Protecting Yourself from Phishing Attacks: Be Aware of Fake File Archivers in the Browser
Recently, a new phishing attack has emerged, targeting internet users. This attack takes advantage of ZIP and MOV domains to deceive users into launching malicious files. In this article, we will explain what this attack entails and provide you with essential tips to protect yourself.
Understanding the Threat
Google recently introduced ZIP and MOV Top Level Domains (TLDs), which allow websites and email addresses to end with “.zip.” or “.mov.” This development has sparked debates about its potential cybersecurity risks.
ZIP archives and MPEG 4 videos are widely used file types online, often ending in “.zip” or “.mov.” This makes it common for people to come across filenames with these extensions
Some messaging platforms and social media sites automatically convert file names with “.zip” and “.mov” extensions into clickable links. This convenience raises concerns as it could potentially lead to malware delivery or phishing attacks with the introduction of ZIP and MOV TLDs
How the Phishing Attack Works
Imagine receiving instructions to download a file called “setup.zip”. The instructions convert the file name into a clickable link, making it seem like a safe way to download the file. However, clicking on the link directs your browser to the “https://setup.zip” site, which might redirect you, show an HTML page, or prompt you to download a malicious file.
Protecting Yourself and Your Organisation from Phishing Attacks
- Download Files Only from Trusted Sources: Even if a file comes from a trusted source, only download it if you were expecting it. Remember that even trusted sources can be compromised. If you are uncertain about a file’s legitimacy, consult your manager or contact the sender through another method to confirm its authenticity.
- Exercise Caution with Unverified Programs or Files: Never unzip or run programs or files downloaded from the internet unless you can verify their authenticity. Be cautious, especially when encountering unfamiliar programs or files.
- Familiarize Yourself with File Extensions: Knowing your computer is crucial. If you come across a “.zip” file that opens with an unrecognized program, it may not be a program at all but a webpage designed to trick you. Stay vigilant and be aware of unfamiliar file extensions.
- Keep your computer up to date with the latest Operating System patches, and ensure you have a reputable Anti Virus program installed
The threat of phishing attacks, such as the “File Archivers in the Browser” attack, can be mitigated through user awareness, training, and vigilance. By following the provided guidelines and being cautious while handling files, you can protect yourself from falling victim to these malicious schemes. Stay informed and stay safe online.