Google launched this week a new TLD or “Top Level Domain” of .zip, meaning you can now purchase a .zip domain, similar to a .com or .org domain for only a few dollars. The security community immediately raised flags about the potential dangers of this TLD. In this short write-up, we’ll cover how an attacker can leverage this TLD, in combination with the @ operator and unicode character ∕ (U+2215) to create an extremely convincing phish.

Ouch. What could possibly go wrong?
Who in his right mind thought that a .zip Top Level Domain would be a good idea? What's next, .ppt and .xls?