New MOV and ZIP domains could provide hackers with a way to scam people into clicking on malicious URLs

May 22, 2023

Google’s recent release of eight new top-level domains (TLDs) has attracted attention for both its lighthearted options like “.dad” and “.nexus” and its potential security concerns

Two of these TLDs, “.zip” and “.mov,” have raised eyebrows due to their similarity to common file extensions. While .zip is widely recognised as a data compression format, .mov is associated with Apple’s video format. The worry is that these TLDs resembling file names could create opportunities for phishing and other online scams.

The main concern is that malicious actors may exploit URLs that resemble file names in the format .zip or .mov, deceiving users into clicking on seemingly legitimate links, that actually lead to malicious websites. Additionally, the introduction of .zip and .mov domains could exacerbate the problem of programs incorrectly identifying file names as URLs and automatically adding hyperlinks to them. This scenario could enable scammers to strategically acquire .zip and .mov URLs that mirror common file names, such as “summer23.mov.” Consequently, any online references to files with these names could also automatically generate links to deceptive websites.

Expanding the availability of TLDs offers more choices to individuals, reducing the need to pay inflated prices to acquire desired domain names from existing owners or speculators who have purchased numerous historic URLs. Some experts in the security community argue that, considering the already substantial risk of phishing attacks, the introduction of domains like .zip and .mov does not significantly heighten the danger.

While the proliferation of TLDs can enhance accessibility and choice, it is crucial to remain vigilant about potential security implications. Internet users should exercise caution when interacting with URLs that resemble file names and be mindful of phishing attempts. As the digital landscape continues to evolve, it is important for individuals and organisations to stay informed about emerging risks and implement robust security measures to protect themselves from online scams.

Google has stated that measures are already in place to address risks around the potential confusion between domain names and file names

The company acknowledges that instances of domain names overlapping with file names are not new, citing the example of 3M’s Command products using the domain name command.com, which is also a significant program on MS DOS and early Windows versions.

Google emphasises that applications, including Google Safe Browsing, have mitigations in place to tackle these issues, and these mitigations extend to TLDs like .zip. Google Registry has mechanisms to suspend or eliminate malicious domains across all its top-level domains, including .zip. Google is committing to monitoring the usage of .zip and other TLDs, pledging to take appropriate action to safeguard users if new threats emerge.

Some in the cyber security industry believe that the new TLDs will significantly amplify phishing effectiveness; there are certainly some challenges that individuals face in distinguishing between ambiguous characters in URLs and correctly identifying the URLs for various services.

However, others believe that a company like Google, with substantial investments in anti-scam and anti-phishing initiatives, could have chosen not to offer these specific TLDs. They argue that despite the existence of other top-level domains that also correspond to file extensions, there is no need for further overlaps of this nature.

While opinions vary on the significance of the risks associated with these TLDs, it is clear that the introduction of .zip and .mov domains has sparked discussions within the security community. Continued monitoring and proactive measures by companies like Google are essential to ensure the protection of users and mitigate any potential security concerns that may arise.

Key metrics

We’re proud of how we perform

15 mins

Avg. response time

< 2 hours

Avg. resolution time

100%

positive feedback

79%

First contact resolution