What is phishing and how do you protect yourself from it?
In the following article, we'll explain what phishing is, how you protect yourself and what you need to do in the worst case scenario.
Phishing is a fictional word composed of "password" and "fishing". It stands for the stealing of access data or passwords. Phishing is not always the same.
The best known forms are Trojans, which are located on your computer and access the entered access data for your bank account, for example via a so-called keylogger software. This software records each keystroke on your computer and sends it to the attacker. A newer, ever wider variant is the acquisition of SIM cards of a mobile TAN user. Recently, we had a particularly brazen case in our office. In the process, attackers took advantage of the upcoming Easter party and had their SIM cards issued in a mobile phone shop. However, this was a SIM card with the phone number of the future victim. This allowed the attackers to receive the mobile TANs from the bank directly to their own cell phone. With these TANs the attackers could plunder the account of our clientele.
In this case the § 675u BGB helps. It protects bank customers from unauthorized payment transactions.
675u Liability of the payment service provider for unauthorized payment transactions
In the case of an unauthorized payment transaction, the payer's payment service provider will not be entitled to reimbursement of its expenses. He is obliged to reimburse the payer immediately for the payment amount and, if the amount has been debited to a payment account, to bring that payment account back to the level at which it would have been without the burden of the unauthorized payment transaction. This obligation shall be met immediately, but no later than the end of the Business Day following the day on which the Payment Service Provider has been notified that the payment transaction is unauthorized or otherwise notified. If the payment service provider has informed a competent authority of legitimate grounds for suspecting fraudulent conduct by the payer in writing, the payment service provider shall immediately examine and comply with its obligation under sentence 2 if the suspicion of fraud is not confirmed. If the payment transaction was triggered by a payment initiation service provider, the obligations from the records 2 to 4 make the account-providing payment service provider.
According to § 675u BGB, the bank customer whose account has been charged with a payment amount that he has not authorized has a refund claim against his bank. In addition to the § 675u come here also the § 675x para. 1 u. Abs. 2 and § 675y Abs. 1 u. Abs. 2 BGB to the course. According to § 675u sentence 2 BGB your bank is obliged to reimburse you the amount that was debited unauthorized from your account. This was also confirmed by the BGH in its judgment BGH ZIP 2017, 2292. The reimbursement claim from § 675u leads to the inspection of the account. This must then be carried out on due date.
§ 675's sentence 3 BGB, newly introduced by the implementation of the Payment Services Directive 2015, determines that the credit on your bank account will generally be reimbursed on the following business day after you have indicated these account transactions. In theory, this payment reimbursement claim runs very fast. In practice, however, we have unfortunately learned that writing the deceived customers is usually very slow, but sometimes not even processed.
First, you should decide whether you want to hire a lawyer or if you try this on your own. In particular, if you have a legal protection insurance or a large amount of money, you should definitely consult a lawyer.
Procedure without a lawyer:
If you do not want to hire a lawyer, you can use the following scheme:
If you want to hire a lawyer, you increase the pressure on the bank considerably. Many banks react (unfortunately) only on a lawyer's letterhead.
Our policy is that we file a criminal complaint against unknown as soon as possible and immediately afterward contact your bank and inform them that your bank account has been the victim of a phishing and, on the basis of the filed criminal complaint, ask the bank to correct your account. A credit will usually be made within the next 2-4 weeks.
I have already been to the police
If you have already reported phishing to the police, you should still contact your lawyer immediately. This checks the filed criminal complaint. Unfortunately, sometimes it happens that the police tell you that you have nothing to continue and can only hope that your money may come back someday. This is definitely wrong! You have very good chances to get your money back. In no case should you rely on the investigation of the police and the bank to gain knowledge of this and return the money to you on your own.
Generally you have to fulfill a spatial and functional scope. Decisive for the question of the applicability of the German payment service law are §§ 675 d, 675 e BGB.
675 d VI BGB contains a complicated Rule Exception Catalog. He admits a subdivision into three groups:
However, a whole range of restrictions and redemptions are distributed over the entire subtitle of the Civil Code.
Important: It is completely irrelevant whether the bank account of the affected one over a on-line banking attack, with a stolen credit card / debit card, with a manipulated ATM etc. "cleared" is. Crucial is (quite roughly) just that this payment not authorised was.
It definitely pays to be involved in a phishing attack!
If you have any questions about phishing, ours is ours Attorney Stephen Hendel for all questions.
Your comment
Participate in discussion?Leave us your comment!