Beware: Google's .zip and .mov TLDs Enabling New Phishing Tactics

Beware: Google’s .zip and .mov TLDs Enabling New Phishing Tactics

In a recent announcement, Google unveiled a range of new top-level domains (TLDs), including some unexpected choices like “.zip” and “.mov.” While these additions expand the possibilities for website addresses, they also raise concerns about potential phishing and online scams. Let’s delve into the implications of these new TLDs and how they intertwine with the challenges of digital security.

The Intersection of TLDs and File Extensions

What sets “.zip” and “.mov” apart from other TLDs is their close association with widely recognised file extensions used for data compression and video formats. This connection raises eyebrows, as it introduces the possibility of URLs that mimic file names, leading to new avenues for digital scams that exploit user confusion.

Phishing in the Spotlight

The primary concern surrounding these TLDs is the potential for phishing attacks. Scammers could take advantage of the similarity between domain names and file names to trick unsuspecting users into clicking on seemingly legitimate links that, in reality, lead to malicious websites. By strategically acquiring domain names that mirror common file names, such as “” scammers can capitalise on users’ familiarity with file extensions. An example of this would be including the link “” within an email, which redirects the user to a malicious website, prompting them to download a malicious file or enter sensitive information.

Emerging Threats and Ongoing Mitigations

Instances of malicious actors purchasing “.zip” domains and using them in phishing campaigns have already been reported. However, opinions vary regarding the actual impact of these new TLDs, given that URL confusion and phishing scams are longstanding issues. It is worth noting that security measures like anti-phishing protections are already in place, deployed by proxies and traffic management tools to minimize the risks. Google has assured users that their existing safeguards, such as Google Safe Browsing, will extend to TLDs like “.zip” and “.mov.” The company remains committed to monitoring their usage and taking swift action to protect users if new threats emerge.

Debate Within the Security Community

While some security experts believe that the introduction of “.zip” and “.mov” TLDs may not significantly amplify phishing risks, others argue that Google could have opted against offering these specific TLDs, considering their strong focus on anti-scam and anti-phishing efforts. Critics claim that the overlap between domain names and file extensions introduces unnecessary usability and security challenges, leaving average end users to deal with the consequences.

As Google expands the realm of TLDs with the introduction of “.zip” and “.mov,” both opportunities and risks come to the fore. While these TLDs offer greater domain name choices, the potential for phishing attacks and user confusion is a concern. While security measures are in place, the debate continues among experts regarding the long-term impact and necessity of such overlaps. Ultimately, it is vital for users to remain vigilant, and for technology providers to prioritise user safety in an ever-evolving digital landscape.

Fallen Victim to a Phishing Attack?

Our expert team have helped countless organisations that have fallen victim to phishing, among other cyber threats, and need assistance responding and recovering from an attack. 

We have a vast amount of experience in dealing with these types of incidents and can quickly respond and support organisations throughout the entire process. 

If you need emergency cyber incident response support, get in touch with our team of experts today >>