Kaspersky Unveils New Defense Against 'Gray Zone' Websites That Skirt Phishing Rules

Breaking: Kaspersky Rolls Out Warning System for Deceptively Manipulative Sites

MOSCOW – Kaspersky has activated a new web filtering category to detect "sites with an undefined trust level," targeting online traps that aren't outright phishing but still trick users into losing money or data. The update, now live across Kaspersky Premium, Android, and iOS apps, analyzes domain age, IP reputation, DNS configs, and security headers to automatically flag these grey-area threats.

"These sites exploit legal loopholes, using fine-print terms and psychological manipulation instead of stealing passwords," said a Kaspersky security researcher in a statement. "Our new filter catches them before users fall for non-existent services, hidden subscriptions, or fake crypto platforms." The move comes as data for January 2026 reveals that fake browser extensions mimicking security products are the top global threat, detected in 9 out of 10 regions.

Background: The Rise of 'Undefined Trust' Threats

Unlike traditional phishing sites that directly steal credentials, suspicious websites coerce users into willingly handing over money. Common examples include fake online stores, dubious crypto exchanges, investment platforms, and services with hard-to-cancel paid subscriptions. They rely on carefully crafted Terms of Service that include no-refund policies or automatic renewal clauses.

Kaspersky's regional statistics paint a stark picture: In Africa, over 90% of the top 10 suspicious sites are online trading scams. Latin America sees a flood of fake betting services, while Russia faces fraudulent binary options brokers and "educational platforms." CIS countries report crypto scams and bots designed to inflate engagement. These sites often use cheap top-level domains like .xyz, .top, or .shop, registered less than six months ago.

What This Means for Users

For everyday internet users, the new category acts as an early-warning system. Kaspersky's automated checks – including domain age, IP reputation, and SSL certificate validation – flag sites that exhibit risky behavior but haven't been reported as malicious. This helps prevent users from falling for offers like "100% guaranteed income" or "up to 300% profit," which are hallmarks of scams.

Experts recommend checking for red flags: strange domain names with numbers, lack of company contact info, and payment only via cryptocurrency or irreversible bank transfers. The update is automatically available for Kaspersky Premium subscribers and users of the company's mobile security apps. "Stay skeptical of any site that makes unrealistically promising claims," the researcher added. "If it sounds too good to be true, it probably is."

Key Indicators of Suspicious Websites

• Strange domain names with numbers or random characters
• Cheap top-level domains: .xyz, .top, .shop
• Recently registered domain (less than 6 months old per WHOIS)
• Unrealistic promises: "100% guaranteed income," "up to 300% profit"
• No company contact information
• Cryptocurrency or irreversible bank transfer payment only

Kaspersky's data for January 2026 shows fake browser extensions as the most widespread threat, capable of intercepting browser data, tracking activity, hijacking searches, and injecting ads. The company continues to refine its detection to keep pace with evolving tactics.