Trump Spam and when Google Isn’t Google

Trump Spam Over Time

Let me start this post by saying this is not a political post. I promise.

I was looking at my Google Analytics account for this site the other day and in the list of languages my website visitors were using. Anything look odd here?

Trump Spam in Analytics

Starting on November 7, I’ve been getting visitors to this site using the language “Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!” I don’t know where they speak that language.

That sure is an interesting to spam a website, especially in a way that normal site visitors would never see. Whoever the person doing is this, they aren’t leaving spam Trump comments that are getting blocked, they aren’t doing referral spam to Trump sites, they are visiting the site with that set as their language.

The timing of these posts is what stands out to me. The spam here really started on the day of the US election, and has grown ever since. The election has come and gone, I don’t see the benefit of continuing the spamming – especially when only people looking at Google Analytics will ever see that information.

Trump Spam Over Time

The other part of this that’s concerning is the URL.

Look at what they’re using – Secret.ɢoogle.com. Notice, that’s different than Google.com. The URLs are different, and for the average person who isn’t paying attention, potentially very dangerous.

I found this link from Martin Sickafoose at Purdue, who tweeted about it on Monday. That lower case G in there, which you may just gloss over and click on, it’s not a G but a Unicode character, in this case Unicode 0262. If you type in ɢoogle.com, you are not taken to Google, the search engine, but rather to this site:

xn--oogle-wmc.com

That URL is spam and dangerous. Don’t click on it.

If you want to filter that out of your referrals and other areas of Google Analytics, you can setup a filter. AnalyticsEdge has directions.

Are you noticing this happening on in your Analytics? Is there anything we can do to stop it?

 

2 comments

  1. Wow, yeah, started for us on the 5th. I’m getting about 20 sessions a day. Looks like the traffic is coming from referral links on a series of .xyz domains (example: abc.xyz, buketeg.xyz). All of it is desktop traffic. All of it classified as Returning Visitors (weird). Almost all of it is coming from Russia, specifically St. Petersburg. All of it is landing on our home page, but has a very low bounce rate (10%).

    Since the language is a client setting, I’m wondering if these are bots. And apparently that domain referenced in the language redirects to some ridiculously long URL made up of lyrics from Pink Floyd’s “Money”. Crazy. Luckily it’s not enough traffic to throw off our reports. But it better go away soon.

  2. Well, this is becoming a bit of a thing now. We went from an average of 15 visits a day to now almost 300 yesterday and today. This spam technique appears to be catching on. It’s enough that now I have to create some filters to get rid of it on reports.

    Here’s a couple threads about it:

    http://blog.analytics-toolkit.com/2016/language-spam-latest-google-analytics-spam/
    https://www.reddit.com/r/technology/comments/5foynf/lifehac%C4%B8ercom_original_idn_fake_safe_best_on_ff/

    This has to be the weirdest spam tactic I’ve ever heard of. It’s only visible to people who look at web analytics reports.

Leave a Reply