New 'Gray Zone' Web Threat: Kaspersky Exposes Sites That Steal Without Being Phishing
Breaking: Kaspersky Reveals Widespread 'Undefined Trust Level' Sites—Fake Extensions Top Global Threat
January 2026 – A new category of deceptive websites is evading traditional security filters, according to cybersecurity firm Kaspersky. These sites, labeled as "Sites with an undefined trust level," cannot be classified as phishing but still trick users into losing money or data.
Kaspersky’s latest data shows that fake browser extensions mimicking security products are now the most common such threat, detected in 9 out of 10 regions analyzed worldwide. These extensions intercept browser data, track activity, hijack searches, and inject ads.
"These sites operate in a legal gray area, using carefully crafted terms of service to make victims voluntarily pay for fake services or unknowingly sign up for subscriptions," said Maria Garnaeva, a security researcher at Kaspersky. "Unlike phishing, they don’t steal credentials—they manipulate consent."
Background: What Makes a Site ‘Undefined’?
Kaspersky introduced a new web filtering category for these resources in its Premium, Android, and iOS apps. The system automatically analyzes domain name and age, IP reputation, DNS configuration, HTTP security headers, and SSL certificates to flag suspicious sites—without definitively labeling them as phishing.
Examples include fake online stores, dubious crypto exchanges, investment platforms, and services with hidden paid subscriptions. These sites often use cheap domains (.xyz, .top, .shop), are registered less than six months ago, and make unrealistic promises like “100% guaranteed income” or “up to 300% profit.” Payment is only via cryptocurrency or irreversible bank transfers.
Regional Variations of the Threat
- Africa: Over 90% of the top 10 suspicious sites are online trading scam platforms.
- Latin America: Fake betting services dominate.
- Russia: Fraudulent binary options brokers and “educational platforms” with subscription traps.
- CIS countries: Crypto scams and bots for inflating engagement.
What This Means for Users
The rise of undefined trust level sites blurs the line between legitimate and malicious. Even security-savvy users can fall victim because the sites appear legal on the surface.
Kaspersky advises checking for red flags: strange domain names (numbers/random characters), very recent registration (under 6 months via WHOIS), lack of company contact info, and payment methods that offer no buyer protection.
If you encounter a site that feels off but isn’t obviously malicious, treat it with extreme caution. “The best defense is skepticism,” Garnaeva added. “If an offer sounds too good to be true, it likely is—even if the site isn’t technically phishing.”
For more details, see our guide on key indicators of suspicious websites.
Key Indicators to Watch
- Domain oddities: Numbers or random strings, cheap TLDs (.xyz, .top, .shop).
- Young domain: Registered less than 6 months ago.
- Unrealistic promises: “Guaranteed income,” “300% profit.”
- No contact info: Missing company details, no physical address.
- Irreversible payments: Cryptocurrency or wire transfers only.