The Meetings Show
Emirates Old Trafford
Smart Group - Electric Xmas

What are malicious websites, and how can businesses identify them?

what are malicious websites

A cybersecurity expert shares why malicious websites are dangerous and how businesses can identify them. 

As of January 2023, Google reported delivering 3.6 million malicious site warnings daily. In addition, research confirms that 39% of companies experienced phishing attacks last year, making phishing the most common type of cyberattack. A NordVPN domain study reveals that the two types of domains that have the most malware are sites offering adult content at 21% and cloud storage domains at 14%. These websites often masquerade as legitimate and use phishing emails to lure visitors

Phishing websites vs. malware websites

What does a malicious website look like? Unfortunately, the answer is that it typically looks no different than legitimate websites. Phishing websites are also hard to distinguish.

Carlos Salas, a cybersecurity expert from NordLayer, a network security solution for businesses,  shares how to recognize such websites: “Cybercriminals engineer phishing sites to entice visitors to enter sensitive information. Victims could enter information via standard online forms, by requesting documents, or by signing up for mailing lists. Phishing sites generally seek high-value data like credit card numbers, login credentials, and home addresses. That explains why replica-popular payment portals like eBay are common imposters.”

For example, this fake eBay website contacts linked emails with a request for “credit card updates” or messages from imaginary members.

With malware, the situation may be even more complicated. Salas says, “Malware-based malicious websites exist solely to implant harmful software on target devices. This malware can gather data and send it to hackers, interfere with the operation of systems, or carry out unwanted tasks like crypto-mining.”

The expert also highlights the complexity of malware: “There are several types of malware, such as ‘drive-by downloads,’ which can deliver malicious code without visitors realizing it. Also, malicious files. These files usually refer to apps like antivirus checkers or media players. Lastly, malvertising uses corrupted pop-up ads to send malware to unsuspecting targets. These ads could be part of legitimate networks and appear normal.”

Government services can also fall victim to malware. In the UK, the tax authorities warn about misleading websites offering fake Covid-19 tax refunds that are actually infected with malware.

How to identify a malicious website

Malicious websites often have common features, such as multiple misspellings, URLs with HTTP instead of HTTPS, unusual app download requests, fake competitions or drawings with prizes that will never materialize, suspicious security alerts, generous deals, slightly incorrect domain names, and thin contact and background information.

These websites often mimic parent sites but have minor differences, such as Amazon becoming Amazon1. They often offer little information about the company involved, making it difficult to identify them. Additionally, they may offer a security solution via one-click downloads or outdated systems. Requesting assistance from the website’s parent site before engaging in any suspicious activities is crucial.

Tips for businesses on how to avoid malicious websites

Carlos Salas from NordLayer shares tips on what practices businesses can use to increase their security: “One of the most popular solutions is DNS filtering programs or malicious domain-blocking features and plugins. In addition, every device in your company network should have updated antivirus and anti-malware tools.  Most importantly, train your staff on how to avoid and recognize harmful websites.  Always remember that prevention is cheaper than threat mitigation.“


NordLayer provides flexible and easy-to-implement cybersecurity tools for businesses of any size or work model developed by the standard of NordVPN. We help organizations secure networks in a stress-free way. NordLayer enhances internet security and modernizes network and resource access with technical improvements aligning with the best regulatory compliance standards. Helping organizations to adopt ZTNA and SWG principles, NordLayer is focused on the Security Service Edge of cybersecurity services. Quick and easy to integrate with existing infrastructure, hardware-free, and designed with ease of scale in mind, NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today.

Find out more about the NordVPN threat protection research here.