Threat Actors Add ".Zip" Domains to Phishbait

Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet.

“Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write. “While the pool of new gTLDs has made phishing detection more difficult, adding .ZIP is especially noteworthy given its more common use as a file extension for compressed files.

This new domain extension will likely create confusion, especially among non-technical users, giving phishers a new and potentially effective tool to add to their attack arsenals. In phishing campaigns, a common tactic is to make malicious websites appear as legitimate as possible. Using a .ZIP domain can add an air of authenticity to a fraudulent site. A user may mistake the .ZIP in the URL for a file extension, believing they are downloading a file rather than visiting a malicious website.”

The researchers outline the following tactics to help defend against these attacks:

1. “Block .zip domains at the firewall level with web filtering services: Firewalls can be configured to block all traffic associated with '.zip' domains. This blanket strategy can effectively prevent network users from accessing these sites, minimizing the risk of encountering malicious content. However, it's important to note that this approach may also block legitimate sites using the '.zip' TLD.
2. “Leverage Browser Extensions or Web Filters: Using browser extensions or web filters that can analyze and rate the safety of websites can also be helpful. Some of these tools can warn users when they're about to enter a potentially malicious website.
3. “Education and Awareness: As always, one of the best mitigation techniques is to educate users about evolving risks. Teach them about the potential misuse of '.zip' domains and how to double-check URLs before clicking, especially when they come from an unsolicited source.
4. “Email Filtering: Implement advanced email filtering to block emails containing suspicious links. This can significantly reduce the risk of phishing attacks via email.
5. “Regular Software Updates: Ensure that all software, including antivirus programs, web browsers, and operating systems, are updated. Regular updates often include patches for the latest security vulnerabilities.
6. “Phishing Simulation and Training: Conduct regular phishing simulations to test user awareness and provide training to fill in knowledge gaps.”

New-school security awareness training can enable your employees to recognize evolving social engineering attacks.

Fortinet has the story.