get a personalised recommendation in minutes with our solutions advisor


Referral Spam: Who’s Messing with my Data?

The accuracy of your website’s analytics is paramount to a lot of businesspeople. To many of us, it comes as a great surprise that our own analytical data can be falsified by an external party. Have you noticed that your visits have suddenly gone through the roof (along with your bounce rate) with no new…

Image of data chartsThe accuracy of your website’s analytics is paramount to a lot of businesspeople. To many of us, it comes as a great surprise that our own analytical data can be falsified by an external party.

Have you noticed that your visits have suddenly gone through the roof (along with your bounce rate) with no new leads or sales to show for it? If this sounds familiar, it’s possible that you’re on the receiving end of referral spam.

Referral spam is when an external party artificially sends fake analytical data to Google about your website’s visits. This skews the data that you see in your Google Analytics reports, so you aren’t getting a true picture of what’s really going on.

But how can you tell if your website has been affected by referral spam? What’s happening and why do people spam analytics in this way? Firstly, let’s check if you’ve been affected…

How do I spot referral spam?

Referral spam can be a pain to get rid of, but at least it’s easy to spot. Firstly, sign in to Google Analytics, then click “Reporting” in the top bar. Then in this section, turn your attention to the sidebar on the left and select “Acquisition,” and then “Overview.”

This report separates your visitors into 4 sections: those who found your site by searching for you (“Organic Search”), those who typed your web address in manually (“Direct”), those who clicked on links on social media (“Social”), and those who found your site by clicking on a link to your site which they found on another website (“Referral”). Scroll to the bottom of this report, and you will see a breakdown of the behaviour of each of these 4 sections. Your first clue is here: does the amount of “Referral” sessions tower over the other 3 types of visit by a large amount? Is the bounce rate for the “Referral” sessions well over 85%? If the answer to these questions is “yes,” then I’m afraid you may have a case of referral spam on your hands.

referral spam audience overview
If you look under “Acquisition,” you’ll see how “Referral” towers above the other methods.

Within the breakdown table, click on the word “Referral” in blue to see where these mysterious links are coming from, and scroll down to the table at the bottom. You may well see a few sites you do recognise, such as from your listings on online business directories (*ahem* like…) where people have clicked the directory’s link to your site. However, if your site is suffering from the referral spam flu, you will most likely see links coming in from sites you’ve never heard of before like and Here’s an example of what you may see:

referral spam drilldown
These are the sorts of spammy referral links you will see if you’ve been hit by referral spam.

The smoking gun here is in the “Average Session Duration” and “Bounce Rate” columns. If the bounce rate is 100% and the duration is below 5 seconds, this isn’t your average visitor.

There are a number of site-wide metrics that this affects. Visits, sessions and pageviews end up deceptively high; average pages per session and session duration are brought down because the spammy visits usually hit one page (usually your homepage) and take less than a second, which sends bounce and exit rates skyrocketing. Your ratio of New/Returning visitors will also be affected because each fake visit registers as a new visitor.

So what’s happening?

So how exactly does referral spam work? The most common form of referral spam out there is called “ghost” referral spam. This is what occurs when a third party (whose reasons will be discussed shortly) sends fake analytical data about your website to Google. When your website was set up, a small snippet of code will have been embedded in each page that allows Google Analytics to track visits. With each visit to your site, this code shoots a tiny amount of data off to Google about how the visitor found the site, what they did next, how long they spent on what pages, and a number of other relevant metrics about their visit.

However, this chunk of data can be falsified by a third party and sent to Google as if it were real data. This is what happens with ghost referral spam. This will appear in your analytics as a visit, having effectively deceived Google into reporting a visit that never took place. This fake data is usually made to look as if someone has clicked a direct “referral” link leading them to your website, hence the name “referral spam.” Ghost spam is by no means the only method of referral spam, but it is by far one of the most frequently experienced.

The security of our data and that of our customers is of importance to us all, but please rest assured that referral spam doesn’t necessarily mean your site has been hacked or your data compromised. All the spammer needs to do is take a look at your site’s code, which is readily available – otherwise people wouldn’t be able to see your site! Being on the receiving end of referral spam does not affect your search rankings or ways in which your customers get in touch with you. All it really does is skew your analytics data, providing more of an inconvenience than an intrusion.

But why?

This is the first question I had when I found out my website was hit: why? What benefit could this possibly provide to the culprit? It’s simply an underhanded marketing tactic; the culprit is using it to promote the website you are seeing in your reports. The most basic reason to provide Google with this counterfeit information is to trick webmasters like ourselves into visiting their site out of sheer curiosity. If we are not aware of referral spam and see a lot of incoming links from a particular source, it sets our curiosity meter off the charts, so we naturally want to check the site out. Sometimes this is the end of the story: the culprit has chalked up a new, organic visit for that site. Job done.

But there is a chance that something more sinister is afoot. The spammer may be a part of a commission-based affiliate program. These schemes in themselves are not dodgy in any way – retail behemoths Amazon and Alibaba have very well known affiliate schemes, which offer commission to affiliate members when they refer other people to purchase. However, the ways in which these spammers drive up their affiliate commissions is very much frowned upon. Say you did visit one of the questionable referral sources out of curiosity. There is a chance that the site may leave a cookie (a small file of code) on your machine referring to an affiliate account owned by the spammer. Provided you use the same browser without clearing out your cookies in between, your next purchase from the retail site in question (for example Amazon or Alibaba) causes the cookie to kick in and the spammer receives commission for your purchase. Even though they didn’t send you there for the purchase, or take any active role in persuading you to buy, they are still quids in. Very naughty.

Needless to say, if you do see any referral spam sites in your analytics, don’t give them the satisfaction of a visit. On the whole, there is nothing of value to be found – to you at least.

Eek! I’m hit! What do I do?

There are a number of resources out there for those suffering in a quagmire of fake data. I’ve personally tried Referral Spam Blocker and though I am quite pleased with it, it is not perfect. It automatically installs filters into your Analytics reports to filter out all sources of referral spam that are known to them at that time. However, the filters can only be applied to future data, so reporting prior to the date you started the filter will remain inaccurate. [EDIT: They now offer the automatic installation of “segments” which filter out historical referral spam. I’ve tried it out and it seems very effective.] You need to visit the site and refresh your filters every so often; new sources of referral spam are coming out all the time, so you need to stay vigilant. Though this solution is far from perfect, it is easy to use and helps keep spam data at bay.

For more in-depth information about how to get rid of referral spam, take a look at the following resources:

  •’s helpful article details some of the finer points of different types of referrer spam, and discusses how to install filters manually.
  • cover much of the same information, but they go into more detail with some technical ways you can fight referral spam, as well as a helpful list of the worst offenders.
  • also discuss technical solutions, but also provide a little insight into the known reasons of some of the known culprits.
  • weigh in on the whole process, as well as keeping an updated list of known referral spam sources.

[bctt tweet=”Website suddenly drowning in visits with nothing to show for it? The reason may be referral spam…”]

About the author

Yell Business Avatar

Give us a call to see how we can help with your business