Can I get my money back if I'm scammed by phishing?

BarcelonaHe phishing It is one of the most common fraudulent practices on the Internet. The word, which is a derivation of fishing (fishing(in English), refers to identity theft to gain access to personal information or banking data. It is not, therefore, a cyberattack or other complicated computer operations, but rather a traditional type of scam, but online.

The most common case of phishing These are emails sent on behalf of a bank, requesting the current account password or some type of payment. Other variants include, but are not limited to,smishing, the same but by text messages, or the vishing (acronym of the English voice phishing, either phishing (voice-based), which consists of phone calls in which the scammer identifies himself as a bank employee. These practices are currently increasing due to artificial intelligence, which allows for much greater automation of processes and even the simulation of conversations with a human voice.

Last month, the Supreme Court issued a ruling which establishes the rights of citizens who are victims of this practice and how banks should respond in cases of phishingThe decision by the Spanish high court was the result of a lawsuit by an Ibercaja customer who lost more than 83,000 euros, which were transferred from her checking account overnight in several transfers she had never authorized. Once she asked the bank to replace them, they refused.

The ruling clearly sided with the customer and argued that banks have the ability to detect possible fraudulent practices, such as the transfer of 83,000 euros in small transactions made in the early morning. Thus, the Supreme Court ruled that, in the event of being a victim of phishing, banks must replenish the current account with the lost amount: "Banks will have to replace the stolen money when they become aware of the fact, unless it can be proven that the user has been grossly negligent," explains the Organization of Consumers and Users (OCU) in an article.

The ruling, therefore, lays the groundwork for knowing what to do and what rights we have if our checking account is compromised by this type of cyber fraud. "The theft of money through sophisticated systems used by cybercriminals may not be the bank's responsibility, but neither is it the user's responsibility, as they should not have to bear these losses," adds the OCU.

Conditions for not paying

So what to do if you are scammed? phishing? Following the ruling, the first step should be to inform the bank that money has been lost without our authorization and ask the institution to replace it. The second, especially when large amounts are involved, is to file a police report.

If these two conditions are met, the bank must return the money. If a bank wants to refuse, the responsibility falls on the institution itself to demonstrate that it has reasons for doing so.

Thus, the bank can only avoid replacing the lost money if it can prove that the money transfer transaction was "correctly authenticated, recorded, and accounted for" by the user and, furthermore, that the customer acted fraudulently or with gross negligence regarding security and access to their account (for example, their checking account). Finally, the bank must also prove that there was no error or technical or service deficiency.