HomeNewsWeb skimming: Hackers Target Online Shoppers with Google Analytics

Web skimming: Hackers Target Online Shoppers with Google Analytics

If you purchase via links on our reader-supported site, we may receive affiliate commissions.

Cyber attackers target online shoppers with a unique attack method known as web skimming. This process involves injecting malicious code into an online shopping website which will receive and transfer entered data of the online shoppers to the hacker’s computer. Above all, the payment details of the online shoppers are the major target and if it is acquired, the attack is a successful one. To help you secure your shopping online, it is best to use a trusted privacy protection software.

Hackers who engage in web skimming take some measures to ensure that the data flow to their computers is not noticed. They register similar domains to some top and tested domains. Google Analytics in particular has been used by most of these cyber criminals. They register domains like googl-analytics.com, google-anaIytics.com, google-analytcs.com, etc. Non-vigilant online users may not notice the difference from the genuine Google Analytics domain. 

However, vigilant ones might also be at risk because some of the time, the hackers use the genuine Google Analytics domain (analytics.google.com). Usually, the Google Analytics configuration process involves inserting the account tracking ID and tracking code into their website. Sometimes, more than one tracking code can be used which then transfers data to more than one Google Analytics account.

In such a case, hackers can take advantage and insert malicious codes into the website. It’s like them connecting their analytics account to such a site and then user-entered data will be transferred to them as well as the original analytics account of the site owner. 

About two dozen websites have been victims of web skimming with Google Analytics globally. Most of them include online stores in South America, North America, and Europe that sell cosmetics, spare parts, digital equipment, and foodstuffs amongst other things. 

The Threat Web Skimming With Google Analytics Pose 

Google is a renowned company and the Google Analytics service is trusted by so many site users for tracking their users and other site metrics. According to BuiltWith, at least over 29.1 million live websites use Google Analytics. 

Site owners trust the Google Analytics service to the extent that they give their consent for it to collect and retain data in their Privacy Policies. It being used for hacking via web skimming means that the millions of websites who use it are at risk of their visitors’ data being compromised. Not only will this spoil business for some online sites if the users are defrauded, Google’s credibility will also be affected. 

How You Can Protect Your Website From Web Skimming 

Protecting websites from web skimming attacks with Google Analytics is a responsibility of the site owners and site visitors. However, the site owners have to do more. 

For site users, you should install a security software on your device which is used to access the Internet. An antivirus software or application capable of detecting malicious codes and scripts is ideal. 

For site owners, keep your analytics configuration clean. One analytics account is enough to track your site metrics. Be mindful when installing plugins, CMS, or any other web application; ensure they are from trusted sources. 

Furthermore, filter data entered by visitors for possible third-party code injection and if you’re an eCommerce merchant, endeavor to use payment gateways that are PCI compliant. 

Delete Me
iolo system mechanic

Subscribe to SecureBlitz Newsletter

* indicates required
John Raymond
John Raymond
John Raymond is a cybersecurity content writer, with over 5 years of experience in the technology industry. He is passionate about staying up-to-date with the latest trends and developments in the field of cybersecurity, and is an avid researcher and writer. He has written numerous articles on topics of cybersecurity, privacy, and digital security, and is committed to providing valuable and helpful information to the public.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.