Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

CEO fraud is a growing problem

Cybercriminals scam Dutch municipality out of 37k

Welcome sign municipality of Meierijstad
  • Friday 2 June 2023

Recently, the municipality of Meierijstad hit the headlines, when cybercriminals tricked staff into paying out €37,200. The scam involved a technique known as CEO fraud: crooks posing as municipal executives sent e-mails instructing staff to make an urgent confidential payment. Encouraged by their first success, the scammers were on the phone again 2 days later. This time, someone smelt a rat and raised the alarm, leading to discovery of the earlier fraud. Following the incident, the municipality decided to go public and to offer support to the hoodwinked personnel. That approach is in marked contrast to what has often happened in the past, when details of scams have come out only as a result of employment disputes with staff. Did Meierijstad do the right thing? We asked Jan Martijn Broekhof, CEO of security firm Guardian360.

CEO fraud: the numbers

Portrait of Jan Martijn Broekhof
Jan Martijn Broekhof, CEO of Guardian360

We tend to associate CEO fraud with occasional high-profile incidents involving the theft of millions. The reality is that it's now a generalised, mundane phenomenon. Research by Proofpoint found that 92 per cent of all organisations had been targeted. Although the vast majority of attempted scams fail, that doesn't deter the criminals. "From the scammer's viewpoint, the business case for CEO fraud is persuasive," says Jan Martijn Broekhof. "It costs them very little. So they can afford to keep sending their mails to one organisation after another, day after day. If one of them takes the bait every once in a while, that's enough to make the practice pay. It's also a low-risk enterprise. There's very little law enforcement in this field, and the crooks can easily cover their tracks by using cryptocurrency."

Heroes, not scapegoats

As CEO fraud illustrates, a human is often the weakest link in the cybersecurity chain. Having fallen for a scam, a worker will often respond by doing things that are ultimately unhelpful. Fearing disciplinary action or dismissal, they'll keep quiet and hope that no one finds out. However, the information released by Meierijstad made it clear that the municipality was providing support and counselling to the duped personnel. Jan Martijn Broekhof endorses that approach. "Rather than being thrown under a bus, staff should be treated as heroes," he says. "Companies are targeted by phishing scammers every day, and 99 per cent of the time the scams fail, because people do the right thing. That's what should be emphasised. Every week that passes without an incident is a success. Another relevant point is that, when things go wrong, the problem often isn't the person who has been duped, but the process that allowed it to happen. If you've got a well-designed process, based on PO numbers and two-person authorisation, it's much harder to extort money, especially if you build in technical safeguards as well. An organisation needs to stick to its procedures, even when executives and proprietors are involved."

Closing the door to phishing

Improvements can also be made at the point of entry. By implementing open e-mail security standards, setting up spam filters and configuring its mail gateways, an organisation can make it less likely that phishing mail will reach its staff. For example, Microsoft's widely used office software packages allow mail to be flagged up if it originates outside the organisation. That reduces the risk of anyone falling for a scam where a typo domain is used to send mail that looks as if it comes from someone inside the recipient's organisation. Services such as the SIDN-developed CyberSterk and SIDN BrandGuard can also reduce vulnerabilities.

Openness

But what if, despite everything, the organisation does get scammed? Should the incident be hushed up? Jan Martijn Broekhof argues that concealment is counterproductive. "No one feels embarrassed if they get burgled. But falling for a scam is something people don't like to own up to. But they should do, really, because open internal and external communication is needed to educate others. And, in practice, the reputational damage caused by an incident isn't usually as bad as people fear. In the case of a municipality, the fact that public money is involved is another reason for openness."