Google's release of new TLDs raises concerns over phishing and scams

Emre Çitak
May 25, 2023
Updated • Feb 12, 2024
Google
|
4

In early May, Google made headlines by unveiling eight new top-level domains (TLDs), the suffixes that appear at the end of URLs like ".com" or ".uk." While these additions were intended to expand and organize URLs, two of the domains introduced by Google—".zip" and ".mov"—have sparked concerns due to their potential for facilitating phishing and online scams. This article delves into the implications of these new TLDs and the debates surrounding their impact on internet security.

Google TLDs
Google introduced new TLDs in early May - Image courtesy of Google

The risky intersection of TLDs

The distinctive aspect of ".zip" and ".mov" lies in their overlap with common file extension names. ".zip" is universally recognized as a file compression format, while ".mov" is associated with Apple's video format. This convergence raises alarm bells as URLs resembling file names can create opportunities for cybercriminals to execute phishing attacks. There are already reports that some of these TLDs are being used in such attacks.

By tricking users into clicking on seemingly legitimate links, scammers can redirect them to malicious websites. Furthermore, the introduction of these domains exacerbates the existing issue of programs mistaking file names for URLs and automatically generating links. Cybercriminals could strategically purchase ".zip" and ".mov" URLs that mirror common file names, exploiting the automatic linking of references to these files to direct unsuspecting users to malicious sites.

Mixed reactions to the decision

Amidst the unveiling of these potentially problematic TLDs, researchers have already observed instances of malevolent actors acquiring ".zip" URLs and incorporating them into phishing campaigns.

However, the security community is divided regarding the actual impact of these new domains, given that scams capitalizing on URL confusion are already prevalent. On one hand, proponents argue that existing safeguards, such as anti-phishing protections deployed by proxies and traffic management tools, can be adapted to address the risks associated with ".zip" and ".mov" domains.

Google, in response to concerns, maintains that the confusion between domain names and file names is not a new issue. The company cites examples like 3M's use of the domain name "command.com," which overlaps with an important program on MS-DOS and early Windows versions. Google assures users that applications have measures in place, including Google Safe Browsing, to mitigate these risks.

The company emphasizes its existing mechanisms within Google Registry to suspend or remove malicious domains across all its top-level domains, including the new additions. Google pledges to closely monitor the usage of ".zip" and other TLDs and take appropriate action to protect users if new threats emerge.

Google TLDs
There is an ongoing debate over the safety of new Google TLDs

Experts are undecided

Debates within the security community highlight differing opinions regarding the significance of the new TLDs. Some experts argue that considering the widespread susceptibility to phishing attacks, the introduction of domains like ".zip" and ".mov" poses minimal additional risk. They emphasize the difficulties users already face in discerning legitimate URLs, and the lack of awareness regarding correct URLs for various services. These experts believe that the concerns surrounding these TLDs may subside without significant consequences.

Critics, however, contend that Google, a company renowned for its investments in anti-scam and anti-phishing initiatives, should have refrained from offering these specific TLDs. They argue that despite other TLDs overlapping with file extensions, further proliferation of such overlaps is unnecessary. Critics accuse Google of creating usability and security challenges for downstream providers to address, seemingly driven by the pursuit of easy profits.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Blimey O'Riley said on May 26, 2023 at 4:53 pm
    Reply

    ThioJoe covers this issue pretty well with a couple of recent videos –

    https://www.youtube.com/watch?v=GCVJsz7EODA
    https://www.youtube.com/watch?v=V82lHNsSPww

    In short, a stupid idea, as he illustrates.

  2. Mr. Roper said on May 26, 2023 at 7:55 am
    Reply

    @Davin Peterson,

    So quit using a proprietary operating system and switch to Linux already. Get with the times, man.

  3. Davin Peterson said on May 25, 2023 at 1:59 pm
    Reply

    I think that is a stupid idea to have a .zip domain because .zip is used for ZIP files on Windows. ZIP files could have malicious files inside, so a person who is not very computer literate could mistakenly download malware to their Windows PC such as clicking on ZIP link in an email

    1. John G. said on May 25, 2023 at 3:50 pm
      Reply

      +10

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.