• Earlier this month Google helped make .zip and .mov gTLDs more easily accessible.
• The gTLDs happen to also be the file extensions which has many cybersecurity experts concerned.
• The domain has already been used in phishing attacks.

Internet denizens are going to have to be more aware than ever that they are opening files and not clicking links to malicious websites.

This is because Google has recently helped new generic top-level domains (gTLDs) including, .dad, .phd, .prof, .esq, .foo, .nexus, more widely available. However, two which have folks concerned, .zip and .mov. Extremely online folks will recognise those gTLDs as the file extensions for video files and compressed archives.

As reported by Techspot, the gTLDs have been listed on IANA’s DNS records since 2014, but Google has now made them generally available and this has sparked fears that phishing attacks could become more believable.

This is beautifully exemplified in the website financialstatement.zip (don’t worry the link is safe). To a person who spends very little time online, that link in an email might look like a downloadable file, as the website’s author writes.

“There are two main issues with the addition of the .zip and .mov TLDs. The first is very simple: Plain old phishing, where the owner of the URL specifically attempts to fool you into clicking on it. Examples can be as simple as this URL (financialstatement.zip) but can become incredibly complex thanks to various features that are built into all web browsers. Unicode support in particular, along side tricks like passing in a username that looks like a full URL, can make this hard to spot for even trained professionals on first glance,” writes the author.

“The secondary issue with this, however, is probably not going to be felt immediately. Lots of common software will try and take URLs you type and format it to being a full-blown link for ease of use. Everyone knows that when you type google.com, you probably mean google.com. The downside of this now is there is a very common set of filenames that, when typed, might be converted by software into an actually functioning link to an externally controlled website,” they added.

And it didn’t take long at all for miscreants to start abusing this new gTLD. According to ghacks.net, officeupdate.zip or microsoft-office.zip have already been used in phishing attacks.

Despite the calls for a rethink from the information security sector, Google appears to be forging ahead and highlights that it has tools to address ne’er-do-wells.

“Google takes phishing and malware seriously and Google Registry has existing mechanisms to suspend or remove malicious domains across all of our TLDs, including .zip. We will continue to monitor the usage of .zip and other TLDs and if new threats emerge we will take appropriate action to protect users,” Google said in a statement sent to Tech Radar.

For now, be cautious when clicking anything ending in .zip as it could be a link to a malicious website rather than a file you’re expecting.

[Image – Tomas Sobek on Unsplash]