Note: if we are hosting and maintaining the site, your site is safe from these malicious users.
If you are a client of ours, you may have noticed an unusual surge in traffic starting February 14th in your monthly Google Analytics overview report. We’re facing a cyber attack by an unidentified hacker group from Eastern Europe, targeting Google Analytics platforms worldwide. This has led to an influx of “ghost traffic” affecting the traffic data of numerous websites.
What is Ghost Traffic?
Ghost traffic results from hackers exploiting stolen Google Analytics property IDs to generate simulated site visits. These visits are fabricated and do not come from actual users visiting your website. Instead, the hackers use your Google Analytics ID to create the illusion of increased traffic from various sources, skewing your data with nonexistent user engagement.
Understanding Google Analytics Property ID
Google Analytics utilizes a unique property ID (e.g., G-5K********) for each website to track and analyze site traffic. This ID, which must be public for Google Analytics to function, collects data across different devices and user interactions, offering insights into website performance and user behaviour.
The Mechanism of the Attack
This attack is unprecedented in its scale, with the hacker group hijacking publicly available Google Analytics IDs from websites globally to simulate fake traffic. This artificial traffic is generated externally and reported to your analytics, although your site remains unaffected and secure.
The Hackers’ Motives
While spammy traffic is not a new phenomenon, the global scope of this attack is. Our analysis suggests the hackers are motivated by:
- Visibility and Promotion: The aim is to flood analytics with spam URLs to boost visits and visibility.
- SEO Manipulation: Artificial traffic can distort search engine rankings, giving an undeserved boost to spam sites.
- Security Threats: Some redirected links may lead to harmful sites, presenting potential security risks.
What to do
Currently, Google Analytics 4 offers limited data collection options to filter out this spam traffic, and effectiveness varies. We are hoping for a robust solution from the Google Analytics team soon. Meanwhile, here’s what you can do:
- Do not click on these links. They could be malicious.
- If you are looking for a specific report, we can help filter these data. The Analytics platform has data filtering options that can help exclude referral data from these malicious sites.
- Check out the support community. Hundreds of support threads have opened up on this issue in the last week or so. For example, check out this Google support thread.
Our team is keeping a close eye on the current situation. We are hopeful that Google will take necessary actions to ensure that IDs remain specific to a site and cannot be used in a simulated environment or cross-site environment without permission from Web Masters. Meanwhile, we can provide assistance with custom-filtered reports for specific data segments or specific reports. If you require further details, please don’t hesitate to contact us.