2025.10.26 – How to Handle “Change Your Password” Emails Safely: A Clear Guide with Dutch Resources and a Real Pizza Example

Key Takeaways

• A calm password-change reminder can be legitimate, but links must be verified before clicking.
• Check two things every time: the sender’s domain and the full destination of each link (point your cursor over it to preview).
• The safest workflow is to open a new tab and visit the official website directly to update credentials.
• Dutch public resources provide step-by-step guidance on recognizing and reporting phishing.
• Prepared on October 26, 2025 (Europe/Amsterdam).

Story & Details

A Dutch-language security reminder from a well-known pizza chain encouraged a periodic password update to protect an account and loyalty points. The email presented a clear button labeled “WACHTWOORD WIJZIGEN” and described the note as an automated safety reminder.

Why it looks credible

• The tone is steady and routine, not alarming.
• The advice—update passwords periodically—is a standard safety habit.
• The visible sender domain matches the company’s public domain.

What to verify anyway

• Point your cursor over the link: Before clicking, move your mouse over the button or link to reveal its full web address. For this brand in the Netherlands, legitimate account pages live on newyorkpizza.nl (for example, /login or /account/login). If the address shows odd spellings, unfamiliar domains, or link shorteners, do not click.
• Direct route: Open a new tab, type the official address, sign in, and change the password from the profile area. This removes any risk from email links.
• Healthy defaults: Use a password manager for unique passwords and enable multi-factor authentication (MFA) wherever available.

Dutch guidance that aligns with these steps

• National police communications explain how phishing works, what to ignore, and where to file a report.
• Central government pages list practical routes for reporting cybercrime and learning prevention.
• The national safer-internet portal explains phishing in plain language, including common red flags.

Conclusions

A friendly reminder to refresh a password can be both useful and safe. The protective habit is simple: preview every web address, distrust odd links, and handle sensitive changes only on the verified website. Practiced consistently, that routine shields accounts far better than any design, logo, or urgent phrasing.

Sources

• New York Pizza — Login (EN): https://www.newyorkpizza.nl/login/en
• New York Pizza — Inloggen (NL): https://newyorkpizza.nl/account/login
• Politie (Dutch Police) — Alles over phishing (translated from Dutch): https://www.politie.nl/informatie/alles-over-phishing.html
• Politie — Phishing / smishing (translated from Dutch): https://www.politie.nl/onderwerpen/phishing-of-smishing.html
• Rijksoverheid (Government of the Netherlands) — Waar kan ik cybercrime melden? (translated from Dutch): https://www.rijksoverheid.nl/onderwerpen/cybercrime-en-cybersecurity/vraag-en-antwoord/waar-kan-ik-cybercrime-melden
• Rijksoverheid — Cybercrime en cybersecurity (translated from Dutch): https://www.rijksoverheid.nl/onderwerpen/cybercrime-en-cybersecurity
• Veiliginternetten — Wat is phishing? (translated from Dutch): https://veiliginternetten.nl/wat-is-phishing/
• YouTube — How To Spot a Phishing Email: https://www.youtube.com/watch?v=iHetr8xTWIU

Appendix

“Wachtwoord” — translation

In Dutch, wachtwoord means password. The term appears widely in login prompts and security notices.

“Phishing” — concise meaning and usage

Phishing is online fraud that imitates trusted brands or institutions to capture sensitive information such as passwords, one-time codes, or card data. Dutch law enforcement and government treat it as a criminal offense and offer reporting channels.

“Smishing” — concise meaning and usage

Smishing is phishing via SMS text messages. The same checks apply: avoid unexpected links and navigate to official sites directly.

“Point your cursor over the link” — what it means

To point your cursor over a link means moving your mouse over it without clicking. This lets you see the full web address at the bottom of your browser and helps detect fake or suspicious domains before opening them.

“MFA” — what multi-factor authentication means

MFA stands for Multi-Factor Authentication, a security method that requires two or more forms of verification before granting access to an account.
Instead of relying only on a password, MFA adds layers such as:

• A code sent to a phone or email,
• An authenticator app (for example, Google Authenticator or Authy), or
• A biometric check like a fingerprint or facial recognition.
  Even if a password is stolen, attackers can’t access the account without that second factor—making MFA one of the strongest protections available.

A quick routine for safer clicks

• Point your cursor over each link to see the real destination.
• If anything looks unusual, ignore the link and visit the site directly.
• Change passwords only inside the verified account area.
• Turn on MFA and use a password manager.
• Report suspicious messages using the Dutch resources listed above.