I am looking for a domain name registrant. Where can I look it up?
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
I would like to transfer my domain name to another registrar. What is the procedure?
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
The details registered about me/my company are incorrect or out of date. How can I get them updated?
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
Why is my domain name in quarantine?
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
What conditions do I have to meet as a registrar?
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
In recent months, we've heard about a lot of companies falling victim to a new form of deception: CEO fraud. The scam is essentially a highly sophisticated form of phishing. Just what does this kind of fraud involve and what can you do about it?
The big difference between CEO fraud – also known as business e-mail compromise – and familiar forms of phishing is the amount of attention that the crooks pay to the companies they pick on. Fraudsters sometimes spend months collecting information about a target and preparing their hit. The fraud usually starts with a fake e-mail purporting to be from one of the organisation's directors or executives. The e-mail is sent to a manager or someone else working in the finance department, who is asked to transfer a large amount of money, typically to a payee abroad. If the recipient is suspicious about the message, it's often followed up by a phone call. The caller pretends to be from a reputable third party, such as a law firm (which doesn't really exist). Everything is done in a way that's credible enough to persuade the employee to arrange the transfer. The amounts involved can run into hundreds of thousands, which aren't covered by victims' insurers.
Globa problem
CEO fraud is on the rise all around the world. The total amount so far lost by the companies affected probably now runs into billions. Victims include a number of Dutch companies, and the National Cyber Security Center says that dozens of firms have been approached in the last few months. Many of those hit are big multinationals, but small and medium-sized companies can be targeted as well.
Why do people do what the fraudsters ask?
Not long ago, we were targeted by CEO fraudsters. Fortunately, the employee who received the e-mail was very alert. And the message claiming to be from our CEO Roelof Meijer wasn't very convincingly written. But some of the people perpetrating this kind of fraud are a lot more professional. They use psychological tricks to try to win trust, such as including real details in their 'patter'. They might refer to the CEO's appearance or communication style, for example. Or they might drop in the names of other people working in the organisation. By using tactics like that, the criminals manage to make their payment requests seem legitimate. Another factor is that the targeted employees often have very little contact with their CEOs and are nervous about simply picking up the phone and calling for verification. No one likes to upset the 'big boss', after all.
Beware of 'spoofing'
Fake e-mails often succeed in tricking employees because they look as if they really do come from the CEO. Some CEO fraudsters are even able to 'spoof' the CEO's real e-mail address. So the employee gets a message that not only looks and sounds as if the CEO wrote it, but seems to come from the CEO's address. Fortunately, there are several open standards that can reduce the risk of spoofing: DKIM, SPF and DMARC. The standards tend to be used in combination to verify whether the mail host used matches the sender's domain, and whether the message content has been modified in transit. All three standards use the DNS system to publish information on line. To minimise your risk, we strongly recommend using the standards in combination with DNSSEC, a security extension to the DNS.
A lot of e-mail client software supports DKIM, SPF and DMARC. If you visit the website internet.nl, you can check whether the standards are used for your domain. To start using the standards with your domain and e-mail service, it's usually best to contact your internet service provider, or to put your system manager in contact with them.
Remain alert at all times
Most CEO fraudsters use fake e-mail addresses. As in phishing scams, it can be hard to spot that the addresses used are fakes. That's often because they come from domains whose names are like the target company's name, but with something added, e.g. @nl-companyname.com or @m- companyname.nl. Or with a number instead of a similar-looking letter, e.g. a zero instead of the letter 'o', or a '1' instead of an 'l'. The main way to protect yourself against messages like that is to be alert at all times. Always check who a message is from, especially if the message includes an unusual request. Is the e-mail address correct? Is the sender's name spelled correctly? And, if you are suspicious about a request from your CEO, give him or her a call on a number that you already know.
SIDN BrandGuard cuts the risk
A company that wants to reduce the chances of falling victim to CEO fraud is well advised to consider our SIDN BrandGuard. This is a monitoring tool that warns you whenever a domain name is registered that's very similar to your company name or brand name. By default, SIDN BrandGuard flags up only .nl registrations. However, SIDN BrandGuard also supports all the other big internet domains. The service opens the way for users to act promptly. By taking this initiative, we aim to reduce the risk of employees receiving fraudulent e-mails that include requests for the payment of large sums. Find out whether our Domain Name Surveillance Service would suit your organisation.
