Breaking News — Kaspersky has introduced a new web filtering category called “Sites with an undefined trust level” into its security products, including Kaspersky Premium and mobile apps. This automated system analyzes domain name age, IP reputation, DNS configuration, HTTP security headers, and SSL certificates to flag suspicious resources that are not clearly phishing but still dangerous.
“These sites manipulate users into voluntarily paying for fake services or signing up for hidden subscriptions,” said a Kaspersky security researcher in a statement. “They operate in a legal gray area, using cleverly crafted terms of service to evade outright classification as phishing.”
Background
Suspicious websites include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions. Unlike phishing sites that steal credentials, these traps trick victims into willingly transferring money or disclosing personal data through deceptive terms.
According to Kaspersky data for January 2026, the most widespread global threat is fake browser extensions mimicking security products — detected in 9 out of 10 regions. These extensions intercept browser data, track activity, hijack search queries, and inject ads.
Regional statistics reveal distinct patterns: In Africa, over 90% of the top 10 suspicious sites are online trading scam platforms. Latin America sees a prevalence of fake betting services. Russia leads with fraudulent binary options brokers and “educational platforms” with subscription traps, while CIS countries face crypto scams and engagement bots.
What This Means
For users, the new category provides an extra layer of defense against threats that traditional filters miss. “It’s not enough to block only known phishing URLs — we need to catch manipulative sites that look legitimate,” the researcher added.
However, key indicators remain essential for personal vigilance. Kaspersky advises checking domain names for random characters, cheap top-level domains (.xyz, .top, .shop), recent registration (under six months), unrealistic promises, lack of contact information, and cryptocurrency-only payment methods.
Key Indicators to Watch
- Strange domain names with numbers or random characters
- Cheap TLDs like .xyz, .top, .shop
- Recently registered domains (under 6 months per WHOIS)
- Unrealistic promises (“100% guaranteed income,” “up to 300% profit”)
- No company contact information
- Payments only via cryptocurrency or irreversible bank transfers
Users are urged to update their security software and remain skeptical of deals that seem too good to be true. The Kaspersky filter is now active across the company’s product line, offering automated protection against this growing threat category.