Google Tag Manager Malware Detection
Have you ever been frustrated by attempting to visit a particular website, only to discover a red page with the text stating “malware detected” instead? Believe it or not, but this is Google's way of keeping you safe.
According to builtwith.com (Trends, Intelligence and Internet Research company), up to 20% out of the top 10,000 websites that are most frequently visited, are using Google Tag Manager (GTM). GTM is a very effective way to hack your own website. In fact, this is the exact reason why we are using it.
A Powerful Tool
GTM is a very powerful tool in the hands of a Digital Analyst. However, in rare situations, it can technically be misused to deliver harmful malware content to the website's visitors. Thanks to Google and its new security feature, it is now less risky.
On more than one occasion I have come across false malware warnings. The website was legitimate and there was no malware whatsoever. Yet, it was still detected and flagged and users struggled to visit it. Can this also happen to your completely legit Google Tag Manager container? Well, I can think of at least one situation where this is possible.
in to do exactly what you need it to. You include that plugin using <script src='external-domain' > HTML tag and publish your container. Weeks later, the original website of the jQuery plugin was marked as malware and subsequently, so was your container.
Google Tag Manager Malware Update
In a recent security update Google has advised that if your tag references a malware flagged domain, it may stop firing as well as flag the entire container. Consequently, you will end-up losing analytics data and this is not good. Not good at all.
I'd personally like Google to provide a more detailed explanation of how this new security enhancement will work. Don't get me wrong - I am all for safe browsing and reducing potential risks! It is a very important thing to do.
So if you have a GTM container full of tags - what can you do to stay on the safe side?
Stick to the built-in tags, think twice before using Custom HTML Tags and think 10 times before allowing it to use document.write
Black-list Custom HTML tags on website pages where you are not using Custom HTML Tags
Enable two-step verification on the Google Account you use to access GTM
Periodically review your tags
Never use external scripts (or scripts you don't know what they are doing) on a secure payment page with sensitive data
To Wrap Things Up
Internetrix is an award-winning Australian data and technology company that has been a Google Partner for over a decade!
We hope you have found this blog helpful, and as always, if you have any questions about GTM360 or any other products within the Google Marketing Platform, please get in touch to book a call with our Google experts.