Watch out for phishing

Cybercriminals try to steal your money, personal data or passwords with fake messages. This is called phishing. But what exactly is it and how do you recognise it? Also find out what to do if you have opened a phishing message.

Cyber Magazine SECURE IT!

Cyber magazine SECURE IT! contains tips and information on how to secure your business online.

Read it

What is phishing?

Of all digital dangers, entrepreneurs were the most frequent victims of phishing in 2023 (in Dutch). It is a form of scam: criminals trick you with fake emails, fake QR codes and fake text or WhatsApp messages. The messages appear to come from well-known and often trustworthy organisations, such as government agencies and banks. Scammers send you messages to steal personal information. For example, login details, credit card information or PIN numbers. There are also criminals who send e-mails in name of KVK. So, always check whether a message really comes from KVK.

How do you recognise phishing mails?

It is often difficult to tell the difference between a fake and genuine e-mail. Nevertheless, you can sometimes recognise a phishing email by the following characteristics:

Sender

Criminals use a strange e-mail address or one that resembles a real company name. For example, from your bank or your favourite online shop. So, check the domain name in the e-mail address. The domain name is everything after the @ sign. In a trustworthy message, the domain name and website address are often the same. Immediately suspect the sender if the letters in the domain name are numbers. Criminals use info@ub0.kvk.nl, for example.

Note: sometimes you do not see anything strange about the sender at all. Criminals then use the real e-mail address of a business as the sender. This technique is called spoofing. So even an e-mail address that is exactly like the one you know from a business is not always a sign that the message is reliable.

Impersonal

Fake e-mails are usually not addressed to you personally. Pay close attention to emails that start with a general salutation such as "Dear Customer" or "Dear Sir, Madam". Your bank or health insurer will always use your name.

Language errors

You can often recognise phishing messages by the poor use of language. The criminal knows this too. Nowadays they  increasingly send messages without language errors. Still, stay alert for sloppy messages with style and language mistakes. Also know that criminals copy websites and logos correctly.

Time pressure

In phishing emails, the criminal tries to pressure you. They say that your account will expire, or that you will miss out on a special offer if you do not respond immediately. This way, the message appears to be a last warning or last chance.

Personal data

Cyber criminals often ask for your personal data in fake e-mails. For example, to check or update them. To do so, you have to click on a link in the e-mail. Do not do this lightly. Banks, credit card companies or public authorities never ask for your data this way. Call the real organisation. Find their contact details in your own records or on the internet. Do not use contact details from the message you received.

Harmful link or attachment

Never click on links or attachments in an e-mail you do not trust. Such a link or attachment could install malicious software on your computer. Or they may lead you to a fake website where you need to find out personal details. Want to see which web page a link leads to? Then hover the cursor over a link. Just above the cursor, the link to the web address will appear.

Does this message come from KVK?

There is a good chance that you have recently received a fake email from 'KVK'. Criminals use the KVK name to scam entrepreneurs. There are now more than 50 different phishing emails in circulation, pretending to be sent by KVK.

What you need to know:

  • KVK never issues fines and does not threaten to do so.
  • KVK never threatens to terminate your registration in the Business Register.
  • KVK never asks you to provide information in e-mails or text messages.

Read more in Did KVK really send this email?

Other forms of phishing

Criminals do not only send phishing messages by e-mail. Where every entrepreneurs operate, cyber criminals look for opportunities to break in. They use text messages, but also WhatsApp, LinkedIn and QR codes.

Text message

You can receive phishing messages by text message. Never just reply to such a text message from your bank or credit card company. It is probably fake. Do you want to know if it is real? Log on to your own bank's website. And call them if you keep having doubts.

WhatsApp

WhatsApp fraud is popular. Especially the fake messages that seem to come from acquaintances. Also called 'friend-in-need fraud'. Never respond to a WhatsApp message from someone pretending to be your daughter and in urgent need of money. Always call this person to check if the app is true. As entrepreneurs, you may also use WhatsApp for your business. Do you doubt a message from a business partner? Check the business partner's website to see if you can trust it. Or call them.

LinkedIn

Not everyone uses LinkedIn with good intentions: criminals misuse it as a source of information and to send phishing messages to victims. Know what you share on LinkedIn, and with whom. This of course applies to any social media channels you have.

QR code

Through phishing using QR codes, criminals want to empty your bank account. For example, you receive a fake e-mail or letter on behalf of your bank. The fake message tells you to apply for a new bank card or agree to a new banking app. You then have to scan the QR code in the message. This QR code leads to a website similar to your own bank's website. From that fake website, the scammers steal your login details. With these, they enter your bank account.

A QR code is a square with small black and white squares. The squares contain information such as an internet address, phone number or payment request. Do not scan until you know who you are dealing with.

New scams on social media platforms

Criminals are forever looking for new ways to get their victims' money or information. That is why they keep coming up with new ways to scam entrepreneurs. The messages they fool you with keep changing. So, stay alert if you receive an unexpected message. Never respond if the sender pressures you to do something right away, asks for personal information, or asks you to click on something.

Are you a victim of phishing?

If you are a victim of phishing, 2 things are important: find out what kind of phishing it is and always report it.

After a phishing incident

Are you dealing with a phishing incident? Find out what kind of phishing it is. Have passwords or personal details been stolen? Have unwanted payments been made? Did you unwillingly install malware? This is what you can do:

  • Passwords: change your passwords or other login details immediately if they are stolen. If you use the same password in several places, change it everywhere to a new unique password.
  • Payments: sometimes you can reverse unwanted payments.  When you detect an unwanted payment has been made, instantly contact your bank or credit card company.
  • Malware is a container term used for all software that damages computers or other devices. Did you open an attachment you did not trust? Check your computer system for harmful files or programs using protection software.
  • Personal details: if the personal details of customers, suppliers, or personnel have been stolen, for example, which constitutes a data breach. You must report such a breach to the Dutch Data Protection Authority ('Autoriteit Persoonsgegevens') within 72 hours.
  • Have you already sent personal details, for example in response to a phishing email? Then also be alert to helpdesk fraud. A scammer will call you and pretend to be a friendly helpdesk employee of, for example, a bank or software company. The scammer supposedly wants to help you with problems with your bank account or computer. Do not respond. End the call.

  • Have you been hacked or do you think you have been hacked? At Hackhelpdesk.nl (in Dutch) you will find a step-by-step plan and practical solutions to prevent further damage.

Reporting phishing

Are you a phishing victim? Report it to the following organisations:

  • Report it to the Fraud Helpdesk.
  • Report it to the police. You will need to visit a police station. Call 0900 - 8844 to make an appointment.
  • Contact the organisation in whose name you received the phishing messages. Many organisations have dedicated email addresses for reporting fake messages. Did you receive a phishing mail pretending to come from KVK? Let us know by emailing valse-email@kvk.nl.

Has your business fallen victim to phishing? Please get in touch with us. Share your experience via kvk.cyber@kvk.nl.