Cookie settings

Cookies are small text files stored on your device to identify you and can be used to remember user preferences and analyse traffic to further improve our website. We may share information about your use of our site with our social media, advertising and analytics partners. By clicking "Accept all cookies", you agree to the use of all cookies as described in our cookie statement or "Accept only essential cookies" to only use cookies that are necessary for the functioning of our site.

Read our cookie statement here.

You can choose to adjust your preferences at any time.
Wholesale Banking

Can you recognise phishing?

To overview

You’ve heard a lot about phishing but never actually encountered it - or maybe you’ve already received a phishing message and would like to know how to protect yourself. This article gives you a guide on how to recognise malicious messages and take action.

Criminals also use ChatGPT for phishing

Unfortunately, new AI technology also enables cyber criminals to create more convincing and personalised phishing messages. Be aware of phishing emails generated by ChatGPT and make sure to always verify the authenticity of emails and texts that you receive. Remember that spelling mistakes are not the only red flag you should watch for. Learn more about AI tools and their related risks

The golden rules of self-defence

  • Never share your access codes for InsideBusiness with anyone.
  • Stop immediately and close your browser when in doubt about the legitimacy of the page you’re on.
  • ING would never send you a link to log into InsideBusiness via an SMS or email.

Phishing emails

Here are some pointers to help you identify a phishing email:

  • Does the email contain a link to InsideBusiness? If so, it is phishing, as ING would never send you a link to InsideBusiness via an email
  • The link in the email does not direct you to our website (Know more about how to check a URL?) 
  • And stay alert on unknown emails
  • Update your devices with the latest patches for the best protection

Remember the basic email verification method of SLAM:

  • S(ender): verify the sender. Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know? Hoover over the sender’s email address to reveal the actual email address.
  • L(ink): inspect the URLs without clicking on them. Hoover over the link to reveal the actual link. Does the actual link make sense? Or are they trying to bring you to an unsafe website?
  • A(ttachment): don’t download the content or any attachments if you are in doubt.
  • M(essage):  ignore when the email application asks for script allowance or any other strange notifications. Does the email make sense? Do you feel you can trust it? Does the email ask you to act urgently? Is the spelling, grammar and punctuation poor? Be extra suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.

SLAM the door in the face of the fraudsters. 

Phishing SMS

SMS messages are often used by fraudsters to make you panic and prompt you to react quickly. The message often contains an urgent alert (e.g., “We have blocked your account”; “An unknown computer has connected to your account”; “Your payments are blocked”).

Don’t be distracted by the urgency. First, check the following: does the SMS contain a clickable link? If so, it isn’t ING, as we will not send an SMS with active links. If the SMS provides you with a (short) link, do not click it.

Other messages

Fraudsters can use any messaging tool to trap you. Whether it’s Facebook Messenger, WhatsApp, Telegram or Snapchat etc., the same rules apply: always check the message sender; never make a payment via a messaging application; never share the access codes for InsideBusiness. 

Urgent or threatening messages are very often false, inciting you to act quickly instead of checking whether the communication is genuine. 

Report potentially malicious email messages

If you receive a message of this type, please send it to us at the following address: valse-email@ing.nl

If possible, send the suspicious email as an attachment. You can do so by creating a new email and dragging the suspicious email to the new email. You can also select the suspicious email in the inbox of Outlook and press: Ctrl-Alt-F. This will automatically create a new email.

Do not send any personal data or documents containing your personal data. For more information about your rights, please refer to the Privacy Statement on our website.

Always go to your bank's site directly

The safest way to go to your online bank is to go to the bank's website yourself by opening, directly, a new window in your browser and entering your bank's website address manually. From here, you can add your bank's login page to your bookmarks so you can get to the site quickly and safely.

However, if you choose to use a search engine anyway, be very cautious when you click on the search result. Fraudsters sometimes create fake advertisements which will pop up as the first result, trying to trick you into clicking on the first result. And you are led to the fake website instead of the website of your bank.

Read more about online security and fraud prevention on our banking safely page.