According to cloud security firm Akamai, cybercriminals are using Google Analytics to gauge the success of their phishing campaigns.
The report highlights that just over 56.1% of all websites are using some form of analytics, with Google the leading analytics platform with 20% market share. Analytics packages provide important information, including geolocation, browser type, operating system and more.
Akamai researcher Tomer Shlomo, who penned the report, said:
“As phishing has evolved over the years, criminals have learned that technical markers, like browser identification, geo-location, and operating system, can help adjust the phishing website’s visibility, and enable more granular targeting. In order to evaluate these metrics, kit developers use third-party analytic products, such as those developed by Google, Bing, or Yandex, to gather the necessary details.
“Akamai scanned 62,627 active phishing URLs of which 54,261 are non-blank pages that belong to 28,906 unique domains. We discovered 874 domains with UIDs and 396 of the UIDs were unique Google Analytic accounts. Moreover, 75 of the UIDs were used in more than one website.”
Before companies go ripping out Google Analytics from their sites, it’s important to know that Akamai believes additional analytics are the solution to the problem, helping companies trace attackers and mitigate the damage.
“Using analytics can help you understand the full scale of a phishing campaign, and defenders can use this data to compare with internal signatures, for a more rounded detection and remediation process. Analytical data also helps understand domain targeting approaches.”