Be careful with .zip and .mov extensions, they could be used by fraudulent sites ☣️
Cliquez ici pour lire en français
Recently, Google made a decision that has caused concern among computer security experts. The company introduced new domain name extensions, two of which pose risks to users.
Domain name extensions that create discord😵💫
Domain name extensions are the characters that appear after the last dot in a web address. For example, for your favorite blog, the extension would be .co. Google recently announced eight new top-level domain name extensions, namely .dad, .phd, .prof, .esq, .foo, .zip, .mov and .nexus.
Today, Google Registry is launching eight new top-level domains: .dad, .phd, .prof, .esq, .foo, .zip, .mov and .nexus. Learn more ↓ https://t.co/3AffFnPhYu
— Google (@Google) May 3, 2023
If you noticed the list above carefully, you may have noticed two extensions that look familiar: .zip and .mov. These are indeed commonly used file extensions for compressed files and videos respectively. This is precisely what cybersecurity experts are concerned about.
Have you ever heard of phishing? Even if you are not familiar with these terms, it is likely that you have already been confronted with this form of scam. In a phishing attack, fraudsters pose as well-known organizations (banks, tax authorities, social security funds, etc.) using their logo and name. Their goal is to get your personal or banking information. Usually, fraudsters use an e-mail address that looks like a legitimate one, with only a few characters changed to avoid arousing suspicion. The same principle can now be applied to domain names, as the example below shows.
Seemingly innocuous names such as johnwick4.mov or microsoft-office.zip can redirect to phishing sites, as shown in the screenshot below. Even worse, browsers and some platforms like Twitter automatically convert these links into download instructions, further exposing users.
Towards a ban on these domain names? ❌
There have been calls for Google to remove these domain name extensions. The Internet Storm Center, an Internet threat and security incident monitoring and alert service, recommends blocking access to .zip domains. An open source developer named Matt Holt has also started a petition on Github, asking Mozilla to exclude .mov and .zip file extensions from its public list of suffixes.
After being contacted by BleepingComputer, Google wanted to allay the experts’ concerns.
« The risk of confusion between domain names and file names is not a new one.[…]Applications have mitigations for this (such as Google Safe Browsing), and these mitigations will hold true for TLD’s such as .zip.[…]
Google takes phishing and malware seriously and Google Registry has existing mechanisms to suspend or remove malicious domains across all of our TLDs, including .zip. We will continue to monitor the usage of .zip and other TLDs and if new threats emerge we will take appropriate action to protect users. »
How can you protect yourself?🛡️
It is always wise not to click on links from untrusted sources or download files from unsafe sites. Therefore, there is no need to perform additional actions to protect yourself from phishing sites.
However, exposure to these types of links is likely to increase as more and more applications automatically turn ZIP and MOV file names into clickable links. This means that you need to be vigilant when browsing online and consider this additional element to watch out for. As with any other suspicious link, it is recommended to conduct prior research before clicking on it. If you have any doubts about the safety of the link, it is best not to follow it.
Sources : 01net, Bleeping Computer