Recently, Google added eight new TLDs to the Internet which, according to some, might be cause for concern. A TLD, or top-level domain, is the segment in a domain that is furthest to the right. For example, .com, .org, .net and .gov are some recognizable TLDs used today. Initially, TLDs were used to help classify the purpose, geographic region, or operator of a certain domain. For example, .com was used for sites run by commercial entities, .edu for schools, .org for nonprofit organizations, and so on. There are also some country codes that exist like .uk for the United Kingdom, .fr for France, and more. Now, there are thousands of TLDs that exist. It is estimated that, since Google has added those eight new TLDs, the total number of TLDs is 1,480.
Some people are concerned about this move by Google, especially with two of the new TLDs: .zip and .mov. Google’s marketers have stated that the .zip TLD is supposed to be for domains with a theme of “tying things together or moving really fast” and .mov for “moving pictures and whatever moves you.” However, some red flags have been raised by security professionals involving this decision because .zip and .mov are two suffixes that already exist in the computer world and are used to designate something entirely different. Both are used in saving files: You may have seen names ending in .zip on archive files that use a compression format known as zip, and .mov is used for some video files.
The concern surrounding the new TLDs has arisen out of fear that they will cause confusion, particularly if displayed in emails or messages. Right now, if your computer sees a link for a website in a message, it will automatically lead you to that domain once the link is clicked. Now, since .zip and .mov are going to be TLDs and file name ends, the computer may accidentally lead users astray. Security practitioners are worried that messages that refer to a file with a .zip or .mov ending may accidentally be transformed into a clickable link, and that scammers will take advantage of this vulnerability.
Bad actors, with this knowledge, may start to register domain names that resemble popular file names. Then, if that file name is mentioned in a message somewhere and that person’s computer accidentally turns it into a link to a website, they will be led to the bad actor’s domain. Here, the scammer can do what scammers do, like download malicious content onto their victim’s device or trick them into handing over sensitive information. This might be just another one of the ways that scammers will be able to lure in victims. Using this method, the bad actor doesn’t even have to have any contact with their victims like sending a phishing email, so it is incredibly easy to set up. Plus, this is just one of the ways that this development has been predicted to be misused.
Even after criticism, Google representatives have been defending the company’s choice to add .zip and .mov as TLDs. They claimed that the company would monitor the usage of these TLDs for any threats they may pose, but also provided a few reasons why its new TLDs are safe. One safety measure they mentioned was that browser protectors will warn users when they attempt to navigate to a malicious website. It is yet to be seen what will happen next. But as always, you, as the end user, need to be aware and on the look out for this new risk.