Watch Out for .zip Domains!

If you clicked on offerletter.zip in an email or entered it into Windows Explorer, you might be surprised you ended up here instead of opening the file you were expecting. So what’s going on?

Starting from May 2023, anyone can create a website ending in .zip. This can create confusion for two reasons:

1. Some services automatically add clickable links when you enter a domain name. So if you get hired and your new boss sends you a message saying “Please see the attached offerletter.zip,” their email service may automatically convert “offerletter.zip” into a clickable link. When you read it, you might click the link instead of the attachment, thinking it will just download the file for you. Instead, it directs you here.
2. Windows Explorer will take you to a website if you search for a non-existent zip file on your computer. So if you type “offerletter.zip” into Windows Explorer but there’s no file by that name on your system, it will take you here instead.

Bad actors can abuse this by creating malicious .zip websites in the hopes that users like you will go there by mistake. For example, they can create a site that automatically downloads malware, or they may try to trick you into entering your personal details.

So now you know! Stay safe out there!