Recognizing scams: how to unmask phishing and fake calls

Scammers are becoming increasingly clever. They send fake emails that look real, call posing as your bank, or create websites that are barely distinguishable from the real thing. In this article, you'll learn how to recognize phishing emails, fake calls, and other online scams.

What is phishing?

Phishing is a form of online fraud where criminals try to steal your personal data. They pretend to be a trusted party, such as:

• Your bank
• Government agencies (tax office, municipality)
• Well-known companies (PostNL, Bol.com, Netflix)
• Your internet or energy provider
• Transfer photos from phone to computer: all methods
• How to backup your iPhone and Android: protect your photos and data

The goal is always the same: to get your login credentials, credit card numbers, or other sensitive information.

How to recognize a phishing email

Pay attention to these warning signs:

1. Suspicious sender

Check the email address carefully. Scammers use addresses that look similar to the real ones:

• ❌ info@ing-bank-secure.com (fake)
• ✅ info@ing.nl (real)
• ❌ service@paypa1.com (with number 1 instead of letter l)
• ✅ service@paypal.com (real)

2. Urgency and threats

Phishing emails often try to panic you:

• "Your account will be blocked within 24 hours!"
• "Act immediately, otherwise..."
• "Last chance to claim your prize!"

Legitimate companies rarely communicate this way.

3. Strange links

Hover over a link (without clicking!) to see where it actually goes:

• ❌ https://ing-bank.secure-login.xyz
• ✅ https://mijn.ing.nl

4. Requests for personal data

Banks and government agencies never ask for passwords, PIN codes, or full credit card numbers via email.

5. Spelling and grammar errors

Official emails are usually well-written. Many spelling errors can indicate a scam.

6. Generic salutation

"Dear customer" instead of your name can be a warning sign. However, scammers sometimes do have your name.

How to recognize fake calls

Telephone fraud (vishing) is also increasing. Watch out for:

Red flags for phone calls

• Your bank calling about "suspicious activity - Banks rarely call proactively. When in doubt, hang up and call the official number yourself.
• "Microsoft" or "Apple" calling about viruses - These companies never call unsolicited about problems with your computer.
• Pressure to act immediately - "You must transfer money now to protect it" is always a scam.
• Requesting remote access - Never let someone take control of your computer over the phone.

What to do with suspicious calls

1. Stay calm and don't let yourself be rushed
2. Never give passwords, PIN codes, or bank details over the phone
3. Hang up and call the organization back at an official number
4. Report it to the police

Fake websites

Scammers create copies of well-known websites. This is how you recognize a fake:

Check the URL

• Does the URL start with https://? (the lock icon)
• Is the domain spelled correctly?
• Watch out for extra words: bol.com-deals.nl is not bol.com

Check the website

• Is there contact information?
• Is there a terms and conditions page?
• Are there reviews online about this webshop?
• Is the price too good to be true?

WhatsApp and SMS fraud

Fraud via WhatsApp and SMS is also common:

"Mom/Dad, I have a new number"

Scammers pretend to be your child and ask for money. Always verify via the old number or call.

Fake package delivery

"Your package is stuck, pay customs fees." Always check via the official app or website of the carrier.

Links via SMS

Never click on links in unsolicited text messages. Go directly to the website yourself.

What to do if you've clicked?

Clicked on a phishing link or entered data? Act quickly:

1. Change your password immediately - Also on other sites if you use the same password
2. Contact your bank - If you've shared bank details, call immediately
3. Check your accounts - Look for suspicious transactions
4. Scan for malware - Run an antivirus scan on your device
5. Enable two-factor authentication - For extra protection

How to protect yourself

Technical measures

• Use a password manager - Unique passwords for every site
• Enable two-factor authentication - Extra security beyond just a password
• Keep software updated - Browsers and OS get security updates
• Use an adblocker - Blocks some malicious ads

Behavioral tips

• Be skeptical - If it seems too good to be true, it usually is
• Verify yourself - Call back via official numbers
• Take your time - Scammers create urgency; don't let yourself be rushed
• When in doubt, don't click - Go directly to the website yourself

Reporting phishing

See a phishing email or fake website?

• Forward to the real organization - Most banks have special addresses like phishing@ing.nl
• Report to the Fraud Helpdesk - Help warn others
• Report to your email provider - Click "Report spam" or "Report phishing"

Need help? Our support team is ready for you! Send a ticket through the customer portal and we'll usually help you within a few hours.