NL EN
● Demo A fake bank and payment page used as teaching material — not a real bank. Never enter real details here.
Spotting phishing & fake payment screens

Would you see through this fake bank?

Below is a fake login screen and a fake payment screen with 14 hidden warning signs in total. Pick a mode: reveal the signals with explanations, or test yourself against the clock.

⏱️ 01:45
Found: 0 / 14
⚠ Not secure http://secure-ing-verificatie-login.nl-account-check.com/inloggen 1
Signal 1 · The URL is wrongNo padlock and "http" instead of "https". The brand is hidden before a strange main domain — the real domain is nl-account-check.com, not ing.nl. Always look at the part just before the first single "/".
Your account will be blocked within 24 hours. Log in immediately. 2
Signal 2 · Artificial urgencyThreatening a block or an expiring deadline is meant to make you act fast and without thinking. A real bank never puts you under time pressure to log in.
● Security check

Confirm your identity

We have detected suspicious activity on your account. To prevent your balance from being lost, you must verify yourself immediatly. 3
Signal 3 · Language errors & vague threatWatch for spelling mistakes ("immediatly") and impersonal, fear-inducing language. "Suspicious activity" and "balance lost" without concrete details are classic phishing formulas.

Confirm your card and login details to regain full access.

🔒 100% Safe · SSL secured · Official 8
Signal 8 · Fake security logoAn image saying "100% safe" or "SSL secured" is empty reassurance — anyone can place such a logo. Real security shows in the padlock and the correct domain, not in a badge.
iDEAL · Verification payment
🔒 secured 13
Signal 13 · Imitated payment screenThis "iDEAL screen" is imitated and runs on the fraudulent domain itself. A real payment opens in your own banking app or on your bank's recognisable domain — never as an embedded pop-up on a strange site.
⚡ Complete within 04:59 or your access expires 14
Signal 14 · Direct pressure to payA counting-down payment timer or "complete within 5 minutes or your access expires" rushes you through the payment. Real payments have no such artificial pressure. Stop and check.
To pay (verification) € 0.01 → € 249.00 9
Signal 9 · Unexpected amountYou were only supposed to "verify" your identity, but a real amount is debited. Fraudsters hide a payment inside a so-called check. Always read carefully what you are paying and to whom.
Beneficiary Q. Ivanov / Global Pay Ltd 10
Signal 10 · Unknown beneficiaryThe beneficiary is a private person or vague foreign company ("Q. Ivanov / Global Pay Ltd"), not your own bank. Money you transfer "for a check" goes straight to the fraudster.
Recipient IBAN LT12 3250 0000 0000 0000
11
Signal 11 · Full card detailsA real payment screen never asks for your card number, expiry date, CVC and PIN all together. That combination is exactly what a fraudster needs to empty your account.
12
Signal 12 · Sharing TAN/codeYou are asked to enter the code from your banking app or SMS here, or to read it out by phone. That code belongs only in your own app. No one — not even your bank — may ever ask for it.
By paying, you agree to the verification of your account.
The checklist

What to look out for?

14 rules of thumb to tell a real bank and payment environment from a fake site.

🔗
01 · URL

Check the address

No padlock, "http", and the real brand hidden before a strange main domain. Look at the part just before the first single "/".

02 · Pressure

Distrust time pressure

Threatening a block or a deadline is meant to make you act fast and without thinking. A real bank never does that.

✍️
03 · Language

Watch errors & tone

Spelling mistakes, an impersonal greeting and fear language ("suspicious activity") are classic phishing formulas.

🏦
04 · IBAN

What is being asked?

When logging in, a real bank never asks for your full IBAN, PIN and card number all at once.

🔢
05 · PIN

Never your PIN

You only enter your PIN at an ATM or payment terminal — never on a website.

✉️
06 · Contact

Check sender & links

Official mail comes from the bank's own domain, not from loose domains like "-helpdesk.info".

🏢
07 · Details

Look for the anchoring

No company registration, no licence (DNB/AFM), no real address. Legitimate banks always show this.

🔓
08 · Security

Empty reassurance

An image saying "100% safe" or "SSL secured" means nothing — anyone can put up such a logo.

💶
09 · Amount

Is the amount right?

You were supposed to "verify", but suddenly a real amount is debited. Always check exactly what you pay.

🏷️
10 · Recipient

Where does the money go?

The recipient's name is a private person or a vague company abroad, not your own bank.

💳
11 · Card data

Never fill in everything

Card number, expiry date and CVC together with your PIN? That is exactly enough to empty your account.

📲
12 · TAN code

Never share your code

A code from your banking app or SMS you share with no one — a real bank never asks for it via a website.

🔒
13 · Fake lock

A real iDEAL screen?

A real iDEAL/bank screen opens in your own banking app or on the real bank domain, not as a pop-up on the shop site.

14 · Pay now

Don't let it rush you

A counter or "pay within 5 min or your access expires" rushes you through the payment. Take your time.

💡
Tip

When in doubt: stop

Feeling hesitant? Close the page, open your banking app yourself and call the number on your bank card — never a number from the suspicious message.

✅ Green flags of a real bank and payment environment

  • The address starts with https:// and the domain is exactly that of your bank (e.g. ing.nl, rabobank.nl), with nothing added behind it.
  • Logging in and paying happen via the official banking app or an identification means, not with all your details in one form.
  • A payment opens in your own banking app; there you see the amount and recipient yourself before you confirm.
  • Codes from your app or SMS you share with no one — a bank never asks for them via web, mail or phone.
  • Calm, correct language without threats or time pressure.
  • Clear company details: registration, licence (DNB/AFM), address and privacy policy.
  • When in doubt, call the number on your bank card or the official website — not a number from the suspicious message.
● Educational material
Not a real financial institution · all names, amounts and details are fictional

Disclaimer: this page is for educational purposes only. It is a simulated bank and payment environment with no relation to any existing bank or payment service. Never enter real details here.

An educational demo by Apptimate · apptimate.nl

🎉

All found!