Phishing attacks are becoming increasingly sophisticated and dangerous. A new technique known as “file archiving in the browser” has been uncovered that could be used to trick people into downloading malicious files. This involves creating a fake file archiving software in a web browser and hosting it on a .zip domain to make it appear more legitimate. When a victim clicks on a file, they could be redirected to a page for credential harvesting, or tricked into downloading an executable file. The Windows File Explorer search bar can also be used to initiate the fake ZIP file in the web browser.
To make things worse, Google recently launched eight new top-level domains (TLDs), including .zip and .mov, which could be easily mistaken for legitimate file extensions, making it easier for phishers to deceive their victims. According to a report from Perception Point, the number of advanced phishing attacks attempted by threatening actors in 2022 increased by 356%. Cybercriminals are also exploiting legitimate features of Microsoft 365 and Teams accounts to aid in phishing and malware delivery. They can weaponize existing links in messages sent by replacing harmless links with malicious ones.
Source: Hackernews
To mitigate these potential threats, it’s important to implement additional cybersecurity measures with the help of a trusted partner like INFRA (www.infrascan.net), or you can try yourself using check.website .