Credit card skimming via Google Analytics

Credit card skimming via Google Analytics

Web skimming is a type of cyberattack that targets online shoppers. In these attacks malicious code collects and sends data entered by the shopper to a criminal. The criminals can use this data to gain access to the shopper’s payment information.

Sometimes fraudsters register domain names that seem to be those of credible companies e.g. and They then place malicious code in these sites. But on other occasions the attackers use authentic sites by injecting the malicious code into them.

How does this work? Google Analytics (GA) involves site owners inserting a GA tracking code into their websites. The code includes a tracking ID that looks something like this UA-11111111-1 and several of these, sending reports to different accounts, can exist on the same page.

Online security company Kaspersky have recently identified instances where this code has been used fraudulently. Attackers injected malicious code into a number of sites. Data entered by users, including credit card data, was collected via the GA code and then sent on to the criminals’ GA accounts.

Kaspersky have found around two dozen infected sites worldwide including shops in Europe, North America and South America selling aa wide range of goods including computers, cosmetics and groceries.

Why is this a problem?

Google Analytics is a very popular service used on millions of sites. Site users generally don’t know it is there. And site owners and administrators trust it completely. And because of the way the fraud is delivered, the attack can be implemented without code being downloaded to end users each time they visit: once the malicious code has been uploaded once, the site is infected.

What can be done to avoid the problem?

For users it’s simple: download security software that will protect against this type of attack. This type of software will be able to detect the malicious code used in these attacks and want the user, or prevent them visiting the site.

Website builders also need to take action to avoid allowing their site being contaminated. And again simple actions can be very effective. Make sure admin accounts that can affect the website’s code are protected by strong passwords and limit the number of people with access to those accounts. Ensure that any software is kept up to date. And in addition, only take software and CMS components from trusted sources; for instance any payment gateways should be PCI-DSS compliant. Finally ensure that code injection by third parties is not possible.

A detailed technical description of the attack is available here.

Main image courtesy of

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]