In website analytics, ensuring the accuracy and integrity of data is paramount for effective decision-making. Recently, an increase in referral spam, notably ghost spam, has been observed, directly impacting the reliability of Google Analytics 4 (GA4) metrics. 

This blog post sheds light on the nuances of ghost spam, its implications for your analytics, and practical steps to mitigate its effects, thereby safeguarding the quality of your data insights.

Understanding the Surge in Ghost Spam

Ghost-Spam-in-GA4Between mid-February and early March 2024, a notable surge in referral traffic was observed across GA4 properties, marking a deviation from the platform's robust spam filtering capabilities. Unlike previous incidents affecting both active and inactive Google Account properties, this wave specifically targeted active websites, tracking data within GA4. The phenomenon wasn't widespread but did impact a select number of clients, including Mando's website, showcasing the targeted nature of this campaign.

What are the Characteristics of Ghost Spam?

The traffic spike was characterised by a high volume of users and sessions originating from unknown, atypical websites. The exploit originated in Poland with primarily Russian-registered IP addresses. The initial referral traffic started from and increased from several other referral sites such as and (WARNING: we do not recommend visiting these sites!). Despite the inflated user metrics, engagement metrics such as the number of engaged sessions and the engagement rate remained low. This pattern indicated that these 'users' were not genuinely interacting with the content; instead, they were immediately exiting, contributing to a skewed representation of website performance.

The Hidden Agenda: Phishing Attempts

These incidents are not just mere nuisances; they carry a malicious intent. The primary objective behind such referral spam is to lure observant analysts into visiting the source websites, potentially exposing them to harmful malware or phishing attempts.

Mando's Proactive MeasuresGhost referral spam hitting GA4 directly

At Mando, having the Optimizely Data Platform installed allowed us to see that none of the referral traffic passed to ODP, which meant that the traffic did not pass through the website but directly to the GA4 servers. In response, our Digital Analytics Implementation Engineer created a filter for our Google properties to prevent these spam referrals from distorting our data. This action highlights our commitment to proactive, precise analytics management.

How to Identify the Signs of Ghost Spam

To safeguard your analytics data, stay vigilant for:
  • Unusually high referral traffic from unknown sites
  • A disproportionate amount of direct traffic
  • A large number of events for a few users
  • Users with no sessions or engagements
  • Page views with empty page titles

Practical Steps to Combat Ghost Spam

  1. Utilise Tools for Safe Inspection: Before visiting a suspicious referral site, use tools like to scan the website safely without direct interaction.
  2. Block Spam Domains and IP Addresses: It is crucial to implement filters within Google Tag Manager or directly in GA4 to block known spam domains and IP addresses. Regularly updating these lists ensures ongoing protection against new threats.
  3. Leverage Google Tag Manager: To conceal your GA property ID from spambots, Google Tag Manager can provide an additional layer of security, making it harder for spambots to target your analytics directly through the measurement protocol.
  4. Filtering and Segmentation in GA4: Creating custom segments and filters in GA4 allows you to exclude ghost traffic from your reports, refining the data you analyse to ensure it reflects genuine user interaction.


Data is a foundation of strategic decision-making, and its integrity is non-negotiable. By understanding the nature of ghost spam and implementing strategic defences, we can ensure that our analytics remain a reliable source of insights. Through collective vigilance and proactive measures, we strengthen our defences against digital threats, safeguarding our data's accuracy and decisions.

Have You Been Affected by Ghost Spam?

If ghost spam is skewing your Google Analytics, let's address it together. Our consultants specialise in protecting digital data from such attacks. Contact us now through our Get In Touch form for expert advice to secure the integrity of your website analytics.

Interested in talking to one of our consultants?

Discuss a free consultation clinic