Mistyping a domain name in an email or website can lead to disaster, as one Australian bank recently found out.


If you’ve used the internet, been in a room when someone used the internet or even just seen a commercial about (yes) using the internet, you’ve been exposed to a domain name. What is it? It’s

what many of us refer to as a website or web address. If you’ve ever said, “I’m shopping on Amazon,” or “I’ll PayPal you the money,” you were using a domain name.

Individuals who wish to create a website purchase domain names. There’s a legal but somewhat disingenuous practice of purchasing a domain name in anticipation of something becoming popular, such as buying the web address for “www.appletoaster.com” if rumors circulate about Apple getting into the kitchen gadget industry. The goal, of course, would be to sell the domain name to Apple for a nice profit.

However, there’s another legal practice involving domain names that can lead to illegal activity: masking. It’s easy for a scammer to purchase “amaz0n.com” or “citybank.com” or “paypaI.com” (that’s a capital I instead of the L, in case you couldn’t tell), then send you emails pretending to be the real company. You land on a fake website where they steal your information, accept payments for products you’ll never receive or even install viruses on your computer.

Unfortunately, not all domain name issues like this are the work of scammers, even though the consequences can still be severe. Mistyping a domain name in an email or website can lead to disaster, as one Australian bank recently found out. They thought they were sending sensitive customer data to the correct entities within their own company, bank employees had sent out more than 600 emails with the wrong domain. Rather than using the Commonwealth Bank of Australia’s own domain for emailing of “cba.com.au,” the employees simply typed “cba.com.”

It’s never a good thing when emails with sensitive data goes is emailed to the wrong person. Luckily, “cba.com” is the domain name for a U.S.-based cybersecurity company; also, the chances of the prefix or the person’s name within the company email, matching up to someone at cba.com weren’t very high. If important information had to end up in the wrong mailbox, at least it was a business that deals with security.

Commonwealth Bank took immediate action by blocking the cba.com domain from its network, meaning it’s no longer possible to send an email to that domain name and suffix from their computers. As an added precaution, the bank also purchased the cba.com address in order to prevent any further information from going to that address. This step would also prevent scammers from later buying “cba.com” and using it to send malicious phishing emails to unsuspecting customers.

For typical tech users, though, there’s no network or IT department to make sure you’re only using trusted domain names. That’s why it falls to consumers to protect themselves. If you receive an email that seems like it might not be genuine, you can check by hovering your mouse over the sender’s name. It will pop up and show you the actual domain. If you can’t be sure it’s not typed wrong, copy and paste it into a Word processing program and change the fonts until you can read it more clearly. If you’re the one sending the email, make sure you’ve typed it correctly in order to avoid embarrassment and security risk by messaging the wrong person.

Remember, the domain name can be identical, but the suffix at the end (such as .com, .net, or .org, just to name a few) can change, too. You might think you’re emailing your bank or work, but if someone has purchased the domain name with “.net” instead of the .com you meant to use, you may still be contacting a scammer.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.