Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Typo domain names used for smishing

Smartphones are vulnerable to malware

Scammer holds his smartphone
  • Thursday 29 October 2020

In recent months, we've received multiple reports about SMSs and other messages with links to malicious websites. The domain names in the links look like the names of well known organisations. But the addresses in question are actually used for phishing or installing malware. The scam is known as 'smishing' (SMS + phishing): a tactic that's been around a while, but has made a comeback since the coronavirus crisis hit.

Smartphone malware

Smishing is very like phishing. But, instead of using e-mail, it uses a messaging app and targets the victim's smartphone. The reason being that many people nowadays save card details or other financial information on their phones. Tapping the link in a smishing message triggers the installation of malware on the user's phone, and the malware then harvests data for the scammers.

No spam filters on SMS traffic

Smishing often works because people are less suspicious of SMS messages than e-mails. However, it's not a new tactic: a study was published back in 2014 highlighting smishing as the most common way of getting malware onto victims' phones. Unlike e-mail traffic, SMS traffic isn't filtered for spam, making it attractive to fraudsters.

Smartphones are vulnerable to malware

Another problem is that many users mistakenly believe it's impossible to instal malware on their phones. The truth is that Android devices are vulnerable to malware. And, while malware is rare on Apple phones, they too can be hacked if they're jailbroken.

Smishing relies on lookalike domain names

Smishing is even more dependent on fake domain names than phishing is. That's because text links aren't possible in SMSs. Only full-length hyperlinks or addresses generated by URL shorteners can be used. You can't therefore write the name of a bank and link it to a completely different URL, the way you can in an e-mail. It's therefore very important to the scammers to have domain names that look like the names of trusted organisations. Here's a good example, from a recent scam targeting users of the DigiD payment system:

Example of a phishing sms of DigiD

Although the URL in the message looks like a DigiD domain, it ends with '.me', Montenegro's country-code domain. Dutch government policy doesn't allow the use of extensions such as .me for official websites. But many people don't know that. And they're used to seeing names that end '.me', which is widely used outside Montenegro. The same is true of .ly (Libya), which is popular with URL shorteners.

URL shorteners

URL shorteners generate short URLs that point to longer ones. Lots of legitimate organisations use shortened URLs in SMSs. So people are used to seeing them and don't tend to be suspicious. What many don't realise is that the shortened URL can be previewed by briefly holding your finger on the link. The link isn't actually opened until you tap it. For smishing, scammers often use domain names that look like URL shorteners. Here's a good example:

Example phishing sms from Vodafone

How to stop smishers abusing your organisation's name

What can you do to prevent smishing and limit its impact? We've got three top tips:

  1. Coach your staff to spot not only mail-based scams, but also frauds that use SMS and other media. Stress that cyber-attacks take many different forms.

  2. Smishing scams typically target smartphones. So make sure your staff know what is and isn't allowed with company smartphones. Don't allow jailbreaking, and think carefully about the security of financial and login details on company phones.

  3. Make sure you've got a consistent domain name policy and that everyone knows it. The Dutch government requires certain extensions to be used for some official purposes. That makes it easier to spot scam sites. Along with fake webshops, e-mail-based phishing and spear phishing, smishing shows that, sadly, lookalike domain names can be abused in more ways than many people imagine.