WELCOME TO THE FREE MONTHLY EDITION of Digital Politics. I'm Mark Scott, and many of you were likely traveling to RightsCon this week in Zambia. It looks like that global digital rights conference was canceled due to pressure from China.

I don't typically promote my day job. But this report outlining how the European Union's next seven-year budget can support digital democratic resilience has taken up a lot of my last six months. Enjoy.

— Protection for children online runs counter to long-standing fundamental privacy rights. It's time to acknowledge those opposing forces in digital policymaking.

— AI-enabled deepfakes are flooding the US mid-term elections. But it's the use of large language models to track voter behavior that is the real concern.

— Half of Americans polled remain wary of how artificial intelligence is going to affect daily life.

Let's get started:

WHEN TWO DIGITAL POLICYMAKING TOPICS COLLIDE

IF TECH POLICY WAS THE MOVIE ZOOLANDER, then online child safety would be "so hot right now." Age verification required for app stores and digital services abound. Everyone under the sun wants an Australia-style child social media ban. Regulators from the EU, United Kingdom and United States are falling over themselves to announce child-focused investigations or inquiries.

Yet these efforts — often based on legitimate concerns about how minors can be protected in the digital world — run counter to long-term data protection rules aimed at giving us all greater control over our online data. In many cases, privacy and child safety policymaking are pulling in the opposite directions. Often, officials who drafted a country's data protection oversights are not in contact with those pursuing child online safety goals.

It's creating a digital policymaking mess that 1) does not end up protecting kids online; 2) fundamentally erodes digital privacy rights at a time of mass data collection and surveillance; and 3) leads to regulatory confusion that puts individuals at risk (at the same time) of both being surveilled more and made less safe online.

In short, the current status-quo is not working. Let's break down the three tensions that remain unanswered.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in April:
— Hungary's election shows the limits of misinformation/disinformation; Washington's digital trade policy is more joined up than you may think; How many Australian teenagers have been kick off social media? More here.
— The EU-US digital relationship is still on life support; What Ireland got wrong with its upcoming AI summit; Europe issued more than $1.3 billion in data protection fines in 2025. More here.
— How China, the EU and US are approaching the global AI race; Why Brussels is prioritizing kids and marketplaces under the Digital Services Act; Which US states are leading the way on digital legislation? More here.
— Europe and the US have two opposing takes on digital sovereignty; How the US FISA renewal fails to understand its global impact; AI models are getting "smarter" faster than ever before. More here.

A central component of many child safety regimes is age verification and assurance. These efforts often rely on third-party companies collecting people's sensitive data (ie: passport details, credit card information and other data points to confirm they are older than 18-years old) before they can access specific digital services. As countries enact age verification/assurance provisions, a cottage industry of these providers have sprouted up to give the likes of Meta, TikTok and Netflix the ability to meet these legal requirements to check people's ages.

Much of this data is inherently sensitive, under the definition of most countries' data protection rules. That distinction matters. It means that companies must collect the minimal amount of data required; that such information must be gathered for specific purposes (and not re-used for other efforts); and that, once that task is complete, the data should be deleted. That trifecta is the mainstay of Western privacy standards.

But the age verification/assurance requirements run directly counter to those principles. In many cases, companies hold onto this sensitive data — and even collect more of it than technically necessary — to cover their backs in case regulators come knocking to check for compliance. That is a totally defensible corporate move. But it represents a potential data protection violation, under most countries' rules, because it fails the "trifecta" principle, outlined above.

Case in point: Spain's data protection authority fined Yoti, a British age verification service, $1.1 million in March. That levy related to unlawfully processing people's biometric data; processing that data without the right consent; and holding onto that data for too long. Yoti rejected those findings. But it's ironic that this fine occurred in a country that is aggressively seeking to ban teenagers from social media — a pledge that will require hefty age verification to ensure compliance.

This contradiction plays into the second stumbling block that few policymakers want to acknowledge. The ability to continually check that minors are not using barred digital services inevitably requires the creation of extensive digital infrastructure. That involves the likes of third-party age verification services like Yoti (and others), as well as internal corporate systems within app stores and social media giants to demonstrate that they are complying with these rules.

But what this growing digital infrastructure demonstrates is that what may begin as child safety-focused efforts can quickly snowball into a more expansive data collection effort that may fall afoul of countries' existing privacy regimes. Those rules specifically require companies to only use people's data for the purposes initially outlined to those individuals. Say, to check their age before using a digital service. What those firms can not then do is use the same personal information for other purposes — without going back to people to get their separate consent.

Security experts, for instance, discovered that a verification provider for the likes of LinkedIn, Roblox and Chat-GPT also provided separate surveillance services for US and Canadian authorities. That included the ability to run almost 270 separate verification checks, including comparing facial recognition results against specific government watchlists. Persona, the company, denied it had used the verification data for government-related work. Though the cybersecurity researchers said there were few, if any, specific limitations if the firm decided to do so in the future.

The third friction is both philosophical and practical.

Under Western privacy standards, individuals have the right to access their data, delete it (where necessary), object to it being collected in the first place and correct it if the information is wrong. It's a basic democratic safeguard to empower people to control how their data is collected, stored and used.

Yet the child-focused age verification infrastructure, as described above, fundamentally breaks the direct connection between individuals and companies that collect this information. If I'm using, say, TikTok, that platform may then outsource its age verification/assurance work to a third-party contractor that remains anonymous to the end user (aka: me). It's hard to object about your data being collected if you don't know who to complain to in the first place.

This may sound too academic. But it has real-world implications.

IDMerit, a global identity verification company, with operations in more than a hundred countries was found to have left one billion records from 26 countries — including people's date of births, home addresses and personal ID numbers — unprotected in an online database. Because IDMerit (which focuses on the financial services industry) provided its verification services to other companies, few, if any, of the people involved were aware of the firm's existence — and therefore could not directly engage with the company over how it mishandled their data.

Extrapolate that data breach onto the emerging digital infrastructure around child online safety, and the gap between individuals' rights and unaccountable (leaking?) databases becomes even more pronounced.

What is described above is not theoretical. It is already underway — and pits legitimate privacy concerns against equally valid online child safety discussions. This is not a question of one policy topic taking precedent over another. We're living in gray zone somewhere in between.

But in the rush to protect children from digital threats, the impact on other valid policy areas is woefully missing. Privacy rights — including those involving children — are overridden by the policy incentive to "do something" around child online safety.

That is a political decision by elected officials. But we should acknowledge that it comes with significant downsides.

Chart of the week

THE US IS THE KNOCK-OUT global leader when it comes to AI. But wariness among its citizens about how the emerging technology will affect daily life has been creeping upward over the last five years.

Currently, 50 percent of those polled by the Pew Research Center said they were more concerned than excited about the increased use of AI in daily life. That compares to just 10 percent who were more excited and concerned.
Source: Pew Research Center

THE AI THREAT TO THE MID-TERMS NO ONE IS TALKING ABOUT

WHEN AN AI DEEPFAKE VIDEO OF JAMES TALARICO, the Democratic Senate nominee for Texas, started doing the rounds on social media in March, alarm bells started to ring. In the one-minute video, the faked video pictured a life-like Talarico speaking directly to camera — repeating old social media posts that he had written, often years before. The post ran with a "AI generated" disclaimer. But it was small enough for most would-be voters to easily miss it.

The word "AI slop" has entered public conversation for a reason. Ahead of the US mid-term elections in November, concerns are high that the vote will be consumed with AI-generated attack ads and other social media posts that will make it almost impossible to discern fact from fiction. It does not help that Donald Trump continues to use AI to depict himself and his enemies.

But we are missing the true use case of artificial intelligence in the upcoming November election. And it should be engendering a lot more worry compared to the legitimate concern of the "AI-slopification" of the mid-terms.

The real election-related use case for AI is discerning how best to convince people to vote one way or another. It comes on the back of ongoing mass data collection of US citizens' personal data (often via commercial data brokers) and the increasing use of sophisticated AI systems in all aspects of daily life. Combined, these trends are likely to provide political consultants and politicians powerful levers to pull in what is already turning out to be one of the most divisive American elections in recent memory.

There are party political divides on how willing people are to use these AI-powered tools. A survey from the American Association of Political Consultants found that 64 percent of Republican consultants used AI in their daily work versus 49 percent of their Democratic counterparts. That's not a meaningful difference. But it does demonstrate Republicans' slight advantage in using the latest technology to reach would-be voters.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

So what does this AI-fueled political advocacy actually look like?

One service called Resonate includes a dataset of thousands of data points pulled from millions of American citizens. It uses machine learning techniques to understand voter behavior, craft targeted social media messaging and predict how individuals may vote. Another, EyesOver, pulls in data from multiple social media sites and then uses AI to predict how that sentiment may affect specific political campaigns or activities.

Much of this is traditional political consultancy dressed up to look like shiny AI-powered wizardry. But it's undeniable that with large language models becoming exponentially more powerful, the ability for these services to gleam greater insight into voter behavior — fueled by vast amount of data on individual voters — is expanding rapidly.

The most novel use of AI in this year's US mid-term elections is something called "silicon sampling." Companies are rapidly using AI systems to simulate voter populations instead of using polling to identify people's electoral intentions. In one case, Aaru used census data to replicate voter districts and then created AI agents to act like voters. Another firm, MiroFish, relied on open-source AI models to forecast public opinion by equally simulating actual voters through the combination of multiple datasets.

On paper, this use case is more economic than traditional analogue polling. But the reliance on large language models to simulate voters' intentions has some serious downsides. At the top of that list is the inherent bias that AI simulations create due to the inequalities baked into the models upon which they rely. These AI systems are only as good as the data that builds them. All current next-generation models are still biased in ways that almost certainly under-represent minority groups. That makes it likely that such AI simulations will also undercount minority voters in whatever AI-powered polling is run via these firms' glitzy dashboards.

Much of this is the realm of political consultants, not would-be voters. And compared to the inner workings of AI-powered surveys and metrics, the visual nature of the threat posed by AI deepfakes can feel more urgent and tangible. But that does not mean this AI political wonkery is less of a threat.

Most AI-enabled divisive political content is flagged almost as soon as it is published. Such material is inevitably high-profile. The response to it is equally highly-public. That is not the case for most back-office political consultancy work that relies more and more on opaque, data-hungry AI systems which now drive how political campaigns interact with voters.

It is just not public enough to garner most people's attention. But the fact that such AI systems now form part of much of mid-term political campaigns should be a reminder that this emerging technology — like in much of our lives — is increasingly central to how political operations work.

What I'm reading

— The European Commission claimed that Meta's Instagram and Facebook failed to identify, assess and mitigate risks to minors under the EU's Digital Services Act. More here.

— New Mexico's Attorney General proposed a series of significant changes to Meta's business model and platform design as part of remedies proposed in a second trial against the social media giant that started on May 4. More here.

— A group of academics tested how social media and online streaming may be associated with varying levels of addictiveness. Across two survey groups, they did not find meaningful increases in addiction compared to the general population. More here.

— Researchers polled Australian teenagers about how the country's social media ban had affected them. They found that most were still on the platforms, but they would leave if their friends did too. More here.

— The European Parliament published an analysis on how Google's AI-powered snippets at the top of search queries affected publishers' revenue and overall media freedom. More here.

digitalpolitics.co/newsletter0…

It’s nice to hide away in our little corner of the internet and talk tech, safely away from the turmoil of world events. Sometimes though, geopolitics intrude even into our space, and Reuters are here reporting on a new concern that will probably affect many Hackaday readers. Conflict in the Gulf of Arabia, and in particular raids on Saudi petrochemical plants, is threatening PCB production far away in China.

Most of us probably have a mental image of tankers sailing through the Strait of Hormuz laden with Gulf crude, off to be processed by refineries somewhere else in the world. Certainly a load of oil takes just that route, but for the Saudis and other oil-producing nations in the region, it also makes economic sense to site petrochemical industries at source. They export the much more valuable refined products, among which is the polymer resin used in PCB production. The Reuters report says that consequent to this and a rise in copper prices, the cost of a PCB in China has risen by 40%. Naturally this doesn’t sound like good news.

Here at Hackaday, when it comes to component shortages this isn’t our first rodeo. We’re in the middle of a memory shortage due to AI companies, and the COVID-era chip shortage is still fresh in our minds. Unfortunately, this type of thing as been a regular of the technology world for decades. Here we are with another one, and should we be worried? In the short term it’s certainly a concern as the Gulf conflict is still searching for an end to its uneasy stalemate, but remembering previous shortages we think that global industry will adapt and expand other sources where necessary. Just as with the similar IC encapsulation resin shortage back in the ’90s, it may eventually be the panic more than the shortage which becomes responsible for the price hikes.

We’ve taken an abstract look at global electronic supply chains before.

Header image: Gabriela P., CC BY 4.0.

hackaday.com/2026/05/06/youve-…

Executive summary

• A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosing personal data through carefully crafted terms of service. These include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions.
• Kaspersky has introduced a new web filtering category, “Sites with an undefined trust level,” into its security products (Kaspersky Premium, Android and iOS apps, etc.). The system analyzes the domain name and age, IP address reputation, DNS configuration, HTTP security headers, and SSL certificate to automatically detect suspicious resources.
• According to Kaspersky data for January 2026, the most widespread global threat is fake browser extensions that mimic security products — they were detected in 9 out of 10 regions analyzed worldwide. Such extensions intercept browser data, track user activity, hijack search queries, and inject ads.
• Kaspersky’s regional statistics reveal the specific nature of these threats: in Africa, over 90% of the top 10 suspicious websites are online trading scam platforms; in Latin America, fake betting services predominate; in Russia, fake binary options brokers and “educational platforms” with fraudulent subscriptions lead the way; in CIS countries — crypto scams and bots for inflating engagement.
• Key indicators of a suspicious website to check: a strange domain name with numbers or random characters, cheap top-level domains (.xyz, .top, .shop), a recently registered domain (less than 6 months old according to WHOIS data), unrealistic promises (“100% guaranteed income,” “up to 300% profit”), lack of company contact information, and payments only via cryptocurrency or irreversible bank transfers.

Introduction

The online landscape is filled with various traps lying in wait for users. One such threat involves websites that can’t be strictly classified as phishing, yet whose activities are inherently unsafe. These sites often operate on the fringes of the law, even if they aren’t directly violating it. Sometimes they use a cleverly crafted Terms of Service document as a loophole. These agreements might include clauses such as no-refund policies or forced automatic subscription renewals.

Fake online stores, dubious financial platforms, and various online services that mimic legitimate business operations are all categorized as suspicious. Unlike actual phishing sites, which aim to steal sensitive data like banking credentials or passwords, these suspicious sites represent a far more cunning trap. Their goal is manipulation: tricking the victim into willingly paying for non-existent goods and services or signing them up for a subscription that’s nearly impossible to cancel. Beyond financial gain, these sketchy websites may also hunt for personal data to sell later on the dark web.

Our solutions categorize them as having an “undefined trust level”. This article explains what these sites look like, how to identify them, and what you can do to stay safe.

The dangers of shady websites

One of the biggest risks associated with making a purchase from an untrusted website that seems to be an online store is the financial loss and falling victim to fraud. Fake shops will entice you with attractive deals to get you hooked. After you pay, you may never receive what you paid for, or you may receive some cheap piece of unusable junk instead of the item you ordered. Investment or “guaranteed income” programs are another type of classic scam — they promise rapid returns, and once they take your deposits, they disappear without a trace.

Visiting or buying from untrusted suspicious websites can expose you to various risks that go beyond a single bad purchase. Fraudulent websites often collect your personal information even if you do not end up making a purchase. By completing a form or signing up for a “free offer”, you may be providing the scammer with access to your information.

Personal data collection can happen in a fairly straightforward and obvious way — for instance, through a standard order delivery form. In this scenario, attackers end up with sensitive information like the user’s full name, shipping and billing addresses, phone number, email address, and, of course, payment details. As we’ve previously discussed, fraudsters sell this kind of information, and there’re countless ways it can be used down the line. For example, this data might be leveraged for spam campaigns or more serious threats like stalking or targeted attacks.

A further danger comes from threats to your device’s security. Some of these fraudulent websites are made with the intention of infecting your device, by installing malware or spyware on your device without you knowing, causing it to leak passwords or crashing the whole system.

Common types of suspicious sites

Let’s take a closer look at the different types of shady sites out there and how interacting with them can lead to financial loss, data leaks, the unauthorized use of personal information, and other consequences.

It’s worth noting that rogue websites can masquerade as legitimate ones in almost any industry. The first type of fraudulent site we’ll look at is fake online stores. These can appear as clones of real brand websites or as standalone stores. Usually, the scam follows one of two paths: the buyer either receives a counterfeit or poor-quality product, or they receive nothing at all. These sites lure victims in with suspiciously low prices and “exclusive” deals. Often, users are subjected to psychological pressure: the time to make a purchase decision is purposefully limited, provoking the victim, as with any other scam, into making an impulse purchase.

Another common type of shady site includes online exchanges and trading platforms. These primarily target cryptocurrency, as the lack of legislative regulation for digital currency in certain countries makes them a magnet for fraudsters. These suspicious sites often lure victims with supposedly favorable exchange rates or other enticing gimmicks. If the user attempts to exchange cryptocurrency, their tokens are gone for good. Beyond simple exchanges, rogue sites offer investment services and even display a fake balance growth to appear credible. However, withdrawing funds is impossible; when the victim tries to cash out, they’re prompted to pay some fee or fictional tax.

Subscription traps are also worth noting, offering everything from psychological tests to online video streaming platforms. The hallmark of these sites is that they deliberately withhold critical information, such as recurring charges, or hide the fact it even exists. Typically, the scheme works like this: a user is offered a subscription for a nominal fee, like $1. While that seems attractive, the next charge – perhaps only a week later – might be as much as $50. This information is intentionally obscured, buried in fine print or tucked away in the Terms of Service where it’s harder to find. Legitimate services always clearly disclose subscription terms and provide an easy way to cancel before a trial period ends. Scam services, on the other hand, do everything possible to distract the user from the actual terms of use and subscription.

Shady sites can also masquerade as providers of mediation services, such as legal or real estate assistance. In reality, the service is either never delivered or provided in a stripped-down, incomplete form. For example, a user might be prompted to pay for a service that’s normally provided for free. The danger here lies not only in losing money for non-existent services but also in the significant risk of exposing personal data, such as ID details, taxpayer identification numbers, social security numbers, or driver’s license information. Once in the hands of attackers, this data can become a tool for executing further scams or targeted attacks.

On the whole, suspicious sites are fairly difficult to distinguish from legitimate, trustworthy services. Masquerading as a legitimate business is the primary goal of these sites, and the fraudulent schemes they employ are not always obvious. Nevertheless, there are protective measures as well as certain indicators that can help you suspect a site is unsafe for purchases or financial transactions.

How to identify suspicious or fraudulent websites

Despite the increasingly convincing attempts to create fake shops, the majority of them still lack the quality of real online stores, and there are many signs that may give them away. Some of these signs can be caught by the eye while others require a bit of technical investigation. By combining visual inspection, technical checks, and trusted online tools, you can protect yourself from financial loss or data theft.

Visual and manual clues

You don’t need to be a cybersecurity expert to catch many red flags just by observing the site’s domain, visuals, language and behavior. For instance, scam sites often have strange or randomly generated names, filled with numbers, underscores, hyphens, or meaningless words, like best-shop43.com. In addition, such vague top-level domains as .xyz, .top, or .shop are also frequently used in scams because they’re cheap and easy to register.

Furthermore, most fake stores sites look unprofessional, with poor visuals, pixelated images, mismatched fonts, or copied templates. Many fraudulent websites borrow layouts or logos from other brands or free templates, which makes them appear generic and sketchy.

Another major giveaway lies in the content itself. Be aware of persuasive language, unrealistic promises, or emotional triggers such as No KYC, Risk-free returns, 100% guaranteed income, Up to 300% profit, or Passive income with zero effort. Unrealistic deals are another red flag. If the products are listed at extremely low prices, continuous countdown timers, and “limited time only” messages that are often used to pressure you into making a quick purchase, it’s a clear tell of a fraudulent website.

Legitimate businesses always provide verifiable contact details, such as a physical address, company name, and customer support. On the contrary, scam sites hide this information. You may also notice the non-functioning pages, broken or suspicious links leading to unrelated external sites which indicate poor maintenance or malicious intent.

Another important signal is the website’s social media presence. Legitimate online businesses usually maintain at least one active social media account to promote their products and communicate with customers. In most cases, these businesses have long-established social media accounts with harmonized posting history and engagement from real users, consistency between the brand website and social media profiles (same name, logo, and links). The links to social media profiles from the website are usually direct. In contrast, fraudulent or deceptive websites often lack any meaningful social media presence or display signs of superficial or artificial activity. This may include missing social media accounts altogether, social media icons that lead to non-existent, inactive, or unrelated pages, or recently created profiles with very few posts and minimal user engagement. In some cases, comment sections are disabled or dominated by spam and automated content, suggesting an attempt to avoid public interaction rather than engage with customers.

Lastly, the payment options offered by the site can also tell a lot about its legitimacy. Be extremely cautious if a website only accepts cryptocurrency, wire transfers, or third-party P2P payments. These payment methods are irreversible and are preferred by scammers. Legitimate e-commerce platforms typically offer secure and reversible payment options, such as credit cards or trusted payment gateways that include buyer protection policies.

However, the absence or existence of any of these factors alone does not necessarily indicate malicious intent. It should be evaluated in combination with technical, linguistic, and behavioral indicators, rather than treated as a standalone signal of legitimacy.

Technical indicators to check

Looking into technical signs can reveal whether a website is trustworthy or potentially fraudulent.

One of the first things to check is the domain age. Scam websites are often short-lived, appearing only for a few weeks or months before disappearing once users start reporting them. To check when the domain was created, use a WHOIS lookup. If it’s less than six months old, be cautious — especially for e-commerce or investment sites, where legitimacy and trust take time to build.

Let’s take a look at the registration details for the popular online marketplace Amazon. As we can see from the WHOIS information, it was registered in 1994.

Meanwhile, a reported suspicious online store was created a couple of months ago.

Legitimate websites usually operate on stable hosting platforms and remain on the same IP addresses or networks for long periods. In contrast, fraudulent websites often move between servers (in most cases using a cheap shared hosting service) or reuse infrastructure already associated with abuse. Checking the IP address reputation can reveal if the website or the hosting server has previously been linked to suspicious activities. Even if the website looks legitimate, a poor IP reputation can expose it.

In addition to that, looking at the infrastructure behavior over time can reveal patterns about its legitimacy. Websites associated with fraudulent activity often show short lifespans, sudden spikes in activity, or rapid appearance and disappearance, which indicates a coordinated campaign rather than a legitimate business.

Another important clue is hidden ownership. When the WHOIS details show “Redacted for Privacy” or leaves the organization name blank, it may indicate that the website owner is deliberately hiding their identity.

We should point out that while this can raise suspicion during investigations, hidden WHOIS data is not inherently malicious. Many legitimate businesses use privacy protection services for valid reasons. These may include protection from spam and phishing after public email addresses are taken from WHOIS databases, personal safety for small business owners, and brand protection to prevent competitors or malicious actors from targeting the registrant. This means that some businesses can use services like WHOIS Privacy Protection, Domains By Proxy, or PrivacyGuardian.org to remove the WHOIS data while still operating transparently on their websites through clear contact details, customer support channels, and legal pages (e.g. terms of use).

Therefore, hidden ownership should be treated as a contextual risk indicator, not a standalone proof of fraud. It becomes more suspicious when combined with other signals such as newly registered domains, and lack of legal information.

Next, you can check the security headers of the website. Legitimate websites are usually well maintained and include several key HTTP headers for protection. Some examples include:

• Content-Security-Policy (CSP) provides strong defense against cross-site scripting (XSS) attacks by defining which scripts are allowed to run on the site and blocking any malicious JavaScript that could steal login data or inject fake forms.
• HTTP Strict-Transport-Security (HSTS) forces browsers to connect to the site only over HTTPS. It ensures all communication is encrypted and prevents redirecting users to an insecure (HTTP) version of the site.
• X-Frame-Options prevents clickjacking, which is a type of attack where a legitimate-looking button or link on a malicious page secretly performs another action in the background.
• X-Content-Type-Options blocks MIME-type attacks by preventing browsers from misinterpreting file types.
• Referrer-Policy controls how much information about your previous browsing (referrer URLs) is shared with other sites.

These headers form the “digital hygiene” of a website. Their absence doesn’t always mean a site is malicious, but it does suggest a lack of security awareness or professional maintenance — both strong reasons to be cautious.

You should also check the SSL certificate. Scam sites may use self-signed or short-lived SSL certificates. You can inspect this by clicking the padlock icon in your browser’s address bar — if it says “not secure” or the certificate authority seems unfamiliar, that’s a red flag.

You can check the security headers and the SSL certificate by sending an HTTP request programmatically or by using some online service.

Another indicator that provides insight into how well a website is done and managed is DNS configurations. Legitimate businesses typically use reliable DNS providers and maintain consistent DNS records. Missing the name server NS or mail exchange MX records may indicate poor setup. In addition to NS and MX, established websites often configure SPF and DMARC records to protect their brand from email spoofing and phishing. Something scam website developers won’t bother with because they don’t intend to build a long-standing reputation.

You can check the configurations of DNS records either programmatically or by using an online service.

Another recommendation is to pay attention to website behavior. If there are frequent redirects, pop-up ads, or background requests to unknown domains, this may indicate unsafe scripting or tracking.

How to protect yourself

Tools and databases for detecting suspicious websites

We at Kaspersky have built an intelligent system for detecting suspicious web resources and added this new type of protection into many of our products, including Kaspersky Premium, Kaspersky for Android and iOS, and others. Our detection model is based on many factors, including but not limited to the following:

• domain name and age,
• IP reputation,
• stability of the infrastructure used,
• DNS configurations,
• HTTP security headers,
• digital identity and popularity of the web resource.

Kaspersky has been certified as a provider of effective protective technology for fake shop detection.

When a user tries to visit a site flagged as having an undefined trust level, our solutions show a warning to stop the visitor from becoming a victim of personal data leaks, financial losses or a bad purchase:

This component is on by default.

Moreover, there are several online tools and databases that can help assess a website’s legitimacy:

• ScamAdviser analyzes trust based on WHOIS, server location, and web reputation.
• APIVoid provides risk scoring using DNS, IP, and domain reputation databases.
• National government databases often maintain official lists of fraudulent or blacklisted domains.

Preventive measures

To protect yourself from such threats, it might a good idea to take some additional preventive measures. Always double-check the URL and domain name, especially when you are about to click a link or make a payment. Make sure the site uses HTTPS and has a trusted certificate.

You can use standard browser tools to verify site security. For example, in Google Chrome, clicking the site information button (the lock or settings icon in the address bar) displays details about the connection security and the site’s certificate.

In the Security section, you can check whether the site supports HTTPS – it should say “Connection is secure” – and view the site’s digital certificate.

Additionally, keep reliable security software with real-time protection running on your device to stop you from accessing dangerous websites. Do not download any files or enter your personal information on websites that look unprofessional or suspicious. And finally, remember the golden rule: if a deal seems too good to be true, it often is.

If you realize that you’re on a scam website, it’s important to perform certain post-incident actions immediately. First, contact your bank or payment provider as soon as possible to block the transaction or card. Then, change your passwords for the services which might have been compromised, and run a full antivirus scan on your device to detect and remove any potential threats. Lastly, consider reporting the website to the cybercrime agency in your country or to the consumer protection agency. Sharing your experience online by leaving a review or warning will give notice to potential customers alike.

By staying careful and taking quick actions, you can significantly reduce the chances of being a target and help make the internet a safer place for everyone.

An overview of detection statistics for sites with an undefined trust level

To illustrate the types of suspicious sites prevalent in various regions around the world, we analyzed anonymized detection data from Kaspersky solutions for the “websites with an undefined trust level” category in January 2026. For each region, we identified the 10 most frequently encountered sites and calculated the share of each within that list. To maintain privacy, specific domains are not listed directly; instead, they’re described based on their functionality and characteristics.

Most visited suspicious sites

First, let’s examine the sites that appear across multiple regions, indicating a high prevalence.

In 9 out of the 10 regions analyzed, we encountered a suspicious image processing platform (*a*o*.com). This site positions itself as a photo editing tool, but in reality, it serves as an intermediary server for uploading images used in phishing and other malicious campaigns. The scheme typically works like this: a victim clicks a link disguised as a harmless image, after which the server initiates a stealthy download of a malicious payload, executes JavaScript to steal session data, or redirects the visitor to a phishing page. By interacting with such a site, users risk exposing personal data under the guise of uploading images, falling victim to a phishing attack, or infecting their device with malware.

Percentage of the *a*o*.com domain detections by region, January 2026 (download)

This site has the largest share of detections in the Russian Federation, where it ranks first in the TOP 10 with a 40.80% share. It is also prevalent in Latin American countries (21.70%) and the CIS (14.64%), while it’s least common in Canada at 0.24%.

The next site appeared in 7 regions. It consists of a landing page for a fake antivirus solution presented as a browser extension (*n*s*.com). This extension redirects the user to a fake search engine page allowing it to collect data and track user activity, specifically search queries.

Percentage of the *n*s*.com domain detections by region, January 2026 (download)

This site is most frequently detected in South Asia, with a share of 33.31%. Its presence in Canada and Oceania is roughly equal (15.47% and 15.09%, respectively). We recorded the lowest number of detections in Africa, at 2.99%.

Another suspicious browser extension appeared in the TOP 10 in 6 out of the 10 regions. It’s a fake privacy-enhancing tool hosted at *w*a*.com. Instead of providing the advertised privacy features, this extension carries a high risk of intercepting browser data and is classified as a potentially unwanted application (PUA). It can modify browser settings, harvest user data, swap the default search engine for a fake one, and perform other malicious actions. Furthermore, it maintains full control over all browser traffic.

Percentage of the *w*a*.com domain detections by region, January 2026 (download)

This “service” has its largest share, 22.25%, in the Middle East and North Africa, and is also quite common in Canada (16.26%). It’s least frequently encountered in Latin America (5.38%) and East Asia (4.02%).

The site *o*r*.com appeared in five regional rankings. It’s a fake security service promising to provide online safety by warning users about malicious sites and dangerous search queries. This extension has the potential to steal cookies (including session cookies), inject advertisements, spoof login forms, and harvest browser history and search queries. We noted that this site made the TOP 10 in Africa (0.59%), the MENA (Middle East and North Africa) region (4.57%), Europe (5.61%), Canada (7.21%), and Oceania (1.93%).

In 4 out of the 10 regions, we identified several other recurring sites. One of them (*n*p*.xyz) mimics a repository for creative AI image generation prompts while capturing browser data. The domain hosting this site exhibits several red flags: it was recently registered, and the owner’s information is hidden. This site reached the TOP 10 in Africa (0.51%), the MENA region (7.04%), Latin America (22.54%, ranking first in that region), and South Asia (5.91%).

The second service (*i*s*.com) positions itself as a tool for safe searching, protecting the browser from threats, and verifying extensions. However, this is a typical browser hijacker, much like the others mentioned above. It made the TOP 10 in South Asia (8.03%), Oceania (17.97%), Europe (3.90%), and Canada (14.35%).

The third site (*h*t*.com) poses as a private browsing extension. In reality, it’s another potentially unwanted application designed for browser hijacking: it modifies settings, steals sensitive data (cookies, browser history, and queries), and can redirect the user to phishing pages. Users have specifically noted the difficulty involved in removing the extension. This site appears in the TOP 10 for the MENA region (10.17%), Canada (7.06%), Europe (3.81%), and Oceania (2.81%).

Another domain (*o*t*.com) that reached the TOP 10 in four regions is a service mimicking a browser extension for safe searching and web browsing. It’s dangerous because it injects ads and steals user data. It’s important to note that such extensions can be installed without explicit user consent – for example, via links embedded in other software. This service holds the number one spot in two regions: Canada (25.72%) and Oceania (30.92%), while also appearing in the TOP 10 for East Asia (8.01%) and Africa (0.88%).

Consequently, we can see that the majority of suspicious sites detected by our solutions worldwide are browser hijackers masquerading as security products. Nevertheless, other categories of sites also appear in the TOP 10.

Next, we’ll examine each region individually, focusing on descriptions of domains not previously covered. For clarity, the sites mentioned above will be marked as [MULTI-REGION], while those appearing in only two or three regions will include the names of those specific areas. We’ll observe several regional overlaps and similarities, allowing us to determine which types of suspicious sites are popular both within specific regions and globally.

Africa

Distribution of the TOP 10 suspicious websites in Africa, January 2026 (download)

The three most prevalent domains in African countries are found exclusively in this region. All of them – *i*r*.world (60.27%), *m*a*.com (22.84%), and *e*p*.com (9.36%) – are potentially fraudulent online trading platforms suspected of using forged licenses. These sites employ classic scam schemes where it’s impossible to withdraw any alleged earnings. In fifth place is a domain we’ll also see in the European TOP 10, *r*e*.com (1.46%): a platform marketed as a tool for retail and semi-professional traders. It charges for services available elsewhere for free. Eighth place is held by a site that also appears in the Russian TOP 10: *a*c*.com (0.56%). This is a dubious AI tool that claims to offer free subscriptions to a premium graphics editor. In ninth place is a domain that also surfaces in the Canadian TOP 10: *u*e*.com (0.53%), a browser extension of the “web protection” variety that we’ve encountered previously.

In summary, the African region is dominated by financial scams within the online trading and brokerage sectors. These include fake platforms that make it impossible to withdraw funds and use fake licenses and classic schemes to steal users’ money. Additionally, Africa sees paid tools that duplicate free services and questionable AI-based subscriptions. The primary threat in this region is financial loss through fraudulent investment-themed sites.

MENA

Distribution of the TOP 10 suspicious websites in the Middle East and North Africa, January 2026 (download)

In the MENA region, the site *a*v*.su holds the top spot with a 28.64% share; notably, this site also appears in the TOP 10 for Russia. It markets itself as a tool for building custom VoIP-PBX systems. However, it has an extremely low trust rating and is frequently associated with phishing, malware distribution, and hidden redirects. Using this service carries significant risks, including data leaks, malware infections, and financial loss.

Ranked seventh is *a*r*.foundation (6.32%), an AI bot allegedly designed for trading, which we also identified in the TOP 10 for Oceania. This service has been flagged as an investment scam operating as a pyramid scheme with the hallmarks of a Ponzi scheme.

The ranking is rounded out by two domains not found in any other region. The first one, *l*e*.pro (4.42%), is a spoof of a popular betting service. The second, *p*r*.group (2.21%), is a clone of a well-known broker. Both sites are scams.

In the MENA region, the landscape is dominated by fake VoIP services as well as counterfeits of financial and betting platforms, which attackers use to conduct phishing attacks, distribute malware, and perform hidden redirects. A significant portion of suspicious sites consists of fake online privacy tools and browser hijackers masquerading as security extensions. Ponzi schemes and cryptocurrency scams are also prominent. The primary risks for the region are data theft, malware installation, and financial loss.

Latin America

Distribution of the TOP 10 suspicious websites in Latin America, January 2026 (download)

In Latin America, we identified five popular suspicious sites specific to this region, which is unusual compared to other areas where more overlaps are typically observed. Ranking third with a share of 10.81% is the fake betting platform *b*e*.net. In fifth place is *r*e*.club, an illegitimate clone of a well-known bookmaker, with a share of 7.82%.

Further down the list of local threats are *a*a*.com.br (7.02%), a Brazilian Ponzi scam; *s*a*.com (5.07%), which offers dubious investment programs; and *t*r*.com (4.53%), a potentially dangerous trading platform.

In Latin America, the most-visited suspicious sites are betting-themed scams, including both clones of legitimate sites and those built from scratch. Also prevalent are Ponzi schemes, fake investment programs, and dubious online brokers. A significant portion of these sites consists of browser hijackers posing as crypto platforms and AI bots. The primary threats in Latin American countries include financial loss through gambling and Ponzi schemes, as well as the theft of NFTs and other tokens.

East Asia

Distribution of the TOP 10 suspicious websites in East Asia, January 2026 (download)

In the East Asian TOP 10, we see the highest concentration of domains that are absent from other regional rankings.

In first place, with an 18.77% share, is the fake broker *r*x*.com, which can be used to steal personal data or funds. Second place is held by a crypto-gaming site (16.44%) that we previously encountered in the Latin American TOP 10. Visitors to this site risk losing NFTs and other tokens. In third place is the domain *u*h*.net (11.61%), used for redirects or phishing. It can exploit a victim’s device as a proxy for malicious sites, install adware and malware, or hijack sessions. Following this is *s*m*.com (9.98%), a domain typically used as a browser-hijacking server and for phishing attacks, serving as a link in an infection chain.

Rounding out the local threats in East Asia are the following domains: *e*v*.com (9.37%), utilized in drive-by attacks; *a*k*.com (9.16%), an API-like domain associated with suspicious scripts and extensions; and *b*l*.com (4.38%), a domain potentially used for redirects and other malicious activities.

East Asia has a high concentration of region-specific fake brokers, crypto gaming platforms, and NFT marketplaces. These are primarily used for drive-by attacks, redirection to malicious domains, phishing, and the distribution of adware and malware, acting as a stage in the infection chain. The primary threats for this region include the loss of financial data, NFTs, and other tokens, as well as stealthy malware installation and session hijacking.

South Asia

Distribution of the TOP 10 suspicious websites in South Asia, January 2026 (download)

In South Asian countries, we also observe a concentration of local suspicious sites specific to the region.

The second most popular site in the region is *a*s*.com (12.01%), a poor-reputation, high-risk microloan service typical of South Asia. By interacting with these sites, users risk not only losing significant funds but also compromising their overall security. Following this are *v*n*.com with a 9.47% share and *l*f*.com with 8.65%. These domains are employed in various fraudulent schemes, ranging from phishing to spam.

The TOP 10 also includes *s*o*.com (4.80%), a free video downloading service associated with a high risk of infection. The final site we analyzed in the South Asia region is *c*o*.site (1.89%), a pseudo-tool for local SEO optimization that carries the danger of data loss and a high risk of financial fraud through subscription sign-ups.

In summary, the region is dominated by fake antivirus extensions, microloan services, dubious video downloaders, and counterfeit SEO tools. The primary risks for South Asia include financial fraud, phishing and spam distribution, malware infection, and data theft.

CIS

When analyzing statistics for suspicious sites in CIS countries, we treat Russia as a separate region due to the unique characteristics of its online space which are not found in any other CIS member states. However, we’ve placed these two regions in the same section, as we’ve observed overlaps between them that are not seen in other parts of the world.

Distribution of the TOP 10 suspicious websites in the CIS, January 2026 (download)

The top two sites in the CIS TOP 10 also appear in the Russian TOP 10. The domain *r*a*.bar, which ranks first in the CIS (39.50%), holds the second spot in Russia (15.93%) and is a fake trading site. It’s worth noting that sites in the .bar domain zone are frequently used for scams. In second place in the CIS (15.29%) and sixth in Russia (3.75%) is the domain *p*o*.ru, which is often associated with bots for inflating follower counts and automating community management.

Domains from fourth to eighth place are specific only to the CIS region and don’t appear in the Russian TOP 10. These sites include:

• *a*e*.online (8.42%): an online image editor that carries risks of browser-based malware injection and data harvesting
• *n*a*.io (6.51%): a high-risk cryptocurrency trading platform
• *e*r*.com (3.72%): a site promising free cryptocurrency and posing the risk of compromising visitors’ private keys and digital wallets
• *s*o*.ltd (3.70%): a domain with an extremely low trust rating, potentially used for phishing attacks and malware distribution
• *s*.gg (3.49%): a scam site masquerading as a play-to-earn blockchain game

The ranking concludes with sites that overlap with the Russian region. *a*.consulting (2.42%) is a fake clone of a binary options site, and *a*.lol (2.32%) is a domain suspected of phishing and malicious activity.

The CIS landscape is dominated by fake trading platforms (particularly crypto exchanges), promises of easy profits, play-to-earn scams, and dubious investment projects. We also observe many bots for inflating social metrics and automation, alongside domains dedicated to phishing and malware distribution. The primary threat in the CIS is the theft of private keys, digital wallets, and funds through investment schemes and lures involving online promotion.

Distribution of the TOP 10 suspicious websites in Russia, January 2026 (download)

The Russian TOP 10 includes three unique domains not found in the rankings of other regions. The first, *n*m*.top (7.84%), is an imitator of a well-known binary options broker. This suspicious site was recently registered and has a tellingly low rating on domain verification services. The second, *t*e*.ru (3.25%), claims to be an educational platform and has a dubious subscription system with a high probability of fraud involving difficulties in canceling subscriptions. The third site, *e*e*.org (3.14%), positions itself as a tool for a popular media platform, but it’s actually a scam that fails to provide its stated services.

Overall, the Russian landscape is characterized by fake binary options brokers, sketchy sites with fraudulent subscriptions posing as e-learning platforms, and VoIP services used to spread phishing and malware. There are also frequent instances of sites spoofing well-known legitimate services. The primary risks in Russia are scams related to the knowledge business sector, as well as the theft of money and personal data.

Europe

Distribution of the TOP 10 suspicious websites in Europe, January 2026 (download)

In the European region, we’ve found two unique domains. The first of these, *c*r*.org, has been identified as part of a chain for massive phishing and spam attacks, as well as other malicious activities. It accounts for a 16.08% share of the TOP 10. The second site, *o*n*.de, is an unofficial reseller with a poor reputation and a high likelihood of fraud. This domain ranks second to last in our statistics with a 5.95% share.

Among the sites not previously covered, the European TOP 10 includes one site that also appears in the Oceania TOP 10: *o*i*.com (6.61%). This is a classic cryptocurrency scam promising passive income.

A significant portion of suspicious sites in Europe consists of intermediary sites for phishing and spam, fake security extensions, and crypto scams. Unofficial sales services and paid trading tools are also on the list. The primary threats in the European region include session hijacking, data theft, spam, and investment fraud.

Canada

Distribution of the TOP 10 suspicious websites in Canada, January 2026 (download)

Canada has been designated as a separate region to illustrate prevailing trends within North America. The first four positions in the Canadian TOP 10 are held by multiregional domains discussed previously. In fifth place is *t*c*.com (10.88%), which also appears in the TOP 10 rankings for Oceania and South Asia. This is yet another browser extension masquerading as a security solution. Occupying the final spot is the domain *e*w*.com (0.17%), which is unique to the Canadian market. This site operates a dropshipping scam, offering products at prices significantly below market value. Customers typically either never receive their orders or get low-quality counterfeits.

The landscape of dubious websites in Canada is largely defined by fraudulent extensions capable of hijacking browser data, tracking user activity, spoofing search queries, harvesting cookies, and injecting ads. This is further compounded by dropshipping schemes involving counterfeit goods. The primary risks for users in Canada include data theft and financial loss from purchasing substandard products.

Oceania

Distribution of the TOP 10 suspicious websites in Oceania, January 2026 (download)

The final region under consideration is Oceania. Notably, we didn’t identify a single domain unique to this region. Every site appearing in the TOP 10 represents a global threat that’s already been detailed in previous sections. To summarize the findings for this region: the primary threats consist of fake security extensions and privacy products designed for browser hijacking, tracking user activity, displaying advertisements, and stealing data. There’s a minimal presence of crypto Ponzi schemes in this area. The main risk for users in Oceania is the loss of privacy and confidentiality through unwanted apps.

Conclusion

Suspicious websites are particularly dangerous because they often masquerade as legitimate sites with high levels of persuasiveness. They mimic online stores, subscription-based streaming platforms, repair firms, and various other services. Unlike standard phishing sites, they employ more sophisticated manipulations to deceive users, tricking them into voluntarily handing over their personal data and transferring funds.

By examining the TOP 10 suspicious sites across the world’s major regions, we can draw several conclusions. On average, the most prevalent threats globally are fraudulent extensions masquerading as security solutions and privacy services. Their true purpose is to hijack browser data, track user activity, and display ads. We also frequently encounter phishing platforms for image processing and financial scams involving trading, cryptocurrency, betting, and microloans. Our statistics demonstrate that these sites not only employ classic fraudulent schemes centered on easy money but also adapt to contemporary trends targeting younger audiences and specific regional characteristics. The primary risks for users interacting with these sites are a combination of privacy threats and financial loss.

To help protect users from these shady sites, we’ve introduced the category of “websites with an undefined trust level” as part of the web filtering features in our solutions. However, it’s important to note that user awareness and individual responsibility play a significant role in ensuring safe web browsing. It’s essential for users to be able to recognize suspicious sites and remain vigilant toward any that appear untrustworthy.

securelist.com/suspicious-webs…

Have you thought about building a galvonometer-based laser projector, but don’t know where to start? There are a lot of resources out there, but you could do worse than to check out [Breq] and [Mia]’s laser vector project, which provides a very well-documented and low-cost starting point. They boast that the most expensive part of the project was the ANSI-certified safety glasses, which shows a dedication to safety we wish more people would show when playing with coherent light.

The rest of the parts — from the galvos to the RGB lasers module with dichloric mirrors to keep everything on the same beamline, to the ESP32 module driving everything — was ordered from AliExpress, and not from the most expensive vendors, either. Considering that, it works remarkably well.
If you’re not playing Asteroids on your vector display, why even bother?
Like all DIY laser projectors, this one does vector graphics, sweeping the beam fast enough that the human eye registers crisp, clean lines. Galvonometers, or galvos for short, take analog input, so a DAC is needed — fortunately the ESP32-S2 comes with a pair built in. The custom PCB of course has audio-in for the usual Lissajous lightshow or oscilloscope music, but with an ESP32 as the brains, you can do a lot just inside the projector.

Like what? Well, play Asteroids, for instance, using Wiimote controllers. Project a lovely clock. Render text input in various single-stroke fonts. More to the point, since this is a projector, take arbitrary SVG data and project literally any image you’d like — as long as it doesn’t have too many lines, at least. The galvos in this project are rated at 20,000 points per second, which is not exceedingly fast: they were chosen to meet the budget, not the greatest-possible speed.

More to the point is that this is one of the better-documented projects of this type we’ve seen. [Breq] doesn’t just tell us how to build the projector, but why they designed it that way. We really encourage you to give it a read if you’ve been thinking of getting into this sort of display.

We’ve seen plenty of laser projectors before, most of them producing vector images like this one. If you really must have a raster display, though, that’s also an option. Don’t count out vector images, though — they could even replace your Christmas lights.

Thanks to [CapinRedBeard] for the tip! Remember to send any bright ideas you see to our tips line, coherently lit or no.

hackaday.com/2026/05/06/rgb-la…