Google Analytics Emerges as a Phishing Tool

[silversurfer]

Content source

https://threatpost.com/google-analytics-phishing-tool/149917/

Cybercriminals are leveraging key technical markers used in web analytics—particularly Google Analytics—to create more sophisticated and targeted phishing attacks, new research has found.
However, this also makes them more susceptible to detection by organizations defending their sites against attacks, researchers said.

With 56.1 percent of websites now using analytics to generate reports on user behavior and page views, and to track user activity throughout sites, cybercriminals have caught on and are leveraging these and other uses of analytics for their own dirty work, the report found. After all, criminals who launch phishing attacks have the same interest as typical website designers in driving traffic to their phishing sites and luring users to click on links in emails, according to a new report by network security provider Akamai Technologies.

“As phishing has evolved over the years, criminals have learned that technical markers, like browser identification, geo-location and operating system [identification], can help adjust the phishing website’s visibility, and enable more granular targeting,” according to the research from Tomer Shiomo, senior security research team lead at Akamai Labs, released on Wednesday “In order to evaluate these metrics, kit developers use third-party analytic products, such as those developed by Google, Bing or Yandex, to gather the necessary details.”