Online banking - How phishing victims get their money back from the bank
It is the horror of most bank customers: Strangers have withdrawn money from the account. Cases like this are increasing year after year, with fraudsters typically making off with between 5000 and 25,000 euros. In rare cases, these swindlers can be traced.
Few people know this: In principle, the bank is legally obligated to compensate for the damage as soon as strangers withdraw money. However, the bank can only refuse compensation if it can prove that the customer acted recklessly. Banks often deny compensation with this allegation. But customers should not be discouraged by this.
Not every foolishness is "grossly negligent"
What actually counts as "grossly negligent" is a matter of interpretation. Consumer organizations have been pointing this out for a long time: It is fundamentally difficult for consumers to distinguish real banking matters from fraud. And they have recently backed this up with studies.
Customers who have fallen for online fraud often feel guilty themselves and quickly pay up. However, in a series of cases, lawyers have managed to recover money for their clients from the banks. It can therefore be worth resisting.
Financial Tip recommends specialized lawyers for phishing scams
The consumer advisor Financial Tip therefore researched which law firms have already successfully obtained compensation for customers from banks and recommends a total of nine law firms. Because without a lawyer, customers have little chance against their banks.
Attacks on accounts usually run in two steps: With a message via email or Whatsapp, customers are lured to a fake shop or a falsified bank website. There, they enter their bank data unsuspectingly.
Then, the swindlers still need a release code for a withdrawal. Sometimes, with the code, they also unlock a digital credit card (for example, Apple-Pay) or a new phone for TAN procedures. Then, multiple withdrawals are even possible. To get to this authorization, the swindlers often call the customer after a successful phishing attempt – and present themselves as bank advisors.
Activation code given to false bank advisors: almost 25,000 euros gone
Finanztip has compiled a few cases where customers were compensated by the bank: A savings bank customer fell for the call of a false bank advisor because the number in the display matched that of the bank. However, this was just a technical trick, called "Caller ID spoofing." The Cologne Regional Court used this as an opportunity to not assume gross negligence on the part of the customer.
Similarly, the case of a student who gave an activation code for an additional TAN device to a false bank employee on the phone. She had already given her bank data via phishing. In the end, 24,890 euros were lost. The Higher Regional Court Celle confirmed the decision of the first instance that no gross negligence could be proven, as the student had not given a TAN, a PIN, or a Net-Key for a transfer. However, the bank also made mistakes in this matter.
These judgments are always individual decisions. Customers fall into different categories, and technology is also constantly developing. Many cases ended with the bank's victory. Some ended in a compromise, and then the bank took on at least part of the costs. Only in a small percentage of cases did the customers receive full justice.
Before filing a complaint for fraud, it often pays to go to the mediation office instead, as it causes fewer costs. However, banks are usually not bound by mediation rulings. Since banks fight claims resolutely, it may be worthwhile to hire a lawyer even for mediation.
"We recommend seeking legal assistance for larger amounts," advises Britta Schön, a legal expert at Finanztip. Then one can clarify "how good the chances are and what costs arise."
It is important, in case of fraud, not to make any further mistakes. First, one should immediately freeze the account and cards. Then, one should file a report, as it is a prerequisite for a claim against the bank. One should then demand compensation from the bank. This should happen directly afterwards – and in writing with reference to the report.
"Fraud victims should not make unfounded assumptions to the police or the bank about how the online fraud occurred," advises Britta Schön from Finanztip. Everything that bank customers say can be used against them. In the report, it is sufficient to refer to the fact that an unauthorized person withdrew money.
Important: "Phishing victims should not make assumptions about the police or the bank regarding how the online fraud occurred," advises Britta Schön from Finanztip. Everything that bank customers say can be used against them. In the report, it is sufficient to refer to the fact that an unauthorized person withdrew money.
It is better, of course, not to fall for phishing in the first place. In general, it is extremely risky to follow links in emails or SMS messages. Or to react directly to calls "from a bank employee." Instead, one should log in to one's account normally via an app or call the bank's hotline. By the way, the Consumer Center's Phishing Radar collects information on current scam schemes.
In light of these cases, it's crucial for victims of phishing scams to seek legal help to navigate the complex legal proceedings. For instance, a savings bank customer was successfully compensated by the bank after falling for a false bank advisor's call, as the court ruled against assuming gross negligence due to a technical trick called "Caller ID spoofing."
If a customer finds themselves in a situation similar to this, they may want to consider filing a complaint with an arbitration board. While banks are not typically bound by mediation rulings, seeking legal assistance during this process can improve the chances of a favorable outcome. As Britta Schön, a legal expert at Finanztip, suggests, "We recommend seeking legal assistance for larger amounts, as this can help clarify how good the chances are and what costs arise."
