A rogue e-mail supposedly sent in the name of DigiD is currently circulating. In reality it is a phishing message with which the 'DigiD Helpdesk' tries to collect your personal data. Should you receive this email in your inbox: do not fall for it and report it to the Fraud Helpdesk.
The e-mail in question was accessed by the AVRO/TROS program Opgelicht!? (1).
The subject line reads "Accessibility of DigiD. The email was sent by the DigiD Helpdesk. While the sender exists, it is good to emphasize that this is a rogue message. Further on, we explain how you could have known it was a fake message.
The e-mail contains the logo of DigiD as well as the blue-colored logo of Rijksoverheid. The Internet criminals' fake message is short and sweet. "Dear Sir/Madam, Due to the updated laws and regulations requirements of the General Data Protection Act (known as the AVG), we ask you to re-identify yourself. Thank you in advance for your cooperation."
Finally, the message contains an orange button saying "Re-identify. This redirects visitors to a phishing page. This is a fake page that hackers and cybercriminals use to try to collect as much personal and confidential data as possible, such as login information or bank account numbers.
This is a fake message. You can tell that by several little things. First of all, DigiD never sends e-mails containing URLs. Should you receive a message from DigiD containing one or more links, a light should come on immediately.
Furthermore, DigiD never uses the salutation "Dear Sir/Madam. The government identification tool always addresses recipients by their first name. The content also reveals that the email was drafted by scammers unfamiliar with proper jargon. 'General Data Protection' does not exist: they most likely mean the General Data Protection Regulation, European privacy laws and regulations.
Finally, it is advisable to always look at the sender. If it does not come from @digid.nl, it is likely that someone else is trying to impersonate DigiD. Hovering over the button with your computer mouse will show which page you are being redirected to. If that is not a page from DigiD, that is a signal that something is not right.
Should you receive this e-mail, report it to the Fraud Help Desk and then immediately discard the e-mail. In any case, do not enter any data.
DigiD will never approach Dutch citizens asking them to re-identify. Simply put, DigiD is nothing more than an instrument that citizens can use to authenticate themselves online, for example when they fill out income tax forms or apply for benefits. The identification service is maintained by Logius and is designed to allow online communication with the rijksoverheid, independent administrative bodies and other government services in a secure and responsible manner.
This is not the first time a phishing email from DigiD has circulated. Last month, we also saw a fake email appear in the name of DigiD. Back then, scammers tried to trick recipients by saying their personal data had been submitted incompletely. "It is essential for agencies and municipalities to be able to request your complete data from us if necessary. We therefore request that you update your contact information as soon as possible," the fraudsters wrote.
The message contained a QR code. This supposedly redirected people to the correct page to enter the missing data. It was an obvious example of QR code fraud.
https://opgelicht.avrotros.nl/alerts/artikel/nieuwe-valse-mail-van-digid-helpdesk-is-uit-op-je-gegevens/
