SquareX publishes research on attacks that completely bypass Secure Web Gateways at DEF CON’32. Read More

SquareX Uncovers Critical Vulnerabilities in Top Webmail. Providers. Read More

✨ SquareX has raised a USD 6M seed from Sequoia Capital SEA. Read More

Home / Use cases / Malicious Websites

Malicious Websites

Of the billions of websites that exist on the internet, only a handful can be trusted and enterprises face a challenge in ensuring that users do not inadvertently access malicious websites. These sites can host a variety of threats, including malware, phishing attempts, and other forms of cyberattacks. While other solutions outright block or allow websites based on URL categories, SquareX takes a different approach, it provides enterprises the option to define what they consider malicious. For example, for some enterprises, domain age less than 30 days might be considered malicious, for others it could be websites hosted in specific geographical locations or sites seeking excessive permissions (such as clipboard, location, camera, etc). Along with this, SquareX has an in-browser site analysis engine capable of detecting potentially malicious websites; it does this by performing in-depth analysis of websites, which includes DOM monitoring, live OCR, domain authority, brand resemblance and many more checks. SquareX also incorporates popular phishing feeds to block known threats.

Block access to sites with suspicious redirects

Sites with multiple redirects across different domains is a common tactic used by attackers. Blocking sites with such behaviour helps protect users from falling victim to phishing or malware attacks. Admins can prompt Block access to sites suspicious redirects to generate this policy. The expected outcome would be:

Block typosquatted domains

With access to generative AI tools, it doesn’t take much technical expertise to make dupes of big brand sites as well as to buy a domain that is similar to the original page. As an example, typosquatting exploits common typing errors to direct users to malicious sites posing as legitimate SaaS applications. Blocking these links helps protect users from phishing attacks and malware disguised as trusted services. Using the AI Policy generator, admin can prompt Block Typosquatting Links to generate this policy. The expected outcome would be:

Block access to any known malicious sites

Blocking access to known malicious sites protects users from malware, phishing, and other cyber threats. Admins can prompt Block access to known malicious sites to create this policy. The expected outcome would be:

Block advanced Browser-in-the-browser attacks

There are classes of attacks that are orchestrated entirely within the browser that both cloud proxies and endpoint security have no visibility into. One such attack is the Browser-in-the-browser (BitB) phishing attack, where a browser view is embedded within a page, appearing as a window popup. Users get tricked into entering their data into these seemingly unassuming pages.Enterprises can leverage SquareX to block employees from facing BitB attacks. For instance, if an enterprise is using Okta for authentication, then a simple site content policy to check for Okta login content against the domain can be done effectively, using SquareX. A demonstration of this is shown against the recent and ongoing ‘Steamcommunity’ phishing attack that is propagated through Discord. Simply using a screenshot of the actual phishing page, you can see the power of SquareX’s detection technology.