Scammers are trying to get hold of people’s banking cards by telling victims that their current card needs to be replaced.
A scam email is circulating with the subject line ‘Important Digipas’ [‘Belangrijk Digipas’]. The sender tries to persuade the recipient to request a new SNS bank card on a particular website. The email looks like this (click to enlarge):
People who fail to see that the email is fake may be prompted to click on the link that reads ‘Klik hier om uw digipas aan te vragen’. If they do, they will end up on a website that may look reliable at first glance. Even though there is no green secure padlock or https in the address bar, the design looks very much like the real SNS website (click to enlarge):
The site gives visitors two login options. All data entered on it will undoubtedly end up in the hands of the scammers who created this website, so don’t disclose any information!
Victims will proceed to step 2 (click to enlarge:)
They will be asked to enter their PIN code. Watch out! Banks will never ask this.
The third step involves visitors to the site being given the opportunity to choose the time at which they will send in the old bank card. Because the bank card needs to be recycled. This seems very environmentally friendly, but it also lets the scammers know when they can expect the victim’s bank card to appear in their mailbox. The scammers already have the individual’s user credentials, so possession of the card will enable then to start emptying the bank account (click to enlarge):
As part of the final step, the victim will read ‘request processed’ [‘aanvraag verwerkt’] on their screen (see image below). Subsequently, they will be referred to the real SNS Bank website.
Make sure that you are able to spot a fake email when you see one. This will save you a lot of trouble. Remember that banks will never ask you for your PIN code on their website. In addition, each and every official banking site will have a green padlock in their address bar and a secure URL which starts with https. (This does not apply the other way around: the presence of a green padlock and https does not guarantee a secure site).