Google's release of new TLDs raises concerns over phishing and scams
In early May, Google made headlines by unveiling eight new top-level domains (TLDs), the suffixes that appear at the end of URLs like ".com" or ".uk." While these additions were intended to expand and organize URLs, two of the domains introduced by Google—".zip" and ".mov"—have sparked concerns due to their potential for facilitating phishing and online scams. This article delves into the implications of these new TLDs and the debates surrounding their impact on internet security.
The risky intersection of TLDs
The distinctive aspect of ".zip" and ".mov" lies in their overlap with common file extension names. ".zip" is universally recognized as a file compression format, while ".mov" is associated with Apple's video format. This convergence raises alarm bells as URLs resembling file names can create opportunities for cybercriminals to execute phishing attacks. There are already reports that some of these TLDs are being used in such attacks.
By tricking users into clicking on seemingly legitimate links, scammers can redirect them to malicious websites. Furthermore, the introduction of these domains exacerbates the existing issue of programs mistaking file names for URLs and automatically generating links. Cybercriminals could strategically purchase ".zip" and ".mov" URLs that mirror common file names, exploiting the automatic linking of references to these files to direct unsuspecting users to malicious sites.
Mixed reactions to the decision
Amidst the unveiling of these potentially problematic TLDs, researchers have already observed instances of malevolent actors acquiring ".zip" URLs and incorporating them into phishing campaigns.
However, the security community is divided regarding the actual impact of these new domains, given that scams capitalizing on URL confusion are already prevalent. On one hand, proponents argue that existing safeguards, such as anti-phishing protections deployed by proxies and traffic management tools, can be adapted to address the risks associated with ".zip" and ".mov" domains.
Google, in response to concerns, maintains that the confusion between domain names and file names is not a new issue. The company cites examples like 3M's use of the domain name "command.com," which overlaps with an important program on MS-DOS and early Windows versions. Google assures users that applications have measures in place, including Google Safe Browsing, to mitigate these risks.
The company emphasizes its existing mechanisms within Google Registry to suspend or remove malicious domains across all its top-level domains, including the new additions. Google pledges to closely monitor the usage of ".zip" and other TLDs and take appropriate action to protect users if new threats emerge.
Experts are undecided
Debates within the security community highlight differing opinions regarding the significance of the new TLDs. Some experts argue that considering the widespread susceptibility to phishing attacks, the introduction of domains like ".zip" and ".mov" poses minimal additional risk. They emphasize the difficulties users already face in discerning legitimate URLs, and the lack of awareness regarding correct URLs for various services. These experts believe that the concerns surrounding these TLDs may subside without significant consequences.
Critics, however, contend that Google, a company renowned for its investments in anti-scam and anti-phishing initiatives, should have refrained from offering these specific TLDs. They argue that despite other TLDs overlapping with file extensions, further proliferation of such overlaps is unnecessary. Critics accuse Google of creating usability and security challenges for downstream providers to address, seemingly driven by the pursuit of easy profits.Advertisement