According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the last 12 months through business email compromise, also known as BEC scams or payment redirection scams.
Business email compromise (BEC) can cause major financial damage to both companies and customers, especially when most people rely on email to conduct business. In a BEC scam, cybercriminals send an email message which makes them look like a known source, in order to legitimize the request of transferring money or sending goods.
Changes To Domain Name Registrations
Considering new changes implemented by the Australian Government concerning domain names, BEC scams may have a greater success rate if no precautions are taken.
From 24 March 2022, anyone with a local connection to Australia (including businesses, associations and individuals) will be able to register a new category of domain name. These shorter, simpler domain names will end in .au rather than .com.au, .net.au, .org.au, .gov.au or .edu.au. .
All Australian businesses will have until 20 September to reserve their .au equivalent domain name, then it becomes available to the general public.
This new option for domain names creates another avenue for cybercriminals to conduct fraudulent activity, targeting your business or organisation. Specifically, cybercriminals could register a “.au” domain name and use it to impersonate your business.
The first step in protecting your business is to register the .au equivalent domain within the next six months. It is better to register all domain names to prevent the cybercriminals from impersonating you in alternative ways. For example, if your current domain name is domain.com.au, you should register domain.au and domaincom.au both together.
In the case where two different companies have the same domain name but different endings, such as “domain.net.au” and “domain.com.au”, which company will get the domain name? Here, a process called priority allocation will be used to determine who is able to register their .au equivalent. This process gives existing registrants in the .au registry the first opportunity to apply for the .au direct match of their existing domain name. The Priority Allocation Process starts immediately and will run for six months, closing on 20 September 2022.
All businesses should apply for priority allocation, otherwise their domain name will become available for registration to the general public, including cybercriminals.
If you like to learn more, contact Agilient today.
Author: Mahdi Kobeissi, Cyber Security Consultant