Risks involved with Google’s New .Zip and .Mov Domains

The Gist

At the start of May 2023 Google released eight new top level domains for purchase. Domains can be identified by the suffix at the end of the URL of a website, such as .com or .org. These suffixes were created decades ago when the internet first came about but there were a fair amount of restrictions on what could be used. Over the years these restrictions have slowly been eased and Google has since then bid on a few of these, in order to sell access to the general public.

While Google has offered a couple of funny ones like .dad and .nexus, they also made a few risky ones available like .mov and .zip. While these may seem like innocent offerings the potential for phishing and scamming by malicious users with access to these domains is quite high and for a couple of reasons that we will highlight below.

Common file extension names

.Zip extensions are commonly associated with data compression files, while .mov as you may have guessed are extensions that appear at the end of some video files on a computer. Experts in cyber security have warned that these two domains have the potential to cause a lot of confusion when they are present in emails, social media, or websites.

This is primarily due to the fact that often, extensions like these are automatically turned into a clickable URL even though they might actually not be website links but rather a file that you would instead download onto your computer. The opposite could also be true, where you could assume that you’re receiving a very funny video or a compressed data file, but instead it’s a link to a malicious website and by clicking on it you have now compromised your computer or your organisation purely by accident.

It’s happened before

Unfortunately, this isn’t the first time something like this has happened. Phishing links have been around for a long time and have claimed many victims over the years. With these new domains up for grabs, a scammer with access to a photos.zip domain could easily fool someone into thinking they are receiving a compressed file with photos but instead are taken to a phishing website. Applications like these do have contingencies in place however, to help protect the user and Google has also made a statement that they are actively monitoring all domains sold to ensure that malicious activity is constantly flagged and dealt with. But it still raises the question as to whether or not these domains should have been released to begin with.

The results so far

This article by Netcraft highlights the research done by the cyber security community and the current fraudulent activity that is already in place after these domains were made available. Now we won’t bother you with the exact details of the cases but it is quite apparent that this is an existing risk and should be handled as such.

Conclusions and Recommendations

From a business owner’s point of view or an everyday user, there’s not much that can be done per say beyond mindfulness and general awareness of the problem that exists. Hopefully this article has brought light to the issue at hand and we can always practise vigilance moving forward to help combat any sort of malicious activity. Not all is doom and gloom, as mentioned above Google is actively trying to help users navigate through any complications or malicious activity as a result of these domains being made available, but the burden also falls on us as the end user to be aware of these issues and take the necessary precautions and preventive measures.