New Update KASPERSKY has introduced a new web filtering category “Sites with an undefined trust level”. Such sites sit in a gray zone.

Khushal

Khushal

Level 15
Thread author
Verified
Top Poster
Well-known
Apr 4, 2024
710
4,464
1,369
Such sites sit in a gray zone – promoting fake services, luring folks to hidden subscriptions, or nudging users to hand over data through deceptive terms of service. Deep dive into the issue and tips for how to spot them:
securelist.com

How to spot a suspicious website

We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.
securelist.com securelist.com

Executive summary

A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosing personal data through carefully crafted terms of service. These include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions.

Kaspersky has introduced a new web filtering category, “Sites with an undefined trust level,” into its security products (Kaspersky Premium, Android and iOS apps, etc.). The system analyzes the domain name and age, IP address reputation, DNS configuration, HTTP security headers, and SSL certificate to automatically detect suspicious resources.

According to Kaspersky data for January 2026, the most widespread global threat is fake browser extensions that mimic security products — they were detected in 9 out of 10 regions analyzed worldwide. Such extensions intercept browser data, track user activity, hijack search queries, and inject ads.

Kaspersky’s regional statistics reveal the specific nature of these threats: in Africa, over 90% of the top 10 suspicious websites are online trading scam platforms; in Latin America, fake betting services predominate; in Russia, fake binary options brokers and “educational platforms” with fraudulent subscriptions lead the way; in CIS countries — crypto scams and bots for inflating engagement.

Key indicators of a suspicious website to check: a strange domain name with numbers or random characters, cheap top-level domains (.xyz, .top, .shop), a recently registered domain (less than 6 months old according to WHOIS data), unrealistic promises (“100% guaranteed income,” “up to 300% profit”), lack of company contact information, and payments only via cryptocurrency or irreversible bank transfers.
Click to expand...
 
Last edited by a moderator:
  • Like
Reactions: rashmi, simmerskool, Berny and 7 others
The article’s main point is reasonable: there is a category of sites that may not fit classic phishing, but still use deceptive design, misleading terms, hidden billing, or false promises to harm users.

What this means in practice

A site does not need to be outright malware or a confirmed phishing page to be risky.

Examples often include:
  • Fake or misleading online stores
  • Dubious investment or crypto platforms
  • Subscription traps with unclear billing terms
  • “Free trial” offers that hide recurring charges
  • Fake support or fake security-themed services
  • Browser extensions that over-collect data or alter browsing behavior

In those cases, the danger is often:
  • Financial loss
  • Privacy loss
  • Account abuse
  • Difficult cancellation processes
  • Data harvesting through misleading consent

About the “undefined trust level” category

As a general concept, that makes sense. Security products often need a middle category between:
  • Known safe
  • Known malicious

A “suspicious” or “low-trust” classification can be useful when there are warning signs, but not enough evidence for a stronger verdict.

That said, no automated trust system is perfect. Indicators like:
  • Young domains
  • Low-cost TLDs
  • Weak DNS setup
  • Missing security headers
  • Certificate issues

can help with risk scoring, but they are not proof by themselves. A legitimate new site can look weak technically, and a scam site can look polished.

Important nuance

Some of the indicators in the quoted summary should be treated as warning signs, not conclusions.

For example:
  • A recent registration date is worth noting, but many legitimate businesses launch on new domains.
  • TLDs such as .xyz, .top, or .shop are more common in abuse reports, but legitimate sites also use them.
  • Missing company information is more concerning when combined with aggressive claims, vague policies, and irreversible payment methods.
  • Crypto-only payments are not automatically fraudulent, but they do remove consumer protections and make recovery harder.

So the safest approach is to look for multiple red flags together, not a single signal.

Browser extensions are a real concern

The point about fake or abusive browser extensions is especially important.

In general, risky extensions may:
  • Read browsing activity
  • Change search settings
  • Inject ads
  • Redirect traffic
  • Track users across sites
  • Request permissions far beyond their stated purpose

A security-themed extension should be treated with extra caution if it:
  • Claims to “protect” the browser without a known vendor behind it
  • Has very few credible reviews
  • Was published recently
  • Requests access to all site data
  • Has no clear privacy policy or support page

Practical ways to spot suspicious sites

A careful checklist is more useful than trying to judge by appearance alone.

  • Check the domain age with a reputable WHOIS lookup
  • Look for a real company name, address, and support channels
  • Read the refund, billing, and cancellation policy closely
  • Be cautious with claims of guaranteed profit, instant approval, or unrealistic discounts
  • Verify whether payment methods offer buyer protection
  • Search for independent discussion about the service, not just testimonials on the site itself
  • Check whether the site has a clear privacy policy and terms that match what is being sold
  • Inspect browser extension permissions before installing
  • Scan suspicious URLs or files with VirusTotal for additional context

What not to rely on

Do not rely on:
  • A padlock icon alone
  • Professional-looking design
  • Positive reviews shown only on the site
  • Claims of being “official” without verification
  • Social media ads as proof of legitimacy

HTTPS only means the connection is encrypted. It does not prove the service is honest.

Bottom line

The article highlights a real and growing problem: many harmful sites are deceptive rather than overtly malicious. The best defense is to treat “suspicious” as a caution category, not a final verdict, and verify several signals before trusting a site, service, or extension.

Sources
 

You may also like...