Google recently released some new top-level domains for purchase.
What is a Top-Level Domain?
A top level domain is one of the most important parts of a website’s internet address, after the ‘root’ zone. A URL (Uniform Resource Locator) is made up of several pieces. The first part, usually http:// or https:// is the ‘scheme’, which tells your device which application it should use to open the URL. ‘www’, the part right after that part, is a subdomain – it gives your device additional information about the website, and can even be swapped out depending on the website being used (although www is very common). After that is the domain – in a website name like www . example . com, ‘example’ is the domain. In www. Google . com, Google is the domain.
After that is top-level domains – the last part of the address that use .com, .org, .gov, and others, which are just below the domain name in importance. If you type in the wrong top-level domain, you will not land on the correct website, just like if you mistyped the main domain name. Some top-level domains are controlled (only U.S. government bodies can use the .gov ending, according to CISA, and only websites in the United Kingdom use the .uk top-level domain) but others are open and available to whoever wants to use them. They don’t have to be three letters or less, either – .pizza , .tube, and .online are just some of the top-level domains one can buy. Truly, the world is an oyster!
Trouble Afoot
With all that out of the way, what has Google done this time?
The thing about top-level domains is that they have to be for sale first! There are a limited number of domain vendors, and not every domain vendor can sell every type of top-level domain. However, any established organization in the world, public or private, can apply to create and then operate a new top-level domain. They have to prove their capability, because doing that takes a lot of money and server space, but it’s possible for large companies like Google.
The problem is that a few of Google’s cool new top-level domains are A) already in existence elsewhere, and B) exist in a place where they can overlap. Google released eight new top-level domains, and two among them are also file types: .zip and .mov.
For convenience, many websites will turn links into hyperlinks. Typing in www.google.com into Word, for example, will create a hyperlink. The same goes for Outlook and Teams. This is the core of the problem – trying to reference a file you’ve saved elsewhere in online communications channels is creating an opportunity for the recipient to click on a link they didn’t mean to.
If you mean to tell someone that they should check out the photos[dot]zip file attached to the email you’re sending, and they mistakenly click the auto-hyperlink instead of downloading the file attachment, they’re left visiting an unknown (potentially malicious) website. Or, if someone in a Teams chat group says the new photos are ready in the photos[dot]zip file in the company OneDrive, then they’ve opened their team up to accidentally clicking a link thinking it leads to the shared files. Simple statements that weren’t issues before are now security risks! A particularly clever scammer could set up auto-downloads for .zip files named the same as the website, so the victim doesn’t even realize they’re downloading malware. If their browser throws a warning, they’re likely to trust the source if they don’t know that this is a possibility. The same goes for .mov files, but those aren’t as common as .zips are.
Google has basically opened the door to a new kind of scamming, and their reasons for doing so are unclear.