January 2026 — Kaspersky has introduced a new web filtering category designed to catch websites that fall into a dangerous grey area—neither clearly phishing nor fully safe. The category, 'Sites with an undefined trust level,' targets resources that manipulate users into paying for fake services, signing up for hidden subscriptions, or handing over personal data through deceptive terms of service.
According to Kaspersky data for January 2026, the most widespread global threat in this category is fake browser extensions mimicking security products. These extensions, detected in 9 out of 10 regions analyzed, intercept browser data, track user activity, hijack search queries, and inject unwanted ads.
'These sites are the silent predators of the internet,' said Alexey Marchenko, Head of Content Filtering at Kaspersky. 'They don't steal your password directly—they trick you into giving it away willingly.'
Regional Threat Landscape
Kaspersky's regional statistics reveal stark differences in how these threats manifest. In Africa, over 90% of the top 10 suspicious websites are online trading scam platforms. Latin America sees a prevalence of fake betting services. In Russia, fraudulent binary options brokers and 'educational platforms' with hidden subscriptions dominate. CIS countries face crypto scams and bots designed to inflate social media engagement.
Background: What Makes a Site 'Undefined'?
Suspicious websites differ from traditional phishing sites because they don't immediately steal credentials. Instead, they use carefully crafted terms of service as legal loopholes—including no-refund policies and automatic subscription renewals that are nearly impossible to cancel. Examples include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions.
Kaspersky's system automatically detects these resources by analyzing domain name and age, IP address reputation, DNS configuration, HTTP security headers, and SSL certificates. The technology identifies patterns that indicate manipulation rather than outright theft.
Key Indicators to Watch
- Strange domain names with numbers or random characters
- Cheap top-level domains like .xyz, .top, or .shop
- Recently registered domains (less than 6 months old per WHOIS)
- Unrealistic promises such as '100% guaranteed income' or 'up to 300% profit'
- Lack of company contact information
- Payment methods limited to cryptocurrency or irreversible bank transfers
What This Means for Users
The emergence of this new category underscores a growing sophistication in online scams. Users can no longer rely solely on traditional phishing filters—they must also scrutinize site behavior, terms of service, and domain history. The new Kaspersky filter automatically flags such sites, but individual vigilance remains crucial.
Users are advised to double-check any site that matches the key indicators above, especially if it asks for payment or personal information. As Marchenko warns: 'If a deal looks too good to be true, it probably is—and the site behind it might be operating in the grey zone.'
Related Resources
Learn more about how suspicious sites operate | Check the full list of warning signs