P hishing Fraud
What is phishing?
Phishing involves fraudsters fishing for confidential information over the phone or via false messages or letters. Think, for example, of bank details and personal data such as your social security number and your passwords for digital payment and banking. They can also make a payment request directly, for example via Tikkie.
You can receive fake messages via email, by phone, via text message, via a chat app such as WhatsApp and even in a letter on paper. Phishing via SMS (on your phone) is also known as smishing.
With phishing emails, the fraudsters fish for a copy of your passport, driver’s license or bank card, for your password, a one-time security code for internet banking, for your pin code for your bank card, credit card or mobile banking or for a direct payment, for example with a mobile payment request. .
A fake message can also trick you into installing malicious software or apps on your computer, tablet or smartphone (malware, spyware or ransomware). That malware can arrive on your device via an email attachment that you have to open or via a link to a fake website where you can download the malicious software or app.
From bank, company, institution or good acquaintance
The false messages or letters appear to be from banks or other well-known companies and institutions, for example from your own bank, PostNL, the Tax Authorities or DigiD. Even Safe Banking, the Payments Association and the Fraud Helpdesk are imitated in false messages from scammers.
Phishing messages can also appear to be from family, friends or acquaintances. They then supposedly ask whether you can quickly lend them money or advance an urgent purchase or bill.
More and more personal
Phishing messages are often impersonal, without addressing you by name. Increasingly, however, phishing is very personally addressed to you, with your real name and other personal information, such as your address, your account number or the registration number of your car.
Your personal data can end up with criminals because they were accidentally leaked by a company or agency, through hacked mailboxes of family or acquaintances or because you have put that data on social media yourself, visible to everyone.
Supposedly from your bank
Many fake messages appear to be supposedly from your own bank. Letters on paper that appear to be from your bank can also be false. There are three possible variants:
Message with link or letter with QR code to a fake website where you have to enter your bank’s security codes. With various excuses, your so-called bank asks you to click on a link or scan a QR code. An amount will soon be debited from your account, an amount may be added, your account is blocked, your account is seized, there is something wrong with your mobile app… In all cases it is supposedly very urgent that you that link clicks or scans that QR code. Via that link or QR code you will end up on a fake website that resembles the real website of your bank like two drops of water. On that fake website you supposedly have to log in with the usual security codes of your bank.
Message or letter that you have to send your bank card, with link or QR code to a fake website. The message or letter tells you that your bank card is no longer good. A fake letter can even contain a fake bank card. Your bank card is supposedly outdated, invalid, unsafe, unhygienic (corona!), no longer complies with the law… To receive a replacement bank card, you supposedly first have to send your current bank card to your bank or to a recycling company. To request the new bank card, you have to click on a link or scan a QR code. You end up on a fake website, supposedly from your bank. That fake website asks you to enter your PIN or security codes.
You get a call, supposedly from your bank. You may even see the real phone number of your bank on your phone’s screen. The so-called bank employee on the phone asks for your PIN code or security codes for internet banking, to carry out transactions yourself (to transfer amounts yourself) or to receive someone from your bank at home. The fake bank employee can also send you a text message, WhatsApp or email, with a link to a fake website where you supposedly have to log in with your bank’s security codes.
Supposedly from a company or institution
You receive a false message or letter that appears to be from the government or from a well-known company, for example from the tax authorities or from your energy company. The message or letter is trying to trick you into paying something or getting a refund, such as a tax refund or unpaid utility bill:
Via a link or QR code you will arrive at a fake website in one or more steps, supposedly from your bank. It then asks for your security codes for internet banking or iDEAL.
Via a link or QR code you can reach a fake payment request in one or more steps, for example via Tikkie. With that payment request you do not pay to the company or institution, but to scammers.
Learn about different types of fake emails, purportedly from banks, companies, or other institutions.
Supposedly from a good acquaintance
You receive one or more messages, supposedly from family, a friend, via e-mail, text message or a chat app such as WhatsApp. The address or mobile number of the sender may be the real number of that known person, for example because it has been digitally hijacked (hacked) by fraudsters. The so-called acquaintance asks you to lend him or her money quickly or to advance an urgent purchase or bill, via a link or payment request:
The link leads in one or more steps to a fake website, supposedly from your bank. There you have to enter your security codes for internet banking or iDEAL.
The link leads in one or more steps to a fake payment request from the scammers, for example via Tikkie. You pay directly to the scammers.
How do banks fight phishing?
To combat phishing, banks try to detect and block fake senders (email addresses or mobile numbers) and fake websites. You can help the banks with this by reporting a phishing message in which a bank is impersonated to that bank as soon as possible.
In addition, banks try to recognize and intercept suspicious transactions with customers. If a suspicious transaction is identified, your bank may contact you. Sometimes your bank can fully or partially reimburse the damage caused by phishing, especially in the case of phishing via a fake website that was supposedly from your own bank.
Banks warn against phishing with campaigns and information. A real bank will never ask you on the phone or in an email, text message or letter:
to provide a password, PIN or other security code
to click on a hyperlink that allows you to log in to your bank
to scan a QR code to log in to your bank
to send (a photo of) your debit card, credit card or login device
– a new payment card or login device is automatically sent to your home address;
– you can cut an old payment card through the gold-plated payment chip and throw it away;
– never ask banks to send an old payment card or login device to be recycled or handed over to someone.
Where can I report phishing?
You can help banks to block fake message senders and their fake websites by reporting phishing mail or SMS by sending it as soon as possible to the bank being impersonated. Read more.