What is phishing and how do you protect yourself from it?

1. Never reveal access data to your bank account - not even to bank employees
2. Use an email provider with two-factor authentication. This should also use a malware, spam and phishing filter.
3. Beware of third-party banking apps or banking programs. Here should be looked exactly who is behind this software.
4. Before you click on URLs in an email, it should be copied into the browser using copy & paste to see where it leads. Such a URL often tries to elicit data or tries to download a Trojan.
5. Always make sure that when you log on to an online form https and no http is used.
6. Always keep your virus protection up to date and make sure that a malware scanner is integrated.

In this case the § 675u BGB helps. It protects bank customers from unauthorized payment transactions.

675u Liability of the payment service provider for unauthorized payment transactions

In the case of an unauthorized payment transaction, the payer's payment service provider will not be entitled to reimbursement of its expenses. He is obliged to reimburse the payer immediately for the payment amount and, if the amount has been debited to a payment account, to bring that payment account back to the level at which it would have been without the burden of the unauthorized payment transaction. This obligation shall be met immediately, but no later than the end of the Business Day following the day on which the Payment Service Provider has been notified that the payment transaction is unauthorized or otherwise notified. If the payment service provider has informed a competent authority of legitimate grounds for suspecting fraudulent conduct by the payer in writing, the payment service provider shall immediately examine and comply with its obligation under sentence 2 if the suspicion of fraud is not confirmed. If the payment transaction was triggered by a payment initiation service provider, the obligations from the records 2 to 4 make the account-providing payment service provider.

According to § 675u BGB, the bank customer whose account has been charged with a payment amount that he has not authorized has a refund claim against his bank. In addition to the § 675u come here also the § 675x para. 1 u. Abs. 2 and § 675y Abs. 1 u. Abs. 2 BGB to the course. According to § 675u sentence 2 BGB your bank is obliged to reimburse you the amount that was debited unauthorized from your account. This was also confirmed by the BGH in its judgment BGH ZIP 2017, 2292. The reimbursement claim from § 675u leads to the inspection of the account. This must then be carried out on due date.

§ 675's sentence 3 BGB, newly introduced by the implementation of the Payment Services Directive 2015, determines that the credit on your bank account will generally be reimbursed on the following business day after you have indicated these account transactions. In theory, this payment reimbursement claim runs very fast. In practice, however, we have unfortunately learned that writing the deceived customers is usually very slow, but sometimes not even processed.

First, you should decide whether you want to hire a lawyer or if you try this on your own. In particular, if you have a legal protection insurance or a large amount of money, you should definitely consult a lawyer.

Procedure without a lawyer:

If you do not want to hire a lawyer, you can use the following scheme:

1. Report charges (mostly against unknown) to the police or prosecutor. Just go to a police station or prosecutor and present your facts. Important:get a copy of your complaint!

1. Write immediately to your bank and tell the facts. The letter should be sent by registered mail or fax to prove access to the bank. Such a letter could look something like this:

If you want to hire a lawyer, you increase the pressure on the bank considerably. Many banks react (unfortunately) only on a lawyer's letterhead.

Our policy is that we file a criminal complaint against unknown as soon as possible and immediately afterward contact your bank and inform them that your bank account has been the victim of a phishing and, on the basis of the filed criminal complaint, ask the bank to correct your account. A credit will usually be made within the next 2-4 weeks.

I have already been to the police

If you have already reported phishing to the police, you should still contact your lawyer immediately. This checks the filed criminal complaint. Unfortunately, sometimes it happens that the police tell you that you have nothing to continue and can only hope that your money may come back someday. This is definitely wrong! You have very good chances to get your money back. In no case should you rely on the investigation of the police and the bank to gain knowledge of this and return the money to you on your own.

Generally you have to fulfill a spatial and functional scope. Decisive for the question of the applicability of the German payment service law are §§ 675 d, 675 e BGB.

675 d VI BGB contains a complicated Rule Exception Catalog. He admits a subdivision into three groups:

1. If the payment service providers are payer and payee in the EEA and the payment is made in EEA currency, the payment service rules (as before) are always applied.
2. Conversely, they are never applicable if none of the payment service providers involved are located in the EEA.
3. New is the third case group, where at least one participating payment service provider is established outside the EEA or payment is made in the third-country currency. The payment service right applies here, as far as the transaction is processed within the EEA.

However, a whole range of restrictions and redemptions are distributed over the entire subtitle of the Civil Code.

Important: It is completely irrelevant whether the bank account of the affected one over a on-line banking attack, with a stolen credit card / debit card, with a manipulated ATM etc. "cleared" is. Crucial is (quite roughly) just that this payment not authorised was.