Breaking: New Web Filtering Category Flags Manipulative Sites
Moscow, January 2026 — Kaspersky has rolled out a new web filtering category called 'Sites with an undefined trust level' across its security products, including Kaspersky Premium and its Android and iOS apps. The feature automatically detects websites that are not strictly phishing but still engage in deceptive practices, such as fake online stores, dubious crypto exchanges, and hidden subscription traps.
'These sites operate in a legal gray area, using clever terms of service to trick users into paying for non-existent services or signing up for auto-renewing subscriptions,' said Anna Ivanova, security researcher at Kaspersky. 'Our new category helps users avoid these traps before they lose money.'
Global Threat Landscape
According to Kaspersky data for January 2026, the most widespread global threat is fake browser extensions that mimic security products. These were detected in 9 out of 10 regions analyzed worldwide. Such extensions intercept browser data, track user activity, hijack search queries, and inject unwanted ads.
'Fake extensions are a silent predator,' Ivanova added. 'Users think they are installing a security tool, but instead they are handing over their browsing data to cybercriminals.'
Regional Scam Focus
Kaspersky’s regional statistics reveal distinct scam patterns:
- Africa: Over 90% of the top 10 suspicious sites are online trading scam platforms.
- Latin America: Fake betting services dominate.
- Russia: Fraudulent binary options brokers and 'educational platforms' with hidden subscriptions lead.
- CIS countries: Crypto scams and bots for inflating engagement metrics.
'Scammers tailor their tactics to regional interests,' Ivanova noted. 'In Africa, it’s trading; in Latin America, it’s gambling. We must stay vigilant everywhere.'
How to Spot Suspicious Sites
Kaspersky uses automated analysis of domain name and age, IP reputation, DNS configuration, HTTP security headers, and SSL certificates to flag these sites. Consumers can also look for red flags:
- Strange domain names with numbers or random characters (e.g., buynow123.xyz).
- Cheap top-level domains like .xyz, .top, .shop.
- Domains registered less than 6 months ago per WHOIS data.
- Unrealistic promises — '100% guaranteed income' or 'up to 300% profit'.
- Lack of company contact information or a physical address.
- Payments accepted only via cryptocurrency or irreversible bank transfers.
'If a website pushes cryptocurrency-only payments and promises guaranteed returns, it’s almost certainly a scam,' warned Ivanova.
Background
The introduction of the 'undefined trust level' category marks a shift in Kaspersky’s approach to web filtering. Previously, security tools focused on phishing sites that steal credentials. But many deceptive sites operate without directly breaking the law, using carefully worded terms of service to justify non-refundable payments or automatic subscriptions.
These sites include fake online stores, dubious crypto platforms, investment schemes, and services with paid subscriptions that are nearly impossible to cancel. Kaspersky’s new category fills the gap between 'safe' and 'phishing,' giving users early warning about potentially dangerous sites.
What This Means
For consumers, this new filtering layer provides a crucial safety net. It warns users before they enter personal information or make payments, reducing the risk of financial loss. For businesses, especially e-commerce and financial services, it adds pressure to maintain transparent practices — otherwise, their legitimate sites could be misclassified.
'We expect other cybersecurity firms to follow suit,' Ivanova said. 'The threat landscape is evolving, and our defenses must evolve too.' Kaspersky recommends enabling the filter in all security products and staying aware of the key indicators listed above.
— Reporting from Kaspersky’s Global Research and Analysis Team