Potential Phishing Attack Vector Through Google Analytics

Potential Phishing Attack Vector Through Google Analytics


Some tome ago(few years) I was using Google Analytics to check the traffic to this very site. I was looking at the “pages report” where it shows your most visited pages. I discovered that I was getting an error(This site can’t be reached) when I click the hyperlink which was supposed to take you to that particular page on your website. 

What was happening is that instead of the hyperlink pointing to the correct domain eecs.blog it was pointing to eecsblog.com. I don’t know why this happens or if it happens only to me. There might be a possibility that Google Analytics doesn’t recognize certain domains like .blog so it just adds .com at the end.

So, in theory, this opens up a possible phishing attack vector because if someone were to register eecsblog.com they could set up a phishing site and Google Analytics would be linking straight to it.

I contacted google support about this. They wanted me to buy another domain to reproduce the issue I, however, didn’t want to spend 40$ to register a domain just to potentially help narrow down a problem that is clearly on their side. I’m not spending my money to try and help a multibillion dollar company. Anyway, the case was closed down and that was that.

I decided I would still write a post about it as the issue is still present. Maybe it will help someone or someone can confirm if this also happens to them.

As you can see the domain eecsblog.com is available so if someone would register it they could set up a phishing WordPress site prompting for a login when you get redirected to the site from Google Analytics.

The chance for an attacker to successfully execute such an attack is pretty low but not impossible. It’s a type of attack that must be done to a specific target that has some value to the attacker. 

You register the domain, set up the phishing site then you wait and hope that someone will be checking the analytics and click on one of the links. If they fall for it and type in their credentials you can gain access to a site and do further damage or try to login to other services as usually, people tend to reuse their passwords.


Leave a Reply

Your email address will not be published. Required fields are marked *

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.

Advertisment ad adsense adlogger