“Vote for Trump!” – OMG, has our website been hacked?!!

secret.google.com vote for Trump fake traffic spam

If you’ve recently taken a look at your website’s Google Analytics account you might be alarmed to see referral traffic apparently from Google encouraging you to vote for Trump.

It’s something many website owners are seeing. And the natural reaction is to panic and think it means your website has been hacked.

The good news is that – whilst this is a pain in the arse – your site hasn’t been hacked for this to be appearing.

Instead, the cause is analytics spam resulting in fake or “ghost” traffic being recorded in your Google Analytics.

To check if this is an issue for your site log into Google Analytics and look at the language report (Audience > Geo > Language). By default, only 10 rows are shown, so you may need to expand this to 25 or more rows by clicking on the dropdown selector at the bottom right corner of the screen.

Check through the languages and look for the message “Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!”

If you see that, then your site has been affected. Examine the referral source of this traffic you’ll see it comes from bogus domains like the ones listed below:


Google Analytics fake traffic domains

As you’ve probably realised, secret.ɢoogle.com is NOT a legitimate subdomain owned by Google.

What you see is actually “secret.ɢoogle.com” with a Latin small capital ɢ, which is considered a totally different character.

Should you open that URL, (I wouldn’t), you’ll be redirected to a Russian spam website. Secret.ɢoogle.com is a domain owned by Vitaly Popov, a well-known analytics spammer. He uses this and many other URLs (many end with .xyz) to send fake traffic to Google Analytics.

Why should you care?

The key point is that your website has not being infected with malware, but instead your Google Analytics account is being polluted with fake data that inflates traffic counts with “ghost traffic” and so undermines the veracity of the reports you rely on.

The way to stop secret.ɢoogle.com and other fake traffic messing with your Google Analytics reports is block it by setting up filters in your Google Analytics account. If you’re interested in doing this yourself check out the very comprehensive step-by-step guide Carlos Escalera has written.  Just be careful to first ensure your Google Analytics account has multiple views so your data is protected from any misconfigurations (all explained in the guide)

If you’d rather have someone else do this for you, contact us and we can do a health check on your Google Analytics account.

To double-check your site hasn’t been hacked you might want to check there are no warnings from Google in your Google Search Console account. You can also run a quick free check on your site using the Sucuri website malware & security scanner.


Click here for more search marketing news.


The latest news about web marketing, SEO, PPC Advertising & Web Analytics. But only the stuff that matters from a New Zealand perspective. Delivered to your inbox each Monday.

If you found this useful, please tell your friends.

About the Author Mark Sceats

Mark is a Partner and Senior Consultant at SureFire which he founded back in 2002. Prior to establishing SureFire he worked for KPMG Consulting. Today Mark heads up SEO, embracing the challenges that can come with complex website implementations. Outside of work, his interests beyond his family are running, snowsports, diving and fishing (badly).

follow me on: