Here’s a secret: ɢoogle.com is not google.com

[Batu69]

Google Analytics has become a great target for spammers, where they leave fake traffic that draws unwary web site owners to investigate where it came from. This week one of those spammers left a ‘Vote for Trump‘ message in many people’s analytics reports. What most people didn’t notice was that the website it referenced looked like secret.Google.com…but it wasn’t.

 

Instructions below show how to build a Filter to block this particular attack. To get historical spam out of your reports, use the Segment I posted to the Google Analytics Solution Gallery. Remember to change the Segment to use your website domain name in the first expression!

The Imitation G

In fact, the letter ‘G’ is a Latin Letter Small Capital, Unicode 0262.  Compared side by side with a real capital G, they would look like ‘ɢ G’ — see the difference? Notice how the ‘G’ in the image is the same size as the lowercase letter ‘o’? It’s not the G you thought it was.

 

 

OK, so they faked a letter in the web address….so what?  Well, if you click that link, it takes you to ɢoogle.com, not google.com!!! You have just clicked into the spammer’s web site, where anything could happen!

 

[you actually end up redirected to: money.get.away.get.a.good.job.with.more.pay.and.you.are.okay.money.it.is.a.gas.grab.that.cash.with.both.hands.and.make.a.stash.new.car.caviar.four.star.daydream.think.i.ll.buy.me.a.football.team.money.get.back.i.am.alright.jack.ilovevitaly.com]

 

Again, more spam, so what’s the big deal?

 

The Danger

Well, someone, somewhere, gave out the domain ɢoogle.com to someone who was not representing google.com. what is stopping them from mimicking YOUR web site, or YOUR BANK’s website, and then leaving innocent-looking links for you to fall prey to? You would probably never realize what you did until it was tool late.

 

Internationalized Domain Names

Most people don’t realize it, but there were a lot of people working the past few years on getting international characters into domain names…and they are real today. They are supposed to allow people to create domains in their native language, like 日本語.jp. Seems at least one enterprising individual (in Russia) grabbed the opportunity recently to snap up ɢoogle.com.

 

Expect to see a sharp increase in phishing until the general public catches on.

Never trust a link provided by someone else…

How to Filter It Out

To prevent more of it from appearing in your Google Analytics accounts, create a new filter on the Admin panel.

Pick a new Filter  Name
Filter Type: Custom
Choose: Exclude
Filter Field: Language Settings
Filter Pattern:  \.

Save the new filter. It will take effect right away, but you may find that today’s data gets reprocessed in a few hours.

 

 

Read the whole story in the Definitive Guide to Removing All Google Analytics Spam — the authoritative reference on the topic, regularly updated since January 2015.

 

Article source

[Phragmeister]

Malwarebytes blocks this.