Phishing has been a digital thorn in the side of cybersecurity for over a decade. These unsolicited, cleverly masked requests are the wolf in sheep’s clothing of the digital world. They are always looming, waiting for some unsuspecting employee to click on a malicious link or attachment that can send your company into a crisis.

In the ever-evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. It is recognized as a strategic technique under the Initial Access tactic in the MITRE ATT&CK framework. The FortiGuard Labs Global Threat Landscape Report for the second half of 2022 identifies phishing as the primary attack method being used to achieve initial access in a network breach, thereby laying the groundwork for further stages of an attack, as does the 2023 Global Ransomware Research Report.

One technique used by threat actors is to disguise their phishing attacks with creative names that look legitimate to the casual reader but that link to malicious sites. In this blog, we will look into a new threat resulting from the addition of a new Top-Level Domain (TLD), ‘.ZIP’.