And now lifehacĸer.com is NOT lifehacker.com. Internet domain names have gone International!
Google Analytics has become a great target for spammers, where they leave fake traffic that draws unwary web site owners to investigate where it came from. This week one of those spammers left a ‘Vote for Trump‘ message in many people’s analytics reports. What most people didn’t notice was that the website it referenced looked like secret.Google.com…but it wasn’t.
2016-02-16 UPDATE: Google wins lawsuit against spammer, obtains ownership of lookalike domain ɢoogle.com.
Read the whole story in the Definitive Guide to Removing All Google Analytics Spam — the authoritative reference on the topic, regularly updated since January 2015.
The Imitation G
In fact, the letter ‘G’ is a Latin Letter Small Capital, Unicode 0x0262. Compared side by side with a real capital G, they would look like ‘ɢ G’ — see the difference? Notice how the ‘G’ in the image is the same size as the lowercase letter ‘o’? It’s not the G you thought it was. [This same technique was used to create lifehacĸer.com, with a Latin Small Letter Kra, Unicode 0x138 instead of a ‘k’]
OK, so they faked a letter in the web address….so what? Well, if you click that link, it takes you to ɢoogle.com, not google.com!!! You have just clicked into the spammer’s web site, where anything could happen!
[you actually end up redirected to: money.get.away.get.a.good.job.with.more.pay.and.you.are.okay.money.it.is.a.gas.grab.that.cash.with.both.hands.and.make.a.stash.new.car.caviar.four.star.daydream.think.i.ll.buy.me.a.football.team.money.get.back.i.am.alright.jack.ilovevitaly.com]
Again, more spam, so what’s the big deal?
Well, someone, somewhere, gave out the domain ɢoogle.com to someone who was not representing google.com. what is stopping them from mimicking YOUR web site, or YOUR BANK’s website, and then leaving innocent-looking links for you to fall prey to? You would probably never realize what you did until it was tool late.
Internationalized Domain Names
Most people don’t realize it, but there were a lot of people working the past few years on getting international characters into domain names…and they are real today. They are supposed to allow people to create domains in their native language, like 日本語.jp. Seems at least one enterprising individual (in Russia) grabbed the opportunity recently to snap up ɢoogle.com.
Expect to see a sharp increase in phishing until the general public catches on.
Never trust a link provided by someone else…
Sources: Fake or Real?
When they create a fake visit to your website, they usually leave one of their own websites as a source, so you’ll go click on it to see who is linking to your site. In this case, since the ‘message’ is in the Language field, they have used a mix of spam and real domains for sources, changing them daily to get around Google Analytics spam filtering processes. They have even used abc.xyz (Google’s parent Alphabet company site) and thenextweb.com (a real website that ran a story about the spam yesterday). In all cases, using the classic approach of filtering on the Source field is a waste of time. More…
How to Filter It Out
CAUTION: things change daily…
To prevent more of it from appearing in your Google Analytics ….
Read the whole story in the Definitive Guide to Removing All Google Analytics Spam — the authoritative reference on the topic.