Extra domains
This is what people get for all those stupid extra vanity domains. If we just stuck to .com we wouldn't have most of these.
Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information. Threat researchers at cybersecurity firm Cyble found six fake Zoom sites offering applications that, if clicked on, will …
Nah, if there were no vanity domains, crims would just exploit Unicode-based URLs. For example, what we call a "slash" is known in Unicode as a "solidus", U+2F. Unicode also has what they call a "fullwidth solidus", U+FF0F. Depending on which character set you're using, they look similar enough to be visually-confused. So right there, you've got the means to send people to a custom, malware-bearing URL.
Part of this is also the brain-dead decision by Zoom that: oh, we can't confuse our users by having them actually have to go through a proper install procedure, let's get it so ordinary-privilege users can have Zoom running by sticking it all in their UserApps directory, bypassing all their local Program Files protections.