Kaspersky Flags Rising Threat of 'Undefined Trust' Websites: New Category Targets Stealthy Scams

January 2026 – Kaspersky today announced it has introduced a new web filtering category, "Sites with an undefined trust level," into its security products, including Kaspersky Premium and its mobile apps for Android and iOS. The move comes as the cybersecurity firm detects a surge in websites that operate on the fringes of legality—neither clearly phishing nor safe—designed to manipulate users into paying for non-existent services or unknowingly enrolling in hard-to-cancel subscriptions.

"These sites are a cunning trap," said Maria Petrova, lead security analyst at Kaspersky. "They don't steal credentials like phishing does; instead, they trick victims into willingly handing over money or data through carefully crafted terms of service and false promises."

Background: The Gray Zone of Web Threats

Traditional phishing sites aim to steal sensitive data like banking passwords. But the new category targets a gray zone: fake online stores, dubious crypto exchanges, investment platforms, and subscription services that mimic legitimate businesses. These resources may not directly violate laws, but their activities are inherently unsafe.

Kaspersky's system automatically identifies suspicious resources by analyzing domain age, IP address reputation, DNS configuration, HTTP security headers, and SSL certificates. A young domain with a cheap TLD like .xyz or .top, combined with unrealistic claims such as "100% guaranteed income," often signals danger.

What This Means: A Growing Problem for Online Consumers

The threat is global and varied. According to Kaspersky's data for January 2026, fake browser extensions that mimic security products were detected in nine out of ten regions analyzed worldwide. These extensions intercept browsing data, hijack search queries, and inject ads. "Users should be wary of any browser extension that claims to boost security but requests excessive permissions," added Petrova.

Regional statistics reveal distinct patterns. In Africa, over 90% of the top suspicious websites are online trading scam platforms. Latin America sees a dominance of fake betting services, while Russia faces a wave of fraudulent binary options brokers and "educational platforms" with hidden subscriptions. In CIS countries, crypto scams and bots for inflating engagement are the main concern.

Key Indicators of a Suspicious Website

• Strange domain names with numbers or random characters.
• Cheap top-level domains such as .xyz, .top, or .shop.
• Recently registered domain (less than six months old per WHOIS data).
• Unrealistic promises like "100% guaranteed profit" or "up to 300% returns."
• Lack of company contact information, including physical address or phone number.
• Payment methods limited to cryptocurrency or irreversible bank transfers.

"If a site asks for cryptocurrency and offers instant riches, it's almost certainly a scam," Petrova warned. "Always verify the domain's registration date and look for SSL certificates. A green padlock isn't enough—check if the certificate matches the organization."

What This Means for Everyday Users

Kaspersky's new category empowers users with an additional layer of protection, but vigilance remains key. The firm advises checking the "undefined trust level" warning in its security products before clicking any link from unsolicited emails or social media ads. Users should also avoid downloading browser extensions from unknown sources.

The rise of these stealthy scams highlights a shift in cybercriminal tactics. Instead of breaking into systems, attackers are exploiting human psychology and loopholes in terms of service. As Petrova concluded, "The best defense is skepticism. If something sounds too good to be true, it almost certainly is."