- Phishing has evolved over time and still continues to successfully trick victims into handing over sensitive or confidential data.
- Recently, researchers have observed that scammers are using legitimate web analytics tools to track the metrics of phishing campaigns.
Exploiting data analytics websites
Analytics websites are a great tool for tracking ROI including user behavior, page navigation, and technical metrics. Now, malicious actors are also using these tools to track metrics for phishing campaigns.
- Details such as browsers, countries, and operating systems are collected through analytics websites to modify the phishing campaign for higher success rates.
- Researchers scanned 62,627 active phishing URLs that belonged to thousands of unique domains. The unique identifiers in many domains were observed to be linked to Google Analytics.
- While some malicious domains had a Google Analytics ID, probably for tracking metrics, certain ID codes appeared to be stolen from original domains and reused.
Security experts discovered a phishing campaign that targeted LinkedIn users between April and July this year. It used an ID of an analytics network that was related to multiple phishing domains that targeted LinkedIn users.
“The campaign registered many misleading domains to lure its victims, but each domain hosted a different variation of the phishing kit's source code, making it hard to detect them all without the Google ID,” say researchers.
Using the same analytics tools for defense
The tracking ID of a campaign can be helpful for researchers and security experts to dismantle campaigns by shutting down fraudulent websites.
A campaign targeting AirBnB logins generated malicious subdomains to escape detection. But all these subdomains used the same UID, which was ripped off AirBnB. This helped researchers detect and shut down the campaign.
In conclusion, this appears to be another legitimate tool that fraudsters are abusing for their benefits. However, this also helps researchers group campaigns and detect new ones better.