Abuse of Google Analytics to skim credit card data
Dan Goodin at Ars Technica
‘Researchers from Kaspersky Lab on Monday said that they have recently observed about two dozen infected sites that found a novel way to achieve this. Instead of sending it to attacker-controlled servers, the attackers send it to Google Analytics accounts they control. Since the Google service is so widely used, ecommerce site security policies generally fully trust it to receive data.’
Clever but very creepy. Check you don’t have an extra Google Analytics profile in your sites source.
Here’s another (deep dive) article on card skimming via embedded image data.
Join my Marketing Club
Get regular advice on marketing, video and the web so you become more effective in business. Pro Members get access to live webinars, exclusive discounts and other perks.