Cybercrooks use fake websites to harvest health insurance data

Cybercrooks are looking to scam Dutch people when they review their health insurance cover. That's the conclusion of a study by SIDN (the Foundation for Internet Domain Registration in the Netherlands). The study found more than 450 phishing sites with domain names like the names of well-known health insurers. That's very worrying with the Dutch government's annual policy presentation approaching, because many people weigh up their health insurance options in the period just after the statement.


A trick known as 'typosquatting' is central to the scams. It involves registering a domain name that's nearly the same as the name of a trusted brand or organisation. So you might easily type it by mistake, or not notice the difference if you saw the name. The crooks link the lookalike domain name to a fake website, which some people then land on when looking for the brand or organisation in question. The domain names are also used in adverts that appear in your search engine when you search on related keywords. One of the most common typosquatting tactics is to trick people with a domain name that's like a big company's name except that the letter 'o' has been replaced by a zero. People glancing at the name often overlook the difference and think that they're visiting the company's site, when really it's a fake.


SIDN used the Domain Name Surveillance Service (DBS) to find all the domain names that incorporate or closely resemble the names of Dutch health insurers. The scan got more than 14,500 hits. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

More than half of the domain names identified by the initial scan seemed to be linked to normal websites. However, the classification indicated that 3 per cent of them (451 domain names) were being used for phishing. One was ''. Dutch internet users could easily expect that domain name to belong to a website or app run by Univé, one of the country's biggest health insurers. It actually leads to and a screen encouraging visitors to install a 'secure browser'. In reality, the browser is far from secure, but incorporates hard-to-remove malware. Scammers are exploiting Univé's brand familiarity to distribute malicious software. The procedure to get the website taken down is currently in progress.

Health Insurence data are worth money

"We're seeing more and more internet crooks jumping on the bandwagon when a topic is in the news or a new tool or service comes in. Scams linked to health insurance are part of that trend. It's therefore important that insurance companies are on the lookout in the busy period after the government's annual policy presentation," says Roelof Meijer, SIDN's CEO. "Scammers are really keen to get hold of health insurance data. On the black market it can even be worth more than credit card details, because it can be used to make fraudulent claims."


  • Tuesday 25 June 2019

    Internet security

    IoT, cybersecurity and product development: the Samsung case


    Show some balls!

    Read more
  • Tuesday 25 June 2019


    Slowdown in government adoption of internet security standards


    Legal requirements on the cards

    Read more
  • Tuesday 26 February 2019

    .nl domain name

    SIDN under supervision of Radiocommunications Agency


    How we became an 'operator of essential services'

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.