SquareX Uncovers Critical Vulnerabilities in Top Webmail Providers. Read More

✨ SquareX has raised a USD 6M seed from Sequoia Capital SEA. Read More

Home / Use cases / Suspicious Websites

Suspicious Websites

Among the vast number of websites on the internet, only a small fraction can be trusted for safe use. However, blocking all untrusted websites is not an ideal solution, as it can hinder employees' job functions. SquareX addresses this challenge by allowing enterprises to define and manage suspicious websites with precision. With our policy engine, enterprises can create tailored policies to handle suspicious sites appropriately. For instance, an enterprise can easily set up a policy to flag less-widely-known websites clicked from social media as suspicious and isolate them as a precautionary measure. This approach ensures that employees can access necessary resources while maintaining a high level of security and minimising potential risks.

Isolate all free hosted sites

Free hosted sites are often used to distribute harmful content as they are easy to setup and can leverage domain authority of the hosting platform to evade some of the security checks. Isolating these sites ensures users do not inadvertently download or execute malware. Admins can prompt Isolate all free hosted sites to create this policy. The expected outcome would be:

Block access to websites hosted in high-risk countries

Given the geopolitical climate and the potential for cyberattacks originating from certain regions, isolating certain geography sites can mitigate risks associated with state-sponsored or other regional cyber threats. As an example, using the policy-generating copilot, admins can prompt Block Sites from Russia to generate the appropriate policy. The policy should have the following conditions:

Isolate sites referred from social networking sites

Social networking sites can often be vectors for malicious links. Isolating these sites ensures that users are protected from potentially harmful content. Admins can prompt Isolate Sites Referred from Social Networking Sites to generate this policy. The expected outcome would be:

Protect employees from accidentally accessing Typosquatting eTLD

Many organizations struggle with typosquatting attacks including those done on an eTLD level (the suffix included in the domain i.e. .com). In their case, .ml and other common eTLDs were used to phish users who are looking for the .mil sites. SquareX has a very elegant solution to prevent employees from accidentally stumbling upon such typosquatting links - by leveraging our AI copilot, admins can simply mention the eTLDs to allow or block, as shown in this demonstration.

Isolate sites with unicode characters on the domain

Suspicious links come in many flavors and attackers using unicode characters is an age old trick. The most deterministic way to secure employees is to open suspicious links directly in browser isolation. As an example, admins can consider isolating all links with unicode characters. Despite this being an older attack, a snapshot of OpenPhish's live feed will show the prevalence of punycode used in phishing sites. To avoid getting detected as a spam site, many of these links redirect to other sites before the file download is presented to the user. Once the policy is in place, SquareX's disposable browser seamlessly integrates with employees' browser - based on policies that security admins create.

Block sites hosted on newly registered domains

Sites hosted on newly registered domains are often used in phishing campaigns, as they might not be crawled or detected by malicious site detection models yet. Since domain age is not easily accessible to the average user, they might unknowingly access these risky sites. An adversary group just purchased 500K new domains for their social engineering campaigns. These include many .BOND top level domain sites, among others. Intuitively, security admins might want to block employees from accessing any site with .bond TLD, but without access to the full list of domains that were purchased, this domain rule will not provide comprehensive protection. Instead, admins can consider blocking the access of all newly registered domains. This way, employees can be protected from being exposed to campaigns like this. Where it feels too restrictive to block the users entirely, SquareX's isolation technology can be used seamlessly.