top of page

What is phishing?

Phishing is a form of online fraud. The word is a contraction of the English 'password harvesting' and 'fishing'. That is what the criminals do: fish for data. They send a message on behalf of a bank, the government or a web shop. The recipient must supposedly pay quickly or take other action quickly. The repetition of the word 'quickly' in the previous sentence is no coincidence. The criminals want you to respond quickly, so that you do not have time to think about it properly, let alone ask someone else for help. The emails are now very well forged and almost indistinguishable from the real thing. The victim unsuspectingly clicks through, fills in a number of details and... bite! The criminals now have what they want: your login details and personal information!

​

Various methods

Criminals are always trying new things. Although phishing in the name of a bank, government agency or subscription service remains popular. They do this via telephone, email, text message or WhatsApp message. Or via a QR code or payment request in a message. A special form of phishing that deserves extra attention is whaling. In this form, someone pretends to be someone they know. They contact you because they are in need and can no longer access their money. Or if you can transfer some money. This is often done via WhatsApp these days and is therefore often called WhatsApp fraud.

​

Prevent phishing

  • Be selective about where you share your email address. Never just put it on social media.

  • Use an email service with a properly functioning spam filter. Gmail and Outlook automatically recognize a large part of phishing emails.

  • Do not give anyone your login details, authorities never ask for them!

  • Never send a bank card, the bank never asks you for this.

  • Do not send a copy of your identity card or driver's license and do not post them on social media.

  • Do not use links to get to sites where you have to log in. It is better to type the address in the browser yourself.

​​

Recognizing phishing

While scammers are good at spoofing official emails, there are a few things that may stand out:

  • Phishing usually occurs on behalf of banks, the government, companies and subscription services.

  • You are asked to click on a link or payment request.

  • The message sometimes contains (many) language and style errors, although this is (unfortunately) becoming less common.

  • The email address looks like that of the fake company, but is often slightly different. For example 'Zigggo' (with an extra 'g') or 'ING-paying.com' (a domain that is not owned by ING itself).

  • Strange attachments. Do not click on these, they may contain viruses.

  • And last but not least: there is always, but then also always, a rush!
    With that in mind, if you are not sure whether an email is real or not, you can ask someone (neighbour, home help, acquaintance, family) to take a look at the email. And especially when you have someone on the phone: don't let yourself be intimidated and certainly don't rush!

​

Some emails can also be 'just' spam (spam is unsolicited advertising). Read more about this in the article ‘Spam and phishing: what's the difference?’.

​

What to do with phishing emails?

Have you received a suspicious email or message? Consider the following:

  • Do not click on links or payment requests in suspicious messages.

  • Do not respond. Not even with comments such as 'stop sending me these fake messages.' Your response is a confirmation for criminals that they are dealing with an existing email address. The result: even more phishing and spam messages.

  • Mark the message as spam in the email program.

  • Usually the message is then automatically moved to the trash.
    If not, delete the fake message yourself.

​

Fallen for phishing, what now?

Even those who are always alert to phishing can fall into the trap, what should you do in the following cases?

​

I (accidentally) opened an attachment from a fake email

  • Close the e-mail program.

  • Let the virus scanner perform an extensive scan of the computer and remove malicious software.

  • To be on the safe side, change (important) passwords, especially those for your e-mail and the bank!

  • Use a different device for internet banking, until you are sure that there is no malicious software on the computer on which you opened the attachment.

​

I clicked on a phishing link

By clicking on the phishing link, malicious software may have been installed on the computer. If you suspect this, follow the same steps as described above under the text 'I (accidentally) opened an attachment from a fake email'. The chance of this happening on a tablet or smartphone is small. If a new app suddenly appears on the device that you do not know, remove it.

​

I entered data on a fake website

  • Was the message fake and did you enter login details? Change your password immediately.

  • Did you also enter a telephone number? If you think the telephone number is being misused for (expensive) SMS subscriptions, you can check this on Payinfo.nl.

  • Did you leave an e-mail address? There is a good chance that you will (suddenly) receive (many more) dubious advertising e-mails. Unsubscribing from these is pointless because it confirms that you are using the e-mail address. Move the e-mails to the spam folder. This will teach the e-mail program which e-mails are spam. After a while, these e-mails will automatically end up in the spam folder.

  • Did you enter bank details? Then call the bank immediately to report this!

​

I transferred money to a scammer

Have you transferred money to an account number that you later discovered was fraudulent? Then report the fraud to the police. Also contact your bank immediately. After reporting, victims can obtain the name and address details of the fraudster via the bank. This makes it possible to initiate a (civil) lawsuit to get the money back.

bottom of page