To the average user—and even many automated security filters—this looks like a link to a specific product page on the official Amazon site. But look closer. In the world of web browsers, the symbol tells the browser to ignore everything before it and treat it as user info. The actual destination of that link is amazon.zip . If a bad actor owns the domain amazon.zip , they can:
Imagine receiving an email that looks like a standard shipping notification. It includes a link that says amazon.com∕products∕order-id-12345@amazon.zip .
The internet just got a little more confusing, and unfortunately, a lot more dangerous. With the recent release of the , a new breed of "domain collision" attacks is making life easy for hackers and a headache for everyone else. What is a .zip Domain?
Instead of clicking links in emails, go directly to Amazon.com in your browser and check your "Orders" tab manually.
The arrival of these domains means we have to update our "internet street smarts":
These tools are smarter than humans; they won't autofill your credentials on amazon.zip because they know it isn't the real amazon.com .
Always hover your mouse over a link to see the actual destination in the bottom corner of your browser.