Phishing

With DigiD, you identify yourself. Your DigiD is a kind of digital passport. This means that you need to be vigilant to ensure your login credentials are not stolen.

Your data may be stolen through a fake website or a misleading link in an email. Keep your DigiD login credentials just as private as the PIN code to your bank card. Never give them to anyone else.

Keep your data private

DigiD staff will never ask you for your username, password or PIN code; not by phone, email, Twitter, WhatsApp or in any other way.

Moreover, DigiD will never send you an unsolicited email with a link. DigiD will only send you an email or SMS message if something changes in your account. This is a security measure. This allows you to check in good time whether someone else has logged into your account.

Please note: an email or SMS message from DigiD never contains a link

If someone else has your details, you can read what you need to do on the Abuse of your data page.

If you need help with arranging matters online, you should not give another person your login credentials. Instead, you should use Authorisation.

How to recognise fake emails

Fake emails have an ever more authentic appearance. In this way, criminals try to obtain your DigiD login credentials. This is known as phishing. It is therefore very important to recognise fake emails. Characteristics of fake emails are:

  • You are asked to click on a link and/or provide personal data.
  • The email is not addressed to you personally, but starts with e.g. "Dear customer" or "Dear user", because criminals do not know your name.
  • The grammar in the message is poor.
  • The message plays on people's fears. For example, it says that you must respond immediately or your account will be terminated.
  • The email arrived in your spam box.
  • The link in the email does not direct you to the real DigiD website.

Preventing phishing

  • Never click on a link in such an email
  • Do not log in with your DigiD if you are asked to do so in the message
  • Do not send your login credentials to the sender

If you clicked on such a link, do not log in with your DigiD. Report the fake email to valse-email@digid.nl.

Logging in with DigiD

When you log in with your DigiD, always check whether the website you are logging into is https://www.digid.nl. This is the only website where you can log in securely with your DigiD.

If you see a different address in your browser and you are asked to log in with your DigiD, do not do this. You are being lured to a phishing site.

Report a phishing website