Need Fully Autonomous Phishing?

Schedule Demo
Min To Read

Unzipping a New Era of Cybersecurity Threats: The '.zip' Domain

Published on
August 2, 2023
Subscribe to our blog alert!
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share On LinkedIn:

The digital landscape of the 21st century has evolved into a complex web of interconnected systems, where information dissemination and data transfer are virtually instantaneous. However, along with its many benefits, the Internet age has brought with it a plethora of cyber threats. One such prevalent menace is "phishing," a cybercrime wherein individuals are duped into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords.

This article aims to elucidate the concept of phishing and its deceptive practices, focusing on the misuse of URLs – the cornerstone of internet navigation. In light of Google's recent release of the .zip and .mov domains, we delve into the potential pitfalls and examine their possible misuse in phishing schemes.

Understanding Phishing

Phishing is a form of online fraud that uses deceptive emails, texts, or websites, posing as trustworthy entities to lure victims into revealing personal information. The phisher, or the attacker, crafts a scenario that tricks the user into believing that they are interacting with a legitimate institution—often a bank, an email service provider, or a well-known commercial brand.

Deceptive URLs: A Phisher's Bait

In phishing attacks, one of the most common tactics is to use deceptive URLs. These URLs often bear a striking resemblance to legitimate websites, designed to trick the user into believing that they are visiting a trusted site. This can be achieved in several ways:

  1. Look-alike domains (or typosquatting): In this method, attackers register domain names similar to popular websites but with slight misspellings or typos. For instance, 'Gooogle' instead of 'Google'.
  2. Subdomain trickery: Here, attackers create a subdomain that includes the name of a legitimate site. For instance, '', where '' is the actual website, and '' is the subdomain designed to deceive.
  3. Fake Files: Now with the introduction of ".zip" and ".mov" attackers can create a link, and disguise it as a common file type that many users are familiar with to redirect them to downloading a malicious file hosted online, rather than including it directly in the email to avoid detection from email security tools.

Google's .zip and .mov Domains: How They Will Be Exploited.

On May 3, Google launched two novel generic top-level domains (gTLDs): .zip and .mov. These extensions, though devised with positive intentions, inadvertently open up opportunities for phishing attacks due to their potential misuse.

The .zip domain raises particular concerns, given the commonplace association of 'zip' with compressed file formats. Typically, users recognize '.zip' as a suffix in file names, signifying a compressed archive. Similarly, '.mov' is a widely recognized format for video files. These familiar extensions, paired with deceptive techniques, can be exploited for phishing attempts.

Consider the use of the @ symbol, for instance: Despite appearances, this URL directs users to the PhishFirewall website rather than Google. The illusion can be further enhanced with the addition of backslashes using Unicode characters U+2044 (⁄) and U+2215 (∕), treated as standard text by most browsers. The resulting URL -⁄internal-documents⁄ - once again directs unsuspecting users to the PhishFirewall site.

Now, envision a domain titled, and the potential risks associated with these new domain extensions become increasingly evident. It opens the door to crafting effective spear-phishing campaigns on a large scale, through the creation of dynamic URLs employing the domain used in the recipient's email.

As of May 15, the .zip domain has seen 3,287 registrations, and .mov has attracted 532. While these figures may seem inconsequential, it's important to understand that each domain poses a potential threat as a phishing site. Furthermore, it's worth noting that there are likely only a small number of legitimate businesses that would find practical use for these domains, accentuating the risk of misuse.

With this new development, it is imperative that internet users exercise heightened caution when interacting with unfamiliar URLs, especially those ending with the .zip and .mov extensions. Always scrutinize the full URL before clicking on any links, paying particular attention to the use of special characters or unfamiliar domain structures. If a link appears suspicious or originates from an unknown source, it's best to avoid clicking on it. Remember, legitimate businesses typically adhere to clear and simple web practices, and unusual URL structures can often indicate a deceptive or harmful intent. Ultimately, your safety and security online heavily depend on being vigilant, informed, and proactive in the face of potential threats.

Preventing Phishing: Best Practices

With the potential misuse of the .zip and .mov domains, it is more crucial than ever to promote awareness and adopt best practices to prevent falling victim to phishing attacks.

  1. Check the URL: Always verify the URL before clicking. If you receive an unexpected email from a known entity, navigate to their official website independently rather than clicking the link provided.
  2. Look for HTTPS: HTTPS signifies that the data between your browser and the website is encrypted. While this doesn't guarantee safety, most legitimate websites use HTTPS, and its absence can be a red flag.
  3. Be wary of unsolicited communications: Phishing attacks often start with an unsolicited email or text message that elicits a sense of urgency or fear. Be cautious with such messages and validate their source before responding.
  4. Install security software: Robust security software can help protect your devices from various forms of cyber threats, including phishing.
  5. Educate and train: Regularly updating your knowledge about the latest phishing techniques and participating in cybersecurity training can significantly lower the risk of falling for a phishing scam.


While Google's introduction of the .zip and .mov domains presents a potential new vector for phishing attacks, it is important to remember that any domain can be misused in the hands of phishers. The key to mitigating this risk lies in being aware, staying vigilant, and adhering to best practices. As the digital landscape continues to evolve, so too must our understanding and strategies to combat such threats. Cybersecurity is not a destination, but a journey that requires consistent effort and adaptation to the ever-changing threat landscape.