DigiD Phishing Prevention: How to Spot Fake Government Emails and SMS in the Netherlands
Learn how to identify DigiD phishing attacks including fake MijnOverheid emails, fraudulent tax messages, and benefits scams. Protect your digital identity in the Netherlands.
DigiD Phishing Prevention: How to Spot Fake Government Emails and SMS in the Netherlands
DigiD is the gateway to nearly every government service in the Netherlands. With it, you file taxes, apply for benefits, access healthcare records, and manage municipal services. That central role makes DigiD credentials one of the most valuable targets for scammers operating in the Netherlands.
A compromised DigiD account can lead to identity theft, fraudulent benefit claims, unauthorized tax filings, and financial devastation. This guide explains the most common DigiD phishing tactics and how to verify legitimate government communications.
How DigiD Phishing Works
1. Fake Belastingdienst (Tax Authority) Emails
The most widespread DigiD phishing campaign mimics the Belastingdienst. You receive an email claiming you are owed a tax refund, need to correct a filing error, or face a penalty. The email contains a link to what looks like a DigiD login page. Enter your credentials, and the scammer has full access to your digital government identity.
Sample phishing email characteristics:
| Element | Phishing Version | Real Version |
|---|---|---|
| Sender | belastingdienst@mail-nl.com | No email — uses MijnOverheid Berichtenbox |
| Tone | "Urgent: Act within 48 hours" | Neutral, no urgency language |
| Link | digid-login-nl.com | digid.nl/inloggen |
| Request | "Log in to claim your refund" | Never asks you to log in via email |
| Personal data | Often includes partial BSN to seem legit | Never includes BSN in email |
2. Fake MijnOverheid Messages
Scammers send emails that appear to come from MijnOverheid (the government's digital mailbox). The email claims you have a new message and provides a "direct link" to read it. The link leads to a cloned DigiD login page.
The critical thing to remember: MijnOverheid never sends the content of messages via email. Real notifications only tell you that a message is waiting — you must log in through mijn.overheid.nl yourself.
3. Toeslagen (Benefits) Scam SMS
These SMS messages claim there is a problem with your toeslagen (housing benefit, healthcare allowance, childcare benefit) and ask you to verify your identity via a link. The messages often arrive during known toeslagen processing periods (January, July) to seem more credible.
4. Gemeente (Municipal) Phishing
Fake emails claiming to be from your gemeente about parking permits, waste collection changes, or WOZ property value assessments. They ask you to log in with DigiD to "confirm your details."
5. Healthcare-Related DigiD Phishing
Since COVID, healthcare-related phishing has increased. Fake messages about vaccination records, insurance changes, or care declarations ask you to log in with DigiD to "update your health records."
How to Verify Legitimate DigiD Communications
The Government Never Does These Things:
- Sends emails asking you to log in via a link. Ever. All official DigiD logins happen only at digid.nl.
- Sends SMS with login links. DigiD activation codes come by letter, not SMS.
- Asks for your DigiD password by phone. No government employee will ever ask for this.
- Requests your BSN in an email or SMS.
- Uses urgency language like "your account will be blocked" or "act within 24 hours."
The Government Does These Things:
- Sends email notifications that a new message is waiting in your MijnOverheid Berichtenbox (without a direct login link).
- Sends physical letters for important matters.
- Sends DigiD activation codes by postal mail.
- Allows you to log in only at digid.nl or through the DigiD app.
Step-by-Step: What a Real DigiD Login Looks Like
- You go to the government service website yourself (e.g., belastingdienst.nl, mijn.overheid.nl).
- You click "Inloggen met DigiD."
- You are redirected to digid.nl — check the URL bar carefully.
- You enter your username and password, or use the DigiD app.
- You complete two-factor authentication (SMS code or app confirmation).
- You are redirected back to the government service.
At no point should you arrive at a DigiD login through an email link, SMS link, or WhatsApp message.
How to Secure Your DigiD Account
- Enable two-factor authentication. Use the DigiD app or SMS verification. This means even if someone gets your password, they cannot log in without your second factor.
- Use a strong, unique password for DigiD that you do not reuse anywhere else.
- Check your DigiD login history regularly at mijn.digid.nl. Look for logins you do not recognize.
- Enable login notifications so you receive an alert every time your DigiD is used.
- Keep the DigiD app updated to the latest version.
What to Do If Your DigiD Is Compromised
- Change your DigiD password immediately at mijn.digid.nl.
- Revoke all active sessions in your DigiD settings.
- Check your MijnOverheid Berichtenbox for any messages or actions you did not initiate.
- Contact the DigiD helpdesk at 088 369 16 56.
- Report to the police if you suspect identity fraud.
- Contact your municipality if you suspect someone has changed your registered details.
- Monitor your bank accounts — DigiD access can be used to redirect benefit payments.
Protecting Your DigiD Credentials
Your DigiD credentials are some of the most sensitive information you possess. If you ever need to store or share government-related information securely — for example, sharing tax documents with an accountant, or storing your DigiD recovery information — avoid putting it in plain text emails or notes.
LOCK.PUB allows you to create encrypted, password-protected memos that auto-expire. You can store sensitive government reference numbers, share tax filing details with your accountant through a LOCK.PUB link that disappears after a set time, or keep a temporary secure note with recovery steps you may need.
This is useful for:
- Sharing tax documents with your accountant — set an expiration so the information does not linger.
- Storing temporary government reference numbers securely instead of in a sticky note or text file.
- Sharing Berichtenbox content with family members who help manage your affairs.
DigiD Phishing Statistics
| Metric | Figure |
|---|---|
| DigiD active users in NL | ~16 million |
| DigiD phishing reports annually | 50,000+ |
| Most impersonated agency | Belastingdienst |
| Peak phishing months | January (tax), July (toeslagen) |
| Success rate if 2FA enabled | Near zero |
The Bottom Line
DigiD phishing is one of the most persistent cyber threats in the Netherlands. The defence is straightforward: never log in to DigiD through a link in an email, SMS, or message. Always navigate to digid.nl yourself. Enable two-factor authentication. And if something feels urgent or threatening, it is almost certainly a scam — the Dutch government does not operate that way.
For storing and sharing sensitive government-related information, use LOCK.PUB to create encrypted, password-protected memos with automatic expiration. Keep your digital identity secure.
Store and share sensitive information securely with LOCK.PUB — encrypted memos that expire automatically.
Keywords
You might also like
Allegro Scams: How to Shop Safely on Poland's Largest Marketplace
Protect yourself from Allegro phishing emails, fake sellers, and fake Allegro Protect pages. Learn how to verify legitimate Allegro communications and avoid marketplace fraud.
BLIK Fraud in Poland: How Scammers Steal Money Through Fake BLIK Codes
Learn how BLIK payment fraud works in Poland, from fake BLIK code requests to the 'friend in need' scam on Messenger. Complete security checklist to protect your money.
Dutch Banking Phishing: How to Protect Your ING, ABN AMRO, and Rabobank Accounts
Learn how to identify and avoid banking phishing attacks targeting Dutch bank customers. Covers fake banking apps, SMS phishing, WhatsApp helpdesk fraud, and more.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free