Dutch Banking Phishing: How to Protect Your ING, ABN AMRO, and Rabobank Accounts

The Netherlands has one of the highest rates of online banking adoption in Europe. Over 95% of the Dutch population uses internet banking regularly. This makes Dutch bank customers a high-value target for phishing attacks, and the criminals have become exceptionally sophisticated.

Dutch banking fraud losses run into hundreds of millions of euros annually. The attacks target customers of every major bank — ING, ABN AMRO, Rabobank, SNS, ASN, Triodos, Knab, and Bunq. Here is how these attacks work and how to defend yourself.

The Most Common Dutch Banking Phishing Tactics

1. SMS Phishing (Smishing)

You receive an SMS that appears to come from your bank. Because of a flaw in SMS technology called sender ID spoofing, the message can appear in the same SMS thread as real messages from your bank.

Common SMS phishing messages:

• "Unusual activity detected on your account. Verify immediately: [link]"
• "Your bankpas is expiring. Order a new one: [link]"
• "New device login attempt. If this was not you, secure your account: [link]"
• "Payment of EUR 2,450 pending. Not you? Cancel here: [link]"

The link leads to a perfect replica of your bank's login page. Everything you enter goes directly to the scammer.

2. WhatsApp "Helpdesk" Fraud

This is a particularly Dutch phenomenon. A scammer messages you on WhatsApp, posing as your bank's helpdesk. They claim there is suspicious activity on your account and walk you through "security steps" that actually give them access.

Stage	What the Scammer Says	What Actually Happens
1	"We detected unusual activity"	Creating urgency
2	"Install our security app"	You install remote access software
3	"Enter your PIN for verification"	They capture your PIN
4	"We'll process the security update"	They transfer your money

Your bank will never contact you via WhatsApp to discuss account security. If someone claims to be from your bank on WhatsApp, it is a scam. Full stop.

3. Fake Banking Apps

Scammers distribute modified banking apps through phishing links, social media ads, or fake app store listings. These apps look identical to the real thing but capture your credentials and forward them to the scammer.

How to stay safe:

• Only download banking apps from the official App Store (iOS) or Google Play Store (Android).
• Never install an app from a link sent via email, SMS, or WhatsApp.
• Check the developer name — it should be the bank itself, not a third party.

4. Phone Vishing (Voice Phishing)

Your phone rings. The caller ID shows your bank's number (spoofed). The caller claims to be from the fraud department and says your account has been compromised. They ask you to transfer your money to a "safe account" while they "investigate."

Banks never ask you to transfer money to a safe account. This concept does not exist.

5. Email Phishing

Classic email phishing remains effective. Fake emails from "ING," "ABN AMRO," or "Rabobank" ask you to update your details, verify your identity, or resolve an account issue. The emails have become increasingly difficult to distinguish from real ones.

How Each Major Dutch Bank Communicates

Understanding how your bank actually contacts you makes spotting fakes much easier.

Bank	Contacts Via	Never Does
ING	ING app notifications, Mijn ING messages, physical mail	Call to ask for PIN, WhatsApp you, send login links
ABN AMRO	App notifications, secure messages in Internet Banking, mail	Request remote access, ask you to transfer to "safe account"
Rabobank	Rabo app notifications, Rabo messages, mail	Send SMS with links, contact via social media DMs
SNS	SNS app notifications, secure messaging, mail	Ask for full password via phone
Bunq	In-app notifications and in-app chat only	Email links, phone calls about security

Your Banking Phishing Defence Checklist

Immediate Actions

• Never click links in SMS or email claiming to be from your bank. Open your banking app directly or type the URL yourself.
• Hang up on "bank" phone calls and call back using the number on your bankpas or the bank's website.
• Never share your PIN, password, or TAN codes with anyone. Bank employees do not need these.
• Never install software because someone claiming to be from your bank asks you to.
• Never transfer money because someone on the phone tells you to, regardless of who they claim to be.

Ongoing Protection

• Enable all available notifications in your banking app — login alerts, transaction alerts, and new device alerts.
• Use strong, unique passwords for your online banking. Do not reuse them anywhere else.
• Keep your banking app updated to the latest version.
• Review your transactions weekly for any you do not recognize.
• Set transaction limits in your banking app. Lower limits reduce potential losses.

What to Do If You Suspect You Have Been Phished

1. Call your bank's fraud line immediately:
   • ING: 020 22 88 000
   • ABN AMRO: 0900 0024
   • Rabobank: 030 712 7920
   • SNS: 030 633 3000
2. Block your bankpas through the app if you suspect card compromise.
3. Change your online banking password.
4. Report to the police at politie.nl.
5. Report to the Fraudehelpdesk at fraudehelpdesk.nl.
6. Document everything — screenshots of messages, call times, transaction details.

Sharing Banking Credentials Safely

There are legitimate situations where you need to share banking-related information — giving your IBAN to a new employer, sharing account access with a partner, or providing financial details to an accountant. Sending these details in plain text through email or WhatsApp creates a permanent record that can be compromised if either account is hacked.

LOCK.PUB provides a secure alternative. Create a password-protected link containing the banking details, share the link with the intended recipient, and set it to expire after they have had time to note the information. The details are encrypted and automatically deleted.

This is especially useful for:

• Sharing IBANs and account details with new employers or clients
• Providing login credentials to a trusted family member for emergency access
• Sending financial documents to your accountant or mortgage adviser

With LOCK.PUB, your banking information is not permanently stored in anyone's email or chat history. It expires on your schedule.

Dutch Banking Fraud Statistics

Metric	Figure
Online banking adoption (NL)	95%+
Annual banking fraud losses (NL)	100M+ euros
Most targeted bank	ING (largest customer base)
Most common attack vector	SMS phishing
Fraud recovery success rate	Varies; faster reporting = higher recovery

The Bottom Line

Dutch banking phishing is sophisticated, persistent, and evolving. The fundamental defence is simple: your bank will never ask you to click a link, install software, share your PIN, or transfer money to a safe account via SMS, WhatsApp, email, or phone. Any message that asks you to do these things is a scam, regardless of how legitimate it looks.

When you need to share banking details securely for legitimate purposes, use LOCK.PUB to create encrypted, expiring links. Keep your financial information protected.

---

Share banking details securely with LOCK.PUB — password-protected links that auto-expire.