Did KVK really send this email?

At this moment, fake emails and text messages are circulating. These phishing emails are being sent by fraudsters pretending to be KVK. If you click the link in the message, you are asked to fill in details. Do not open the message, and do not click the links in the email or text message. Forward the message to phishingbericht@kvk.nl. Read this article to find out how to recognise fake messages and what to do if you have clicked on a link.

How do you recognise and prevent spoofing?

This is how you check a message is from KVK

The phishing emails and other fake messages are usually about renewing your identification, the required UBO registration, or a digital key. The fraudster puts pressure on you to respond fast. Never respond. Read here what KVK does and does not send you messages about. Still in doubt? Call or chat with the KVK Service Center.

  • KVK never issues fines or threatens to do so.
  • KVK never threatens to withdraw your KVK number in an email or text message, or to end your Business Register registration.
  • KVK never asks you to check your details by clicking a link in an email or text message.
  • KVK never sends letters, emails, or text messages containing QR codes for reporting details to us.
  • KVK never forces you to request or renew a digital key, access code, or password via an email or text message.
  • You can only request an access code for a KVK account yourself, on our website. Never via an email or text message. A KVK account is used for ordering KVK products, such as Business Register extracts.
  • To register your business or report a change, always go to kvk.nl and use your DigiD. That is safe.
  • Eenmanszaken (sole proprietorships) can use the My business page to report changes, using their DigiD.

Tips:

  • Use a spam filter, for example one provided by your internet provider, to protect your mailbox from phishing messages.
  • Install antivirus software. It will warn you if you are about to click a dodgy link or visit an unreliable website.
  • Block email addresses of senders you do not trust. Do you receive suspicious messages from a country you do not do business with? You can block messages from such a country. The messages will not be deleted, but placed in your spam folder. Read this instruction on how to block emails from a certain country or sender in Outlook.

Take care: even if the sender's email address matches the official domain, it may be a spoof.

How do I check whether an email is really from KVK?

If you receive an email you do not trust, call (+31 0) 088 585 1585. Or check the email header yourself. Read this explanation on how to do that (in Dutch).

What is phishing?

Phishing is a type of digital fraud. The criminals try to steal login data, credit card information, pin codes, or other personal information. Phishing is often done by email, but phone calls, letters, and text messages are also used.

In the fake KVK emails, the sender will probably ask you to request a digital KVK key by clicking a link. Do not click the link. Forward the message to phishingbericht@kvk.nl.

We are sent a large number of (possible) fake emails every day. This makes it impossible for us to reply to your message personally. We do look at all the messages we receive, and if necessary, have fake websites the emails refer to removed.

Since mid-November 2022, phishing emails from several Dutch fake banks with title 'Kamer van Koophandel: UBO-gegevens' have also been frequently reported. These ask you to share your UBO details and to check your UBO registration at KVK. Do not respond to these!

Current phishing emails

Unfortunately there are many phishing emails and messages pretending to be from KVK. These emails and SMS messages are typically in Dutch. You can find all known examples on this Dutch page - see under 'Actuele phishingmails'. If you receive a message that is not on this list, do not assume it is safe. When in doubt, contact KVK.

Did you click a link?

Have you clicked on a link in a phishing message? You may end up on a page where you are asked to fill in your details. It looks like a KVK page, with the right logo and lettering. Do not fill in your details. The odds are that you are on a fraudster's website. Check the website url, using these tips from SIDN.

Did you fill in your details on a fake website? Then be on the lookout for phonecalls from persons claiming to be from your bank. Do not panic, and do not transfer money. A criminal may claim to be a bank employee and tell you that your money is being syphoned from your account. To retrieve your money, they want you to click a link. Do not click that link! If you do, you are transferring money to that criminal. Did you click the link? Contact your bank immediately.

Always contact your bank yourself. Criminals can fake email addresses as well as phone numbers. So even though it looks like your bank is calling you, this may not be the case.

DigiD

Did you fill in DigiD details? Change your DigiD password immediately, and use two factor authentication. Read more on the DigiD website.

Spoofing

Faking emails, text messages, and phone calls is called spoofing.

KVK uses the following email extensions, but these can be faked.

  • @e.kvk.nl
  • @onderzoek.kvk.nl
  • @ondernemerspanel.kvk.nl

Spoofing example

The first mail is really from KVK (noreply@kvk.nl):

The email below is not from KVK (also noreply@kvk.nl):

Can I trust a KVK invitation to participate in research?

KVK regularly does research to find out what entrepreneurs think about certain topics, and how they experience the KVK services. To do so, we collaborate with research bureaus Totta Research and DVJ Insights.

Did you receive an invitation to take part in research, and are you not sure it was sent by or on behalf of KVK? Check if the invitation was sent from an email address ending in e.kvk.nl, kvk.nl, onderzoek.kvk.nl, or ondernemerspanel.kvk.nl. These email extensions can also be faked.

The email address KVKonderzoek@dvjresearchgroup.com is also used for research to find out how you feel about KVK. This research is done every quarter.

We never ask for your personal details in our research, such as bank details, login codes, etc.

Did you receive an invitation to participate in research on behalf of KVK from a different domain to the ones named here? Then it may be a phishing email. You can help us limit the damage done by phishing by forwarding this email to phishingbericht@kvk.nl.

I received an invoice from KVK. Can I trust this email?

Check if your invoice is real. Read more about  fake invoices  (in Dutch).

Not sure about an email? Forward it to phishingbericht@kvk.nl or call KVK on (+31 0) 088 585 15 85.