Cybercrooks use fake websites to harvest health insurance data

SIDN identifies more than 450 phishing sites exploiting health insurers' brand familiarity

Cybercrooks are looking to scam Dutch people when they review their health insurance cover. That's the conclusion of a study by SIDN (the Foundation for Internet Domain Registration in the Netherlands). The study found more than 450 phishing sites with domain names like the names of well-known health insurers. That's very worrying with the Dutch government's annual policy presentation approaching, because many people weigh up their health insurance options in the period just after the statement.


A trick known as 'typosquatting' is central to the scams. It involves registering a domain name that's nearly the same as the name of a trusted brand or organisation. So you might easily type it by mistake, or not notice the difference if you saw the name. The crooks link the lookalike domain name to a fake website, which some people then land on when looking for the brand or organisation in question. The domain names are also used in adverts that appear in your search engine when you search on related keywords. One of the most common typosquatting tactics is to trick people with a domain name that's like a big company's name except that the letter 'o' has been replaced by a zero. People glancing at the name often overlook the difference and think that they're visiting the company's site, when really it's a fake.


SIDN used the Domain Name Surveillance Service (DBS) to find all the domain names that incorporate or closely resemble the names of Dutch health insurers. The scan got more than 14,500 hits. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

More than half of the domain names identified by the initial scan seemed to be linked to normal websites. However, the classification indicated that 3 per cent of them (451 domain names) were being used for phishing. One was ''. Dutch internet users could easily expect that domain name to belong to a website or app run by Univé, one of the country's biggest health insurers. It actually leads to and a screen encouraging visitors to install a 'secure browser'. In reality, the browser is far from secure, but incorporates hard-to-remove malware. Scammers are exploiting Univé's brand familiarity to distribute malicious software. The procedure to get the website taken down is currently in progress.

Health Insurence data are worth money

"We're seeing more and more internet crooks jumping on the bandwagon when a topic is in the news or a new tool or service comes in. Scams linked to health insurance are part of that trend. It's therefore important that insurance companies are on the lookout in the busy period after the government's annual policy presentation," says Roelof Meijer, SIDN's CEO. "Scammers are really keen to get hold of health insurance data. On the black market it can even be worth more than credit card details, because it can be used to make fraudulent claims."


  • Tuesday 28 January 2020


    Freedom Internet: an ISP that puts privacy first


    An interview with CEO Anco Scholte ter Horst

    Read more
  • Tuesday 16 July 2019

    SIDN Labs

    TimeNL: the transparent new NTP service from SIDN Labs


    The importance of accurate time measurement and synchronisation

    Read more
  • Monday 11 November 2019


    You can't compare apples with pears


    CENTR's RRDG working group gets to grips with data standardisation

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.