Did KVK really send this email?

Have you received an email that claims to be from KVK? There are many fake emails and text messages are circulating. These phishing emails are being sent by fraudsters pretending to be KVK. If you click the link in the message, you are asked to fill in details. Do not open the message, and do not click the links in the email or text message. Find out how to recognise fake messages.

Have you received a fake message from KVK?

Have you received an email, letter, or text message that you think might be phishing? Please report this to us at valse-email@kvk.nl. Forward the phishing email to us as an attachment (information for Microsoft Outlook).

Fake invoices

There are false invoices circulating from Mijn Bedrijfsportaal and Mijn Zakelijk Portaal ('My Business Portal'). These state that the registration with KVK has been successfully processed. And with this, they use an envelope very similar to that of Rijksoverheid, the central government. Do not pay this invoice! Please take a look at what a genuine invoice from KVK should look like.

This is how you check a message is from KVK

The phishing emails and other fake messages are usually about renewing your identification, the required UBO registration, or a digital key. The fraudster puts pressure on you to respond fast. Never respond.

You can often recognise a phishing email by one or more of the following characteristics: fake domain name, impersonal greeting, malicious software in an attachment, saying it is urgent and trying to make you respond quickly, poor use of language, and a malicious link to a webpage.

Ask Chatbot Charlie if the message you received is fake. 

How to recognise a phishing message

You can often recognise a phishing email by one or more of the following characteristics: fake domain name, impersonal greeting, malicious software in an attachment, saying it is urgent and trying to make you respond quickly, poor use of language, and a malicious link to a webpage.

You can also dive a little deeper into the mail and check the email header yourself. This contains technical information about the sender.

Email addresses used by KVK

KVK mainly uses the following email extensions for sending, but these can also be spoofed. This is called spoofing. You will then see no difference between the real and fake email address.

What KVK does not send

  • KVK never issues fines or threatens to do so.
  • KVK never threatens to withdraw your KVK number in an email or text message, or to end your Business Register registration.
  • KVK never asks you to check your details by clicking a link in an email or text message.
  • KVK never sends letters, emails, or text messages containing QR codes for reporting details to us. KVK invoices do have a QR code on them that you can scan.
  • KVK never sends SMS or Whatsapp messages with links.
  • KVK never forces you to request or renew a digital key, access code, or password via an email or text message.

Good to know

  • You can only request an access code for a KVK account yourself, on our website. Never via an email or text message. A KVK account is used for ordering KVK products, such as Business Register extracts.
  • To register your business or report a change, always go to kvk.nl and use your DigiD. That is safe.
  • Eenmanszaken (sole proprietorships) can use the My business page to report changes, using their DigiD.

What KVK is doing against phishing

As soon as we receive a report of a new fake email, we do the following:

  • We have the fake websites the mails refer to blocked and, where possible, taken offline.
  • You can find a list of known phishing emails on behalf of KVK on the Fraudehelpdesk website (in Dutch).

Frequently asked questions

Phishing is a type of digital fraud. The criminals try to steal login data, credit card information, pin codes, or other personal information. Phishing is often done by email, but phone calls, letters, WhatsApp messages, and text messages are also used. Learn more in the article Watch out for phishing.

The fake messages are often about re-identification, mandatory UBO registration, VAT refunds, or a digital key. On the Fraud Helpdesk website, you can find a list of phishing emails pretending to be from KVK (in Dutch) that have been reported to them. Please note: this list is not complete, because it is impossible to keep up with all phishing mails.

Have you clicked on a link in a phishing message? You may end up on a page where you are asked to fill in your details. It looks like a KVK page, with the right logo and lettering. Do not fill in your details. The odds are that you are on a fraudster's website. Check the website url, using these tips from SIDN.

Did you fill in your details on a fake website? Then be on the lookout for phonecalls from persons claiming to be from your bank. Do not panic, and do not transfer money. A criminal may claim to be a bank employee and tell you that your money is being syphoned from your account. To retrieve your money, they want you to click a link. Do not click that link! If you do, you are transferring money to that criminal. Did you click the link? Contact your bank immediately.

Always contact your bank yourself. Criminals can fake email addresses as well as phone numbers. So even though it looks like your bank is calling you, this may not be the case.

DigiD

Have you entered your DigiD details? Change your DigiD password immediately and use two-factor authentication. Read more on the DigD website.

Check if your invoice is real. Read more about fake invoices.

Not sure about an email? Forward it to valse-email@kvk.nl.

Yes, that can be correct. We may do that via the email addresses kvk@marketresponse.nl, kvk@miles-research.com, and @e.kvk.nl.

To help you in the best possible way, KVK continuously improves its products and services. Your input is very important for this. That is why we may ask you to take part in a customer survey. KVK collaborates with research agencies Miles Research, MarketResponse and yourUX. We only share personal data with these service providers that are necessary for a particular assignment. We make proper agreements about what they are allowed to do with that personal data and for how long they can keep personal data.