Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

When scammers come angling for your data

What is phishing, how can you spot it and what can you do about it?

Ping! You've got mail. "Please verify your account details within 24 hours" or "Your latest statement is ready" reads the message, supposedly from your bank or the tax authorities. Sounds familiar? Phishing is dishonestly tricking people into disclosing information, such as banking/credit card details, personal data and account logins. Many people think they would never fall for a phishing scam. Yet Statistics Netherlands says that about one in every two hundred Dutch people were scammed last year. Almost everyone who has an e-mail address gets frequent phishing messages. So it's a problem that's well worth a closer look. This is the first of a two-part blog post about fishing. In part 1, I'll consider exactly what phishing is. Next week, I'll explain how to recognise and prevent it.

Recognising and preventing phishing

Crooks have been coming up with creative fake message scams for a very long time. As well as e-mail, they use SMS ('text messaging') and other communications channels to lure people into clicking on malicious links. A typical fraud was recently reported on Opgelicht?!, a popular consumer affairs programme from Dutch broadcaster AVROTROS. Victims received SMSs, supposedly from the Spanish postal service Correos, saying that they needed to pay a postage charge. Clicking the payment link in the message took the victims to a phishing website set up like the Correos site. There, they were prompted to enter their card details to pay the 1-euro postage charge. However, they were actually given membership of a dating website, at a cost of €48, chargeable to their cards. After that, victims were bombarded with e-mails about dating. The scam has been running since at least 2019, as evidenced by various reports [1, 2]. Clearly, phishing is an ongoing problem that warrants our attention.

Nothing new under the sun

Phishing comes under the general heading of 'spam': unwanted message traffic. It's a common misconception that phishing is confined to the internet. In fact, '419 fraud', or advance payment fraud, was around even before the internet existed. And similar scams have been documented as far back as the French revolution. Advance payment fraud was perpetrated using traditional post, and still goes on today. However, the arrival of the internet and especially e-mail made such scams much easier: suddenly the crooks could reach huge numbers of people at very little cost. The new technology therefore ushered in a flood of spam, including fraudulent phishing mail.

Phishing is scalable

Two messaging methods are widely used for phishing: e-mail and SMS. For scammers, those media have the attraction of being scalable. In other words, they lend themselves to bulk messaging. There's no charge for sending e-mail, and millions of messages can be sent quickly and easily, even with a low-power server. SMS messages are also easily sent in bulk. Unlike e-mail, they do cost money to send: 6 to 12 euro cents each, where modest volumes are involved. However, scammers are apt to avoid that cost by, for example, paying with stolen credit card details. If they do pay legitimately, the unit cost falls as volumes rise. And SMS-based phishing has the advantage that most of the traffic isn't filtered. So messages are much more likely to be seen by potential victims. All things considered, SMS has a lot going for it in the scammers' eyes.

Spoofing makes phishing even easier

Another reason why e-mail and SMS are the preferred media for phishing is that spoofing is easy with both. In its basic form, e-mail – or, to be precise, SMTP – lacks proper security. It's therefore child's play to falsify a 'From' address. Unauthorised individuals can easily send mail 'from' any e-mail domain that doesn't support secure internet standards, such as SPF, DKIM and DMARC. Scammers can therefore make phishing mail look more convincing by using an address that the recipient is likely to know and trust. E-mail security standards are effective only if supported by both the sending host and the receiving host: attaching a digital signature doesn't help to make a message secure if the recipient never checks the signatures on incoming mail, for example. Spoofing is possible with SMS too: the technology doesn't prevent unauthorised senders using the number of, say, a bank. Nevertheless, a lot of phishing doesn't actually involve spoofing. Plenty of phishing mail comes from unrelated e-mail addresses, and phishing SMSs are often sent by unfamiliar mobile numbers, making them easier to recognise.

Setting up a phishing attack

Many phishing scams involve a malicious website. Crooks do sometimes invite recipients to respond by mail, but that's fairly unusual and likely to be seen as suspicious by many potential victims. The normal tactic is therefore to use mail in combination with a fake website where victims' data can be harvested. In many cases, phishers pretend to be writing on behalf of a well-known organisation, such as a bank. The messages are designed to persuade recipients that they need to do something urgently – verify their account, for example – which involves clicking on a link. That takes the victim to a website, mocked up to look like the real website of the bank, or whatever organisation is being impersonated. Arriving on that the fake site, the victim is invited to enter important information, such as their account details. That brings me to the end of part 1 of my two-part phishing blog. In part 2, I'll explain how phishing messages can be recognised and prevented.

Article by:

Elmer Lastdrager

Elmer Lastdrager

Research engineer

Would you like to know more about doing your dissertation at SIDN Labs? Feel free to contact me.