Small businesses are being warned that their old domain name category could leave them open to fraudulent cyber activity, such as business email compromise.

The Australian Cyber Security Centre said from 24 March 2022, anyone with a local connection to Australia (including businesses, associations and individuals) will be able to register a new category of domain name.

These shorter simpler domain names will end in .au rather than,,, or . All Australian businesses will have until 20 September to reserve their .au equivalent domain name, then it becomes available to the general public.

This new option for domain names creates another avenue for cybercriminals to conduct fraudulent activity targeting your business or organisation.

Specifically, cybercriminals could register a .au domain name and use it to impersonate your business, such as by registering where you have already registered

The ACSC recommends all Australian businesses with existing domain names register their .au equivalents in the next six months. Businesses should consider registering a .au domain name that includes their current top-level domain. For example, a business that currently owns should register and This will prevent cybercriminals from registering these domain names in the future and using them to conduct fraudulent cyber activities.

Where a domain name is contested, such as when one business owns and another owns, a process known as priority allocation will be used to determine who is able to register their .au equivalent.

If a business does not apply for priority allocation, the .au equivalent of their domain names will become available for registration to the general public (and cybercriminals). The ACSC recommends that all businesses pursue priority allocation for their domain names.

Businesses can register .au domain names through an auDA accredited registrar.

For more information about .au domain names, visit auDA’s website.