A recent move by Google to brings eight new top-level domains online raised concerns that at least two of them could be very useful to online fraudsters trying to trick others into clicking on malicious links.
Two weeks ago, Google added eight new TLDs to Dianetwork, bringing the total number of TLDs to 1.480, according to the Internet Assigned Numbers Authority, the organization that oversees DNS Root, IP addresses, and other Internet resources.
Two of these new Google TLDs, .zip and .mov, have caused some backlash in some security circles.
Although professional marketers at Google state that the goal is to use them to show the “binding of things together” and “moving pictures”, respectively, these two endings are already used to designate something completely different.
Specifically, .zip is an extension that usesto you archives archivers that use a compression format known as zip.
The .mov format, on the other hand, appears at the end of video files, usually when they are created in Apple's QuickTime format.
Many security professionals warn that these two TLDs will cause confusion when they start appearing in emails, social media or elsewhere.
The reason is that many websites and software automatically convert strings like “iguru.gr” or “iguru.news” into a URL that, when clicked, takes a user to the corresponding domain.
The concern is that emails and social media posts from malicious users referring to addresses such as iguru.zip or iguru.mov will automatically turn them into clickable links, but will not lead to a web page but to some malicious zip or mov file.