Google Analytics and Web Skimming

Rhett Greenhagen
5 min readDec 4, 2020

As long as there is any form of trade in the world, there will also be criminals waiting to take advantage of the system that hosts that trade and scam its unsuspecting users.

So, it is no surprise that ever since the advent of cyberspace, there has been a meteoric rise in the issues associated with cybercriminals. While these cybercriminals have employed countless methods of exploiting internet users, there is an old nefarious technique that sticks out from the rest and it is called Web Skimming.

What is Web Skimming

Web skimming is an old technique of obtaining/stealing user payment information through online shopping platforms that include hackers injecting malicious codes into a compromised online store and sending the user payment details to a specified cybercriminal address for harvesting ¹. A lot of safety methods have been implemented to curb and safeguard against this form of hacking. However, there has arisen a new form of web skimming that puts a modern spin on the entire process.

Google Analytics and Web Skimming

There is hardly any site that people find as a credible source of information like Alexa, an amazon site whose main purpose is to measure popularity rankings of websites on the internet, places Google at the top of the list, number one.²

This makes it unsurprising to find that most people will trust any site completely as long as Google is attached to it. One of such sites that is most integral to data collection for web traffic performance is Google Analytics. It functions when you insert several lines of JavaScript tracking code into the page of your website.³ Once the user has inserted the codes into the website, they are given a view of the page from an analytics perspective divided into four stages; user-level, session-level, pageview level and event level.³

The opportunity for web skimming in the process of injecting code. Before we proceed, it is worthy to note that one other way hackers hide their activities from customers is by registering domain names that are deceptively similar to famous web analytics platforms. For example, a domain name like ‘’ can easily fly under the radar for most site visitors because of its uncanny similarity to the actual site. This hides the fact that that platform has been hacked and the info of unsuspecting users is picked off by cybercriminals.

In recent times, the security researchers and experts have found a method of web skimming which is presently used by hackers that were previously unknown to most. It involves redirecting stolen data to their own Google Analytics accounts as opposed to third-party sources.

The process of this is as simple as it is dangerous; the moment the hackers create a genuine google analytics account, the next step is the process of collecting user tracking identifications by reconfiguring the tracking framework. After which the malware codes are injected into the tracking ID which completes the nefarious process of illegal data collection which is sent directly to the genuine account the hackers have created on Google analytics.

While this will certainly set off security alarms in the brains of anyone, it is necessary to note that this process is not always a one-way street and a lot of times, this malware can be expunged with a process known as obfuscation.

The Obfuscation Process

What makes this possible is the process through which the hackers try to conceal their cybercrime activity. They employ a well-known method of anti-debugging that leaves a weak spot that you can notice when the developer browser is turned on. This allows them to watch the script closely in debug mode and if the browser’s local storage is configured to debug mode, it exposes their activity because the injected malware will begin to write in very poor English by using the developer’s tools.

Preventive Measures

Knowing that these types of attacks exist is not the same thing as taking cautionary steps to protect yourself. Taking preventive measures is as important as any other thing that you do on any of the designated websites you constantly visit. Moreover, the stakes are too high for anyone to just ignore. The potential theft of financial data is everybody’s darkest nightmare; the idea that someone will siphon your hard-earned money is as dark it gets.

You will not be the first person to think that you cannot be affected and you will also definitely not be the last. Security is key which is why we have curated a list of six preventive steps that you can take to ensure that you do not fall victim to this new technique of web skimming;

  1. This hardly needs to be said but if you have a system that does not have a security software then you are exposing yourself, your account, and your site to possible exploitation. Download and install any of the popular security software and it will help you watch your internet activity closely, in order to catch nefarious codes.
  2. Download and install only web apps that are from verified platforms. You expose your site to attacks and serious threats when you do not adhere to this principle. Also, it is necessary that you constantly update your software’s so that your sites are kept safe and you can rest assured that no harm will come.
  3. This is common advice but it is worth mentioning; don’t use weak passwords for your admin accounts. It is dangerous and opens your site to exploitation.
  4. Always keep the rights of users to a bearable minimum because this will allow you to track user traffic efficiently and easily filter through any query framework and user data in order to reduce the possibilities of malicious code injection by third parties.

Every system will present its difficulties. The reality of allows you to ignore any biting fear of your website getting hacked and losing customer trust. This is why knowledge is power and the step of taking preventive steps to curb this menace is equally necessary.



Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill