defrauded, Google’s credibility will also be affected.
How You Can Protect Your Website From Web Skimming
Protecting websites from web skimming attacks with Google Analytics is a responsibility of the site owners and site visitors. However, the site owners have to do more.
For site users, you should install a security software on your device which is used to access the Internet. An antivirus software or application capable of detecting malicious codes and scripts is ideal.
For site owners, keep your analytics configuration clean. One analytics account is enough to track your site metrics. Be mindful when installing plugins, CMS, or any other web application; ensure they are from trusted sources.
Furthermore, filter data entered by visitors for possible third-party code injection and if you’re an eCommerce merchant, endeavor to use payment gateways that are PCI compliant.