Cyber criminals are sending out fake emails purporting to come from the Dutch government’s service portal.
The email informs recipients of a new message waiting in their personal account on the MijnOverheid website. It supposedly gives a link to the official government website, but the site it refers to is counterfeit. The email has been crafted by scammers to obtain people’s DigiD user credentials. DigiD is the government’s secure login system.
The subject line reads ‘Message from the Tax Administration in your MijnOverheid Message Box’ [‘Bericht van Belastingdienst in uw Berichtenbox op MijnOverheid’]. The email is personalised, with a personal greeting that includes recipients’ full names. This makes it look credible.
Here’s an example of the email (click to enlarge):
The link redirects to a fake website. This is what it looks like (click to enlarge:)
It’s clear that the scammers have done their best to make the site seem as authentic as possible: the URL starts with ‘mijnoverheid’, but of course that’s only the subdomain, and the URL has a secure green padlock.
This email is a pretty good imitation of the real MijnOverheid messages. If you receive this message or a similar one, please don’t click on the link provided in it. Instead, visit MijnOverheid.nl by punching in the URL in the address bar, or on a search engine.