Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information but the email may not contain your name. Most phishing emails will start with “Dear Customer” so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.

Example how a .zip phising link could look in webbrowser:

https://www.reddit.com∕r∕memes∕collections∕@dank-meme-collection-version.01x.zip

Or this one that looks like a legit download link from the Runelite Github page

https://github.com∕runelite∕launcher∕releases∕download∕0.1.x∕@runelite-client-version.01x.zip

Beware that any domain can be used this way, for example ".mov"

Want to learn more?

Check out: https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5

List of registered .zip domains: https://github.com/trickest/zip/blob/main/zip-domains.txt