There may not be an immediately obvious connection between the domain names of a business and cyber security precautions. However, the Australian Cyber Security Centre (ACSC) has released an Alert warning businesses that the new .AU domain name category, which became available on 24 March 2022, presents a potential opportunity for cyber criminals. The ACSC Alert is available on their website[1].

The ACSC Alert status is Low, but it does highlight the potential for cyber criminals (or others) to impersonate your business. Emails from a domain name with the exact same name as your domain name, but ending in .AU instead of, for example, .COM.AU, may appear to come from your business. In the words of Pooh-Bah in The Mikado, the similarity of the names may be “merely corroborative detail, intended to give artistic verisimilitude to an otherwise bald and unconvincing narrative”.

What to do?

The ACSC recommends that Australian businesses with existing domain names register the names as .AU domain names before 20 September 2022. After that date, the equivalent .AU domain name will then become publicly available for anyone to register.

Registration of a new.AU domain name can be made through an accredited auDA registrar.

How far should you go?

If, as the ACSC points out, the new .AU category could be used by cyber criminals (or others) to register a domain name that is identical with an existing domain name of your business, this could also be done by utilising existing categories or “namespaces”, such as .NET.AU. The .NET.AU category has the same description as .COM.AU, that is:

For commercial entities, such as companies (with an ABN or ACN as registered through ASIC), and businesses (registered with State Governments).

These are Australian categories, or namespaces. The same top-level domains can be registered with other country identifiers such as .UK or .NZ or just .COM.

Whether a business takes action to register its domain name(s) in other categories is a matter for the business to assess, having regard to the likelihood of bad actors registering the name in another category for nefarious purposes. If the domain name is a well known valuable trade mark or business name, the potential threat may be credible and may justify registration.

The other categories in which registration is made is also a value judgment. Possibly the principal categories where registration could be made are .AU, .NET and .COM.

Just something else to think about.

  1. https://www.cyber.gov.au/about-us/alerts/new-domain-name-changes-could-leave-your-business-or-organisation-risk

This communication provides general information which is current as at the time of production. The information contained in this communication does not constitute advice and should not be relied upon as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Should you wish to discuss any matter raised in this article, or what it means for you, your business or your clients' businesses, please feel free to contact us.

For more information, please contact...

Sandy Donaldson

View Profile →

Amy Bishop

View Profile →

Related Articles

View All News
December 20, 2023 New Reasons to Keep Your Contract Terms Fair
Corporate & Commercial
December 20, 2023 Is a Trade Mark License a Franchise?
Intellectual Property (IP)
December 20, 2023 Deeds vs Agreements
Corporate & Commercial
December 20, 2023 Trade Mark Use/Copyright and Fair Dealing – AGL v Greenpeace
Intellectual Property (IP)
December 20, 2023 When Can You Send Unsolicited Electronic Messages?
Corporate & Commercial
September 11, 2023 Advertising Health Services
Corporate & Commercial Health & Aged Care
October 14, 2022 Lessons From Theranos
Corporate & Commercial
October 12, 2022 Vendor Safety Nets
Corporate & Commercial
October 06, 2022 Bind Games
Corporate & Commercial
July 12, 2022 Personal and Confidential Information: Employer Obligations to Employees
Employment, Workplace Relations & Safety Intellectual Property (IP)
May 02, 2022 Privacy Week - Top Tips
Corporate & Commercial Intellectual Property (IP)
March 30, 2022 Domain Names and Cyber Security
Corporate & Commercial Intellectual Property (IP)
March 29, 2022 Are You a Director Who Still Needs to Get Your Director ID?
Corporate & Commercial
September 20, 2021 Termination of the Naval Group’s Australian Contract: What It Means for Local Subcontractors
Corporate & Commercial Defence
August 17, 2021 Music to Artists' Ears: Palmer to Pay Up Big for "Flagrant" Copyright Infringement
Intellectual Property (IP)
June 30, 2021 When are Directors Liable for Misleading or Deceptive Conduct, Passing off, Trade Mark Infringement or Unconscionable Conduct?
Corporate & Commercial Dispute Resolution & Insolvency Intellectual Property (IP)
June 30, 2021 NFT’s Explained: The Intellectual Property Implications of Licencing Digital Assets Through Blockchain
Intellectual Property (IP)
January 20, 2021 Terms and Conditions for Sale of Goods/Incoterms® 2020 and Vienna Convention
Corporate & Commercial
December 16, 2020 King Reigns All: High Court Decides Holding Companies May Be Held Accountable for Subsidiary Company Actions
Corporate & Commercial Dispute Resolution & Insolvency
December 16, 2020 Building and Construction Contracts: The Importance of Good Contract Administration
Corporate & Commercial Dispute Resolution & Insolvency Property