Melbourne IT has advised of an increase in domain name 'cyber squatting', with large Australian financial companies and government agencies falling victim to phishing attempts as a result of the lack of foresight.
Cyber squatters work by registering a .com or slight variant of a .com.au domain name owned by a large enough company. The domains are used to trap unsuspecting users who have typed in the .com domain name, rather than .com.au, as well as in phishing emails.
Melbourne IT chief strategy officer, Bruce Tonkin, told Computerworld Australia that it had recently found cyber squatters targeting financial institutions such as National Australia Bank (NAB) and even the Australian Tax Office.
“You will see in the emails they create and send out that it looks like .com.au but in actual fact you are seeing a mirror image and the underlying site is a .com site set up for banking fraud," he said.
Online betting agency, Centrebet, had also become a victim of cyber squatting. Attempts to expand to Greece ahead of the 2010 FIFA World Cup were hampered in 2009 by cyber squatting on both the centrebet.gr and centerbet.gr domains. The company, through Melbourne IT, ultimately resorted to using dispute resolution laws in Greece to get back the domain names in time for the World Cup, through the ELTA, the Hellenic Post Office.
Tonkin advised major companies to pre-register variations of domain names, even without plans to immediately use them, in order to avoid such problems. He also advised companies to have trademark protection on company products and names as this meant they would have a better chance of dispute resolution to retrieve that name.
"That was the difficulty for Centrebet because it is two generic words. This is harder to defend against than a company that has a unique brand like Westpac," he said.
Rules established by the Australian Domain Administration (auDA), which recently marked its two millionth .au domain name registration, largely prevented local cyber squatting attempts.
"For .au names there are a couple of rules to discourage misuse of names," Tonkin said. "The first is that you have to have a registered company with an Australian Business Number (ABN) to get a .com.au name which tends to put off cyber squatters.
"The second is that Australia has some rules against using misspelling of brand names. What .au does is that they will cancel a domain name if it’s an obvious misspelling or reserve the name from future registration."
Melbourne IT works with most of the big four banks and other betting agencies in Australia.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.