Recently, .zip top-level domains have become available for public purchase. A top-level domain is the final section of a domain name. So, in knowbe4[dot]com, “.com” is the top-level domain. Unsurprisingly, cybercriminals have begun purchasing and using .zip domains for their own malicious purposes.

In the coming months, we expect to see an influx of cybercriminals trying to take advantage of .zip domains in their phishing scams. Cybercriminals may use .zip domains to trick you into thinking you're downloading a file instead of visiting a malicious website. If you click a malicious .zip link, cybercriminals can trick you into entering your sensitive information.

Follow the tips below to spot similar scams:

Before you click a link, look at the top-level domain. If it’s a .zip domain, it could be a phishing link.
Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.

For more information about IT and cybersecurity services for small and medium businesses or to schedule a free initial consultation with no obligation for your business, contact ORAM Corporate Advisors now at (617) 933-5060.