Warning from cyber expert to register au domain
- Written by Jacqueline Jayne, Security Awareness Advocate, KnowBe4
As a .com.au domain owner, there has been a lot of communication from domain organisations about the additional .au extension and the opportunity to secure yours before it is opened to everyone else.
I think it is extremely bad practice to make available the .au extension to someone who doesn't own the .com.au to start with. Over the years, as 100s of new extensions are added, domain holders have had no choice but to purchase them to protect brands, names or companies. There is a 'grace period' for .com.au domain owners to have the first right of refusal for their .au domain name, and that runs out at 23:59 UTC 20 September 2022 (9:59 AM AEST 21 September.
Cybercriminals have repeatedly proven to be opportunistic creatures, and they will be taking advantage of this situation. We saw it at the beginning of Covid with a ridiculous increase of covid related domain names being registered for the sole purpose of creating fake sites. If I were a cybercriminal, I would be looking to register as many .au domain names as possible, as they can be used for commercial, non-commercial or personal use and only require proof of Australian Presence to be eligible. This can be with an ABN, ACN, Passport, Drivers License, other personal or organisation ID. Whereas a .com.au domain is for commercial use only and requires a business ID to register.
Unfortunately, there will be countless .com.au domain owners who don't purchase the .au by 23:59 UTC 20 September 2022 (9:59 AM AEST 21 September), leaving it open for a cybercriminal to purchase it at 21:00 UTC 3 Oct 2022 (8:00 AM AEDT 4 October).and use it nefariously. Granted, they will need to provide evidence that they are in Australia - which, as we know, can be manipulated with stolen or fraudulent identification.
If you own a .com.au please take some time to consider if you would like to secure the .au version of your domain NOW.
As a consumer navigating the ever-changing cyber threat landscape, you must look for .au at the end of website addresses and links in emails or SMSs, as they may be fake.
For everyone - staying up to date and aware of the potential tricks cybercriminals use is ongoing and necessary for our online safety. Not only to protect organisations from cyber attacks - we need to keep ourselves, family and friends, safe.
