Phishing

Suspicious emails: phishing

At a.s.r., the digital security of our customers is very important to us. Unfortunately, malicious parties may misuse a.s.r. for phishing. If you think you have received an email from a.s.r. and have doubts about its authenticity, please contact us by doing the following: 

  • Create a new email with the message you do nut trust attached and send the message to our phishing reporting desk.
  • Then immediately delete the email.
  • Do not send personal data or documents containing personal data. 
What is phishing?

Malicious persons try to get hold of your passwords and personal data in different ways. Phishing attacks can take place via email, WhatsApp, phone or, for example, through Teams.

How do you recognise phishing?

At first glance, phishing e-mails are hardly distinguishable from the real thing. Still, there are a number of characteristics you can look out for when you receive such emails.

  • Misleading sender: Suppose you receive an email on behalf of your insurer; click on the email address. Through phishing, criminals may have modified this in, for example, name@klantenservice-asr.nl, or naam@verzekering-asr.nl. In short, the sender seems to come from a reliable address, but a closer look at the domain name reveals that it is incorrect. These senders can be considered as correct email addresses of a.s.r:
    • name@asr.nl
    • name@email.asr.nl
    • name@e.asr.nl
    • name@ikkieszelf.asr.nl
    • name@claims.ikkieszelf.asr.nl
  • The use of language: often there are language and spelling mistakes in a phishing e-mail and the content can may have been translated literally, making the sentences incorrect. Nowadays, phishing emails contain fewer language and spelling mistakes than before, making it harder to recognize a phishing email.
  • The form of address: In emails from official companies, your are correctly addressed by your own name. In phishing emails, this is usually not the case and emails start which ‘dear sir/madam’.
  • Unreliable links: a phishing email often asks you to click on a hyperlink. If you point with the cursor to  (all characters of) the hyperlink (NB: do not click!), the real link becomes visible. Look carefully at the domain names of the hyperlink. if you don't you trust it, then be certain not to click on it. Also, if the hyperlink does not contain https://, it is better not to click on it, for the connection is then not secured.
  • A strange attachment: Sometimes you get emails with an attachment, asking you to open (and install) it. These attachments often contain malware (software that can collect information and forward it to the attackers), or take you to a fill-in form where you have to leave your personal information.
  • Fear/pressure: The fraudsters who want to find out your details try to scare you with the email. ‘If you don't respond immediately, you will receive a havy fine.’ or ‘Your account is about to expire, log in directly to avoid this.’ Don't do this. Real companies communicate correctly with you and don't urge you to make a hasty decision.
  • Expected? If you receive an email from, say, a bank you do not do business with, it is an unexpected email. Chances are it is not reliable.
  • QR-code: If you scan a QR code, you will see a web address. Check this address before clicking on the hyperlink.
  • Shortened hyperlinks: A shortened hyperlink (such as bit.ly) is suspicious. There is enough space for a full web address. With shortened hyperlinks, it is not clear to the reader which underlying hyperlink is behind the web adress.