The following paragraphs are from an alert sent out this morning by the cybersecurity company, Arctic Wolf.  There are many common top-level domains (TLD's) such as .com, .edu, and .gov used to identify websites and email addresses.  While all TLD's have the potential to be used legitimately or maliciously, some TLD's, such as .zip, are more frequently used by malicious actors.

"On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is .zip.

The .zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of .zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with .zip extensions. A threat actor could theoretically purchase a .zip domain with the same name as a commonly used filename, such as " update.zip", and have a victim mistakenly visit the site during a phishing campaign to download malware.

Arctic Wolf has identified some .zip domains being abused for successful phishing campaigns leveraging popular office software suite filenames already. Based on tactics, techniques, and procedures (TTPs) we’ve seen in phishing campaigns in the past, we expect more threat actors will continue to use these TLD’s for their phishing domains in the near future."