Privacy Perils: Beware the Email Top-Level Domain

January 20, 2017
Firm Publication

By now we all know to double check email addresses for errors before hitting send. People typically check to make sure the name is correct and that the email is going to the right individual – john.doe@client.com instead of john.doe@nonclient.com. What is less commonly checked is the end of the email address, the top-level domain –.com, .net, .com.au, .as.

A recent revelation by NAB, a major Australian bank, highlights the need to check the top-level domain, too. As this article explains, NAB owns the domain nab.com.au, but not nab.com. An employee apparently forgot to add the .au to an address when sending an email to another bank employee containing information about more than 60,000 bank accounts. 

Although the incident occurred in 2012, it was only recently disclosed. While the owner of the website appears to be cooperating and the address to which the information was sent is not used, it could easily have been otherwise.

So remember – check the top-level domain, too, especially when corresponding with people overseas. It’s much easier to double check an email address than it is to explain why you sent privileged information to an incorrect, and potentially questionable, email address.

Privacy Perils imageCheck out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.