The new domain name category could leave your business or organisation open to fraudulent cyber activity, such as business email compromise.
From 24 March 2022, anyone with a local connection to Australia (including businesses, associations and individuals) will be able to register a new category of domain name. These shorter simpler domain names will end in .au rather than .com.au, .net.au, .org.au, .gov.au or .edu.au. . All Australian businesses will have until 20 September to reserve their .au equivalent domain name, then it becomes available to the general public.
This new option for domain names creates another avenue for cybercriminals to conduct fraudulent activity targeting your business or organisation. Specifically, cybercriminals could register a .au domain name and use it to impersonate your business, such as by registering yourbusiness.au where you have already registered yourbusiness.com.au.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends that all Australian businesses with existing domain names register their .au equivalents in the next six months. Businesses should consider registering a .au domain name that includes their current top level domain. For example, a business that currently owns yourbusiness.com.au should register yourbusiness.au and yourbusinesscom.au. This will prevent cybercriminals from registering these domain names in the future and using them to conduct fraudulent cyber activities.
Existing domain name owners have until 20 September 2022 to register the .au equivalent of their existing domain names. Where a domain name is contested, such as when one business owns yourbusiness.com.au and another owns yourbusiness.net.au, a process known as priority allocation will be used to determine who is able to register their .au equivalent.
If a business does not apply for priority allocation, the .au equivalent of their domain names will become available for registration to the general public (and cybercriminals). The ASD's ACSC recommends that all businesses pursue priority allocation for their domain names.
Businesses can be one step ahead of cybercriminals by registering .au domain names through an auDA accredited registrar.
For more information about .au domain names, visit auDA’s website.
If your business or organisation is a victim of business email compromise, or other fraudulent activity, please report the incident to the ASD's ACSC through ReportCyber or contact 1300 CYBER1 for support.