Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

What is CEO fraud?

Man in office with hands on his forehead for a mistake

CEO fraud is a form of criminal deception. The victims are usually big companies and other organisations, which are targeted using 'social engineering' techniques to manipulate people's behaviour and emotions. A crook will pose as the organisation's CEO or another senior executive to trick the organisation out of money. Typically, a worker who is authorised to set up payments will get an e-mail from 'the boss' telling them to pay money into another account, which really belongs to the fraudsters.

CEO fraud and BEC fraud

CEO fraud is a high-profile kind of BEC fraud: business e-mail compromise fraud. That term covers a wide range of scam techniques, including phone calls where an executive's voice is mimicked, as well as hacking company accounts to get payments or steal financial data. BEC fraud can be devastating for targeted organisations, causing financial losses and reputational damage, while undermining confidence amongst customers and business partners.

How does CEO fraud work?

CEO fraud usually starts with a fake e-mail, which appears to come from one of the organisation's senior managers. In it, the 'manager' will instruct someone lower down in the company to urgently arrange a large payment, typically to a foreign bank account. If the person getting the mail hesitates, there may be a follow-up phone call where the crooks say that they're from a law firm or the like. Convinced by the body of correspondence and calls, the victim often goes ahead and makes the payment in good faith.

Another approach involves cybercriminals sending fake messages from the organisation's own domain after getting access to an insider's e-mail account. Known as 'domain name spoofing', that tactic is possible when the organisation doesn't work with open e-mail security standards. Here's a good example of what can happen.

Spoofing like that is particularly dangerous, because the fraudsters get to observe how people within the organisation communicate, and to see who makes the payments and is therefore worth targeting.

How can you spot attempted CEO fraud?

  • Often, a scam e-mail asking for money to be transferred comes from an address that looks like one of the organisation's real addresses, but isn't quite the same.

  • The writer will nearly always ask the recipient to act urgently.

  • They'll also stress the need for confidentiality.

  • The mail is often sent to someone within the organisation who has the authority to make payments.

Examples of CEO fraud

The 2018 Pathé case is a well-known example of CEO fraud. Fraudsters posing as executives from the company's head office in France mailed the Dutch management with various instructions, including orders to transfer funds, supposedly to cover a foreign acquisition. The targeted individuals were not therefore junior staff members, but the Dutch subsidiary's directors. Ultimately, the crooks extorted 19 million euros from the company. A key feature of the Pathé incident was that the victims were told to treat the transaction as 'strictly confidential'. While that heist was the biggest CEO fraud in Dutch history, it certainly wasn't the last. In recent years, various government entities, including municipal authorities, have been targeted using similar tactics.

How can you prevent CEO fraud?

Implement open web security and mail security standards

Various security standards for websites and e-mail servers have been developed to prevent domain spoofing. You can find out whether your domain name supports the standards by visiting internet.nl. If you're interested in implementing the standards on your domain name and e-mail service, it's usually best to contact your internet service provider, mail service provider or system administrator.

Make multi-factor authentication mandatory

Multi-factor authentication (MFA) involves adding an extra security check to the login process. With MFA enabled, even a cybercriminal who has got hold of the login details for an account will find it difficult to access that account. So it's wise to make MFA mandatory on all business accounts.

Apply the 'four eyes principle'

Following the 'four eyes principle' is an effective way of cutting out many errors and stopping many scams. Basically, what it involves is applying a rule that, above a certain threshold value, all payments and invoices need to be signed off by at least two different people.

Be extra alert during holiday periods

Crooks know that most organisations are thinly staffed during holiday periods and at weekends. That makes those times ideal windows for pulling off scams. So it's important to be extra wary of unusual payment requests during periods when people are away.

Do a security audit

A proactive approach can prevent a lot of problems. Carrying out an internal security audit can give you a better picture of your organisation's electronic security status.

One popular approach is to send your own 'dummy' phishing mail to see how good your personnel are recognising fraudulent mail.

People who fall for the scam can then be given special training on electronic security and spotting phishing attempts.

SIDN BrandGuard

SIDN BrandGuard is a monitoring service featuring a personalised dashboard, which notifies you immediately whenever a domain name similar to your brand name is registered. Getting early warnings enables you to respond promptly to prevent CEO fraud, domain name fraud, invoice fraud, typosquatting and identity fraud. And thus avoid the high cost and reputational damage caused by such scams.

More about SIDN BrandGuard