Your data may be stolen through a fake website or a misleading link in an email. Keep your DigiD login credentials just as private as the PIN code to your bank card. Never give them to anyone else.
Keep your data private
DigiD staff will never ask you for your username, password or PIN code; not by phone, email, Twitter, WhatsApp or in any other way.
Moreover, DigiD will never send you an unsolicited email with a link. DigiD will only send you an email or SMS message if something changes in your account. This is a security measure. This allows you to check in good time whether someone else has logged into your account.
If someone else has your details, you can read what you need to do on the Abuse of your data page.
If you need help with arranging matters online, you should not give another person your login credentials. Instead, you should use Authorisation.
How to recognise fake emails
Fake emails have an ever more authentic appearance. In this way, criminals try to obtain your DigiD login credentials. This is known as phishing. It is therefore very important to recognise fake emails. Characteristics of fake emails are:
- You are asked to click on a link and/or provide personal data.
- The email is not addressed to you personally, but starts with e.g. "Dear customer" or "Dear user", because criminals do not know your name.
- The grammar in the message is poor.
- The message plays on people's fears. For example, it says that you must respond immediately or your account will be terminated.
- The email arrived in your spam box.
- The link in the email does not direct you to the real DigiD website.