Watch Out for .zip Domains!

If you clicked on campingphotos.zip in a message or email someone sent you and ended up here instead of downloading a zip file, you might be wondering what’s going on. Let me explain…

Starting from May 2023, anyone can create a website ending in .zip. This can create confusion because some services automatically add clickable links when you enter a URL.

So if your friend sends you photos from their camping trip and says “Here’s my vacation photos: campingphotos.zip,” their messaging service may automatically convert “campingphotos.zip” into a clickable link. When you read it, you might click the link instead of the attachment, thinking it will just download the file for you. Instead, it directs you to a website that has nothing to do with your friend or their camping trip.

Bad actors can abuse this by creating malicious .zip websites in the hopes that users like you will go there by mistake. For example, they can create a site that automatically downloads malware, or they may try to trick you into entering your personal details.

So don’t click on clickable file names unless you’re absolutely sure you know where they go.

Stay safe out there!