The Google subsidiary, TLD, has opened free registration for .zip domain names. The addresses were immediately bought up by scammers.
On their websites, the scammers offer downloads for plugins related to ChatGPT, Microsoft Office, and Google Analytics.
Domain names are being snatched up at lightning speed. For example, the address chatgpt.zip has already been purchased.
However, sometimes amusing files for downloading can be found on websites with the .zip domain. For instance, on the csgo.zip site, you can download an archive with a single photograph inside.
Here's what addresses the scammers have already taken over:
The Potential Issues with .zip Domains
The automatic conversion of URLs into clickable links is a common feature in various software applications, and it serves a useful purpose. Typically, strings ending with .com or other recognized top-level domains (TLDs) are identified as websites. However, due to the novelty of .zip domains, most programs are yet to include them in their updated TLD lists. As these programs receive updates in the future, it is highly likely that .zip domains will be included.
Consider a scenario where someone mentions, "Please find financialstatement.zip attached." With updated software, this statement could automatically generate a clickable link. Since the recipient expects to receive a zip file, an attacker could easily upload a malicious zip file to a website, making it appear inconspicuous to the end user.
Similar concerns also apply to file extensions like .mov, which represent video file formats.
Choosing a commonly used file extension as a TLD seems shortsighted, as it unintentionally aids phishers and malicious actors in their efforts to deceive and mislead potential victims. We are already witnessing software that converts .zip domains into clickable URLs. Consequently, even if someone mentions a .zip file in an older tweet on platforms like Twitter, that file name becomes clickable and leads users directly to a website. While this behavior has always existed, the recognition of .zip as a valid TLD brings about new risks and possibilities.
Comments (2)