Watch out for phishing
- The basis
- 9 July 2020
- Edited 22 June 2023
- 5 min
- Managing and growing
- Secure business
Cybercriminals try to steal your money, personal data or passwords with fake messages. This is called phishing. But what exactly is it and how do you recognise it? Also find out what to do if you have opened a phishing message.
Cyber Magazine SECURE IT!
Cyber magazine SECURE IT! contains tips and information on how to secure your business online.
What is phishing?
Of all digital dangers, entrepreneurs were the most frequent victims of phishing in 2023 (in Dutch). It is a form of scam: criminals trick you with fake emails, fake QR codes and fake text or WhatsApp messages. The messages appear to come from well-known and often trustworthy organisations, such as government agencies and banks. Scammers send you messages to steal personal information. For example, login details, credit card information or PIN numbers. There are also criminals who send e-mails in name of KVK. So, always check whether a message really comes from KVK.
How do you recognise phishing mails?
It is often difficult to tell the difference between a fake and genuine e-mail. Nevertheless, you can sometimes recognise a phishing email by the following characteristics:
Does this message come from KVK?
There is a good chance that you have recently received a fake email from 'KVK'. Criminals use the KVK name to scam entrepreneurs. There are now more than 50 different phishing emails in circulation, pretending to be sent by KVK.
What you need to know:
- KVK never issues fines and does not threaten to do so.
- KVK never threatens to terminate your registration in the Business Register.
- KVK never asks you to provide information in e-mails or text messages.
Read more in Did KVK really send this email?
Other forms of phishing
Criminals do not only send phishing messages by e-mail. Where every entrepreneurs operate, cyber criminals look for opportunities to break in. They use text messages, but also WhatsApp, LinkedIn and QR codes.
Text message
You can receive phishing messages by text message. Never just reply to such a text message from your bank or credit card company. It is probably fake. Do you want to know if it is real? Log on to your own bank's website. And call them if you keep having doubts.
WhatsApp fraud is popular. Especially the fake messages that seem to come from acquaintances. Also called 'friend-in-need fraud'. Never respond to a WhatsApp message from someone pretending to be your daughter and in urgent need of money. Always call this person to check if the app is true. As entrepreneurs, you may also use WhatsApp for your business. Do you doubt a message from a business partner? Check the business partner's website to see if you can trust it. Or call them.
Not everyone uses LinkedIn with good intentions: criminals misuse it as a source of information and to send phishing messages to victims. Know what you share on LinkedIn, and with whom. This of course applies to any social media channels you have.
QR code
Through phishing using QR codes, criminals want to empty your bank account. For example, you receive a fake e-mail or letter on behalf of your bank. The fake message tells you to apply for a new bank card or agree to a new banking app. You then have to scan the QR code in the message. This QR code leads to a website similar to your own bank's website. From that fake website, the scammers steal your login details. With these, they enter your bank account.
A QR code is a square with small black and white squares. The squares contain information such as an internet address, phone number or payment request. Do not scan until you know who you are dealing with.
New scams on social media platforms
Criminals are forever looking for new ways to get their victims' money or information. That is why they keep coming up with new ways to scam entrepreneurs. The messages they fool you with keep changing. So, stay alert if you receive an unexpected message. Never respond if the sender pressures you to do something right away, asks for personal information, or asks you to click on something.
Are you a victim of phishing?
If you are a victim of phishing, 2 things are important: find out what kind of phishing it is and always report it.
After a phishing incident
Are you dealing with a phishing incident? Find out what kind of phishing it is. Have passwords or personal details been stolen? Have unwanted payments been made? Did you unwillingly install malware? This is what you can do:
- Passwords: change your passwords or other login details immediately if they are stolen. If you use the same password in several places, change it everywhere to a new unique password.
- Payments: sometimes you can reverse unwanted payments. Â When you detect an unwanted payment has been made, instantly contact your bank or credit card company.
- Malware is a container term used for all software that damages computers or other devices. Did you open an attachment you did not trust? Check your computer system for harmful files or programs using protection software.
- Personal details: if the personal details of customers, suppliers, or personnel have been stolen, for example, which constitutes a data breach. You must report such a breach to the Dutch Data Protection Authority ('Autoriteit Persoonsgegevens') within 72 hours.
-
Have you already sent personal details, for example in response to a phishing email? Then also be alert to helpdesk fraud. A scammer will call you and pretend to be a friendly helpdesk employee of, for example, a bank or software company. The scammer supposedly wants to help you with problems with your bank account or computer. Do not respond. End the call.
- Have you been hacked or do you think you have been hacked? At Hackhelpdesk.nl (in Dutch) you will find a step-by-step plan and practical solutions to prevent further damage.
Reporting phishing
Are you a phishing victim? Report it to the following organisations:
- Report it to the Fraud Helpdesk.
- Report it to the police. You will need to visit a police station. Call 0900 - 8844 to make an appointment.
- Contact the organisation in whose name you received the phishing messages. Many organisations have dedicated email addresses for reporting fake messages. Did you receive a phishing mail pretending to come from KVK? Let us know by emailing valse-email@kvk.nl.
Has your business fallen victim to phishing? Please get in touch with us. Share your experience via kvk.cyber@kvk.nl.