Arrow back

Beware of .zip domains: The hidden risks of new top-level domains

08 June, 2023

Today, we're diving into the curious world of top-level domains (TLDs).

You know, those web address suffixes that end in .zip, .google, or .literallyanythingyouwant?

While these new domains may seem like a breath of fresh air in the digital landscape, they also bring along a set of risks that organisations must be aware of.

So, grab a cup of coffee as we explain top-level domains, explore the potential dangers within these seemingly harmless domain extensions and share how you can protect yourself. Let’s get started.

What is a top-level domain?

Whilst a top-level domain (TLD) might seem alien, you can’t use the internet without them. In fact, we’d wager that you’ve seen them in use millions of times. So, what are they?

Quite simply, they’re suffixes at the end of every URL, like ‘’ and ‘.com’. Initially indicating the country of origin for the website, today there are literally thousands of TLDs, ranging from .academy to .zone.

New TLDs are periodically introduced to open the web to more websites and more descriptive domains.

  • .Foo
  • .Zip
  • .Mov
  • .Nexus
  • .Dad
  • .Phd
  • .Prof
  • .Esq

How do TLDs open the gates to cyber criminals?

Confusion and mimicry

Picture this: You receive an email from a trusted-looking source, and the sender's domain ends in .zip. It seems legitimate, right? Wrong!

The introduction of new TLDs has given cybercriminals an extra tool to deceive unsuspecting victims.

Scammers can now easily create domains that mimic popular brands or institutions, making distinguishing between the real deal and a malicious imposter harder. It's like a virtual camouflage!

The subtle art of phishing

We've all heard of phishing attacks, but the new domains have taken this age-old threat to a new level.

With domain names like .google or .bank, scammers can easily craft deceptive URLs that appear trustworthy.

Imagine receiving an email from your bank, urging you to click on a link to resolve an urgent issue, only to find out later that it was an elaborate ploy to steal your sensitive information.

Sneaky, right?

Protect your organisation with truly effective training

Join the thousands who've discovered how Bob's Business' security and compliance awareness training reduces risk, demonstrates improvement and builds cultures.

Poor reputation management

Remember when we used to judge a website's trustworthiness based on its domain?

Well, the rise of new TLDs has shaken that foundation.

Organisations now face a greater challenge in managing their online reputation.

A reputable company could own a .com domain, but someone with malicious intentions could also registers the same name with a different TLD.

This can create confusion among customers and tarnish the organisation's brand image. It's a digital identity crisis!

Confused security systems

As new domains continue to evolve, security measures struggle to keep up.

Traditional security systems may not be equipped to handle the unique risks these unfamiliar TLDs pose.

The algorithms and filters that once reliably detected suspicious URLs now face an uphill battle against the ever-expanding domain landscape. It's a constant game of cat and mouse between cyber defenders and attackers.

What does this mean for your organisation?

In this brave new world of ever-expanding top-level domains, it is paramount for organisations to recognise the hidden risks that accompany such territory.

Cybercriminals are seizing the opportunity to deceive, phish, and impersonate using these new domains.

To protect against these malicious schemes, businesses must prioritise education and awareness among their employees and customers.

It is vital to inform them about the dangers lurking within unfamiliar TLDs and implement robust security measures.

The next time you receive an email from your favourite online store or trusted bank, exercise caution and double-check the domain before taking any action.

As technology continues to advance, so do the risks. However, we can navigate the digital realm safely and confidently, armed with knowledge and vigilance.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance