In May 2023, Google introduced eight new top-level domains (TLDs), including .zip and .mov. A TLD is the part of a website address that comes after the dot, such as .com, .org, or .ca.
The new .zip and .mov TLDs are being targeted by malicious actors to create deceptive phishing links. These TLDs are associated with common file extensions, making them attractive for exploitation.
Consider the following example to help understand the issue:
LEGITIMATE LINK: https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip
This is a genuine link to a Zip archive hosted on GitHub, functioning as expected.
DECEPTIVE LINK: https://github.com/kubernetes/kubernetes/archive/refs/tags/@v1271.zip
This altered link would not link to GitHub, a trusted website. Instead, it would redirect the user to https[:]//v1271[.]zip, which could be a malicious website using the new .zip domain.
In this example, the deceptive link exploits two factors:
Please remain cautious and exercise good judgment when encountering unfamiliar or suspicious links, particularly those involving the .zip or .mov domains.
Additionally, take proactive measures to enhance your security, including:
If you do fall victim to a phishing scam, do not be embarrassed. Report any and all suspicious email messages to is-spam@mcmaster.ca. If you have opened any suspicious emails, links or attachments please report it to the UTS Service Desk.
You can also visit McMaster’s Phish Bowl to check out examples of recent phishing attempts reported by members of the McMaster Community.
Thank you for continuing to help McMaster stay cyber secure.
News Category