Credit: Dreamstime
The opening of registrations for the .au domain name has opened up the potential for existing Australian website owners and their visitors to fall victim to fraudulent copycats.
From 24 March, users that hold a local connection to Australia are able to apply for an .au domain name without the need for another top-level domain (TDL), such as .com, .net or .org., with Australian businesses having until 20 September to reserve a .au for their website before registration opens up to the general public.
However, according to the Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC), the introduction of .au domain name registration has created the potential for cyber criminals to mimic existing businesses for dishonest purposes.
“For example, if you have currently registered yourbusiness.com.au, a cyber criminal could register yourbusiness.au or yourbusinesscom.au and use these domains to conduct fraudulent cyber activities,” the ACSC said.
These fake domain holders can then go on and impersonate well-known companies and brands to illegitimately obtain user data, conduct cyber attacks or commit other fraudulent activities.
In order protect themselves from fraudsters, the ACSC recommended that Australian businesses register the .au equivalent of their existing domains before 30 September via an .au Domain Administration (auDA) accredited registrar.
“If a business does not reserve their .au equivalent direct domain name during this six-month period, that name will become available to the public on a first come, first served basis,” the ACSC warned.
The road to new .au domain registrations has been long, with the Australian Communications Consumer Action Network (ACCAN) voicing its concerns to auDA over the country code top level domain of .au back in 2015.
ACCAN claimed, in a statement at the time, that Australia’s current domain name system was highly regarded and had strong public recognition, with the proposed changes adversely affecting small businesses that rely on their website and domain name to attract business if other parties register and use similar domain names.
Then, in 2017, the federal government said it would launch a review of the management of the .au domain in a bid to ensure it remained fit for purpose in serving the needs of Australians online.
The subsequent report, which was released in April 2018, found .auDA’s governance arrangements had not changed since it was established in 1999, which was “set at a point in time when the internet and the domain industry was still in its infancy.”
Three months later from the announcement of the review launch, in early 2018, auDA called on industry and key stakeholders to pitch on a raft of proposed changes to the management of the country’s top level domain.
Later that year in April, some auDA members called for a vote of no-confidence in the the organisations’s then-CEO, Cameron Boardman, as well as for the removal of three then-directors Chris Leptos, Sandra Hook and Suzanne Ewart, over claims that registrants had not been contacted about it and the body was plagued by poor governance.
This then led to the Department of Communications and the Arts demanding sweeping reforms within auDA more than a week later, saying at the time its current management framework was “no longer fit-for-purpose”.
Meanwhile, the move to allow new .au domain registrations was announced on 19 August 2021 for a launch on 24 March 2022, when current auDA CEO Rosemary Sinclar said at the time that .au direct would place Australia in line with the UK, Canada, the US and New Zealand, which have country code top level domains of .uk, .ca, .us and .nz, respectively.
“The trusted, reliable and uniquely Australian .au domain has been supporting Australians online for more than 35 years and the launch of .au direct is an exciting innovation, delivering enhanced opportunities for Australian Internet users,” she said at the time.
