Skip to content
Home » News » Beware of fake “CVR renewal” emails – here’s how to spot and avoid the scam

Beware of fake “CVR renewal” emails – here’s how to spot and avoid the scam

“Kære Direktør, dette er en påmindelse om at fornye din virksomheds registrering…”

Over the past weeks, several of our clients have received emails that appear to come from the “Dansk Virksomhedsregister” (Danish Business Register).
The message claims that your company registration needs to be renewed to avoid deactivation from the national business register, urging you to complete payment before a certain deadline.

The email often looks convincing: it includes your company name, CVR number, address, and even a “Renew now” button leading to a payment page that requests a fee of 670 DKK – usually by card, with no invoice or official reference number.

What’s the problem?

Simply put: no such annual renewal exists.

In Denmark, all business registrations are managed by the Danish Business Authority (Erhvervsstyrelsen) through the official portal
https://datacvr.virk.dk

Company data on CVR are public and free to access, and any updates (such as company name, address, or business activity) can be made free of charge and only through MitID authentication.

Neither the CVR system nor the Danish Business Authority will ever:

  • send a direct payment link via email, or
  • request card details outside the official virk.dk or Digital Post system.

If you receive such an email, do not click the link.

How the scam works

The scammers are using the public CVR register as their data source.

The CVR (Central Business Register) contains key information about all Danish companies:

  • company name
  • CVR number
  • address
  • business type
  • activity code
  • start/closure date
  • and, in many cases, a publicly listed email.

Anyone can search and export these records from datacvr.virk.dk in just a few clicks.
By filtering for “start date”, scammers can easily download thousands of company records – and then send out mass “renewal” notices that include real company details.

That’s why these messages look so legitimate: they use authentic public information, but for a fraudulent purpose.

Red flags to watch out for

  1. The sender’s domain is not official
    For example: @danskvirksomhedsregister.com
    This is a .com domain registered in the US (Network Solutions / Perfect Privacy LLC, Florida).
    The real Danish government domains always end in .dk, such as virk.dk or cvr.dk.
  2. Immediate payment request
    Official authorities never ask you to pay by clicking a random link.
    Real payments (e.g. for registrations, certificates, or reports) always come with an official invoice and case reference.
  3. No logo, no official header, no legal reference
    Every legitimate authority communication includes:
    • a full sender identity and address,
    • a contact email ending in @erst.dk or @virk.dk,
    • and an official case number (sagsnummer).
  4. Suspicious URL
    If the link leads somewhere other than virk.dk or cvr.dk.
  5. No receipt or confirmation after payment
    Victims report that after entering card details, they see a generic “Thank you for your payment” message – but receive no invoice, confirmation, or official email.
    That’s a clear sign of a phishing attempt collecting card data.

How to verify if a message is real

  1. Never click the link inside the email.
    Instead, go directly to https://datacvr.virk.dk and check your company’s status there.
  2. Check the domain via WHOIS lookup.
    Use https://whois.com (for global domains) or https://punktum.dk (for .dk domains) to see:
    • when the domain was registered,
    • who owns it,
    • and where it’s based.
      If it’s new, anonymous, or registered abroad – be cautious.
  3. Check your Digital Post.
    The Danish authorities always send official notices via Digital Post – never to your private or business Gmail.
  4. Ask your accountant.
    If you’re unsure, forward the message to us.
    We’ll verify it free of charge and tell you whether it’s legitimate.
    It’s always better to ask than to risk losing money.

What to do if you’ve already entered card details

  1. Block the card immediately.
    Most Danish banks and fintech apps (Revolut, Lunar, Wise, etc.) allow instant card blocking from the app.
  2. Contact your bank.
    Report the transaction as fraud and request a chargeback investigation.
  3. Change your passwords – especially if you use the same email elsewhere.
  4. Save all evidence:
    Keep the fraudulent email, screenshots, domain lookup results, and any confirmation messages.
  5. Set a foreign transaction limit.
    If you rarely use your card abroad, disable or limit international transactions. It’s an effective way to prevent misuse.

Preventive measures

  • Never pay from a link in an email.
    CVR data changes are always free and handled via MitID login on the official portal.
  • Use only the official website:
    https://datacvr.virk.dk
  • Use disposable or virtual cards for online purchases.
    Services like Wise, Revolut, or Lunar let you generate temporary cards for single transactions – with minimal risk.
  • Check the domain ending.
    Official Danish authorities use .dk – never .com, .net, or .org for core services.
  • When in doubt: ask!
    At Andreas Regnskab, we’re happy to check suspicious messages for our clients at no cost.

What makes these scams so convincing?

Because the scammers are using real company information straight from CVR.
That makes the emails look authentic, especially to small business owners who are used to receiving updates from the authorities.

But the real difference is simple:

  • Legitimate messages come from a .dk domain.
  • They require MitID authentication.
  • And they appear in your Digital Post inbox – not as an email asking for your card details.

In short: stay alert and verify before you pay

The CVR system is open and transparent – and unfortunately, that makes it attractive for misuse.
If you receive any message about renewing your registration, always double-check the domain, go directly to datacvr.virk.dk, or send the email to us for verification.

One minute of caution can save you hundreds of kroner, and a lot of stress.

🟢 Useful links

So if you’re ever in doubt, forward the email to us.
We’ll check it for you immediately and confirm whether it’s legitimate or fake.
No charge, no delay, just peace of mind.