Banking lawyer specializing in phishing cases in Krefeld
hire a specialist lawyer now
Online banking fraud in Krefeld: How phishing victims can enforce their claims against the bank
After a phishing attack, money disappears from your account, and the bank refuses to reimburse you. In most cases, however, the bank is legally obligated to refund unauthorized payments. Rogert & Ulbrich represents affected account holders in Cologne and will review your claim for reimbursement against the bank, both out of court and in court. We will enforce your rights.
Enforce legal claims in just 3 steps
Simple, convenient & fast – we enforce your rights.
commissioning
Give us your mandate easily and conveniently via online form from home.
1lawsuit & trial
We will take care of all the remaining steps for you. Sit back and relax.
2Success
We will successfully enforce your claim and you can enjoy the success immediately.
3Phishing in online banking: What those affected in Krefeld are currently experiencing
Phishing affects people every day who have done nothing wrong except trust a seemingly realistic message. A text message supposedly from a savings bank, an email for account verification, a call from a supposed bank employee: the deception is so sophisticated today that even vigilant account holders fall for it. Shortly afterward, several thousand euros are transferred, often abroad, often within minutes.
For clients in Krefeld, there's another important point to consider: Most regional banks, from savings banks and cooperative banks to large branch banks, now process payments almost exclusively digitally. Authorizations are handled via pushTAN apps, photoTAN, or SMS-TAN. Phishing attackers exploit precisely these methods, tricking victims into authorizing payments themselves without knowing what they are authorizing.
Many banks' initial reaction is: they authorized the payment, therefore there is no claim. This blanket statement is legally incorrect. Whether a payment was validly authorized and whether you acted with gross negligence are two separate issues. These are not decided by the bank, but ultimately by a court.
Has your account been affected by phishing? Have your claim for reimbursement checked before accepting the bank's rejection.
We will take care of your case – quickly & with commitment.
Your rights against the bank: Refund of unauthorized payments
The central claim of phishing victims arises from Section 675u of the German Civil Code (BGB). This provision clearly establishes the principle: In the case of an unauthorized payment transaction, the bank has no claim against you for the debited amount. On the contrary, it is obligated to refund the amount and restore the account to the balance it would have had without the unauthorized debit.
The timing is crucial: The refund must be processed immediately, at the latest by the end of the business day following your report. The bank may not delay the repayment by claiming it is still reviewing the case. A mere internal review does not justify blocking your funds for weeks.
What does "not authorized" actually mean?
A payment is only authorized if you have consciously and specifically agreed to it in relation to the payment transaction. This is precisely what is missing in phishing. While you may have entered a TAN or confirmed an authorization in the app, you did not intend to authorize a transfer to an unknown recipient, but rather believed it was a completely different process, such as a security check or the cancellation of an erroneous transaction. Authorization obtained through deception is not legally valid.
The bank bears the burden of proof.
Section 675w of the German Civil Code (BGB) is often underestimated. If there is a dispute between you and the bank as to whether a payment transaction was authorized, the bank must prove that the payment was properly authenticated and correctly recorded. The mere fact that a TAN (transaction authentication number) was used does not prove that you actually authorized the transaction or acted with gross negligence. This burden of proof is one of the strongest tools available to those who have suffered losses.
The bank is referring to an authorization allegedly granted by you? We are checking whether the prerequisites for a valid authorization are actually met.
When the bank refuses repayment: the dispute over gross negligence
In practice, banks almost always invoke Section 675v of the German Civil Code (BGB). This provision regulates when the account holder is liable for the loss. The principle is consumer-friendly: In the case of a misused payment instrument, you are generally only liable up to an amount of 50 euros. You only bear the full loss if you intentionally enabled the payment or acted with gross negligence.
The entire dispute therefore revolves around the question of gross negligence. Gross negligence is defined as a particularly serious breach of the required standard of care in traffic, meaning failure to consider obvious factors that should have been apparent to everyone. This is a high bar to clear, and it must be assessed on a case-by-case basis, not generally.
The courts have dealt with phishing several times in recent years. The prevailing view is that simply entering a TAN or authorizing something in a banking app does not, in itself, constitute gross negligence. The decisive factors are how professional the deception was, what specific warnings the bank displayed, and whether the victim had any reason to be suspicious. A deceptively realistic imitation of the bank's website or a well-executed phone call can, in fact, preclude a finding of gross negligence.
Furthermore, there is a point that banks rarely mention themselves: According to Section 675v Paragraph 4 of the German Civil Code (BGB), you are not liable even in cases of your own negligence if the bank has not required strong customer authentication, i.e., no verification via two independent factors. Negligence on the part of the bank shifts the risk back to the institution.
The bank is accusing you of gross negligence? They must prove this accusation. Have it reviewed to see if it would stand up to legal scrutiny.
The most common phishing scams and their legal assessment
Not all phishing attacks are the same. The question of gross negligence depends on the specific details of how the attack was carried out. These are the methods we most frequently see in practice:
- Smishing: A text message supposedly from your bank requests confirmation or reactivation of your account and links to a fake login page. Because the message often appears in the same text message thread as genuine bank texts, the scam is particularly difficult to detect.
- Pharming: Malware or manipulated network settings redirect you to a fake website despite you entering the correct bank address. The error lies technically outside your control.
- Spoofing calls: The display shows your bank's real phone number, but the caller is a scammer who pressures you to authorize something in the app. The manipulated caller ID removes any obvious suspicion from the call.
- Fake bank employee: The caller claims to want to stop a suspicious debit, but by doing so, they trick you into authorizing the fraudulent payment. The story is plausible and creates a sense of urgency.
- Real-time transfer: Many attacks exploit instant bank transfers because the money reaches the recipient within seconds and recovery is virtually impossible. This shifts the focus to claims against the perpetrator's own bank.
For legal assessment, each of these tactics must be examined individually. The more sophisticated and the closer to the bank's genuine communication, the more difficult it is to prove gross negligence. We analyze the sequence of events in your case in detail and identify precisely the points that argue against a finding of gross negligence.
Are you unsure how your case should be classified? Describe the events to us, and we will assess your chances of success.
Deadlines and securing evidence: What you should do immediately
After a phishing incident, the right approach in the first hours and days often determines success. Three things are particularly important.
Report it immediately and have it blocked.
Report the unauthorized debit to your bank immediately and have your account and access blocked. Additionally, file a police report. Both actions document your lack of consent and will be crucial evidence for your claim later.
Observe the 13-month deadline
According to Section 676b of the German Civil Code (BGB), your claims are excluded if you do not inform the bank of the unauthorized payment transaction no later than 13 months after the debit date. This deadline assumes that the bank has properly informed you of the debit, for example, via a bank statement. Do not rely on this maximum period: the faster you react, the better your position.
Secure evidence
Keep everything that proves the attack: the fraudulent text message or email, screenshots of the fake website, call logs, and communication with the bank. Write down the exact sequence of events while it's still fresh in your mind. These documents often determine later whether the accusation of gross negligence can be refuted.
Further information about your rights under banking law can be found here.
The 13-month period begins on the day the claim was filed. Don't wait until it has expired; have your case reviewed early.
Out-of-court settlement or litigation: How we enforce your claims
If the bank refuses reimbursement, that's rarely the end of the matter. We first demand repayment from the bank out of court, explain the legal situation, and confront them with their own burden of proof under Section 675w of the German Civil Code (BGB). In many cases, institutions relent at this stage because their blanket refusal doesn't stand up to close scrutiny.
If the bank persists in its refusal, we will enforce the claim in court. Rogert & Ulbrich has extensive experience in disputes with banks and financial service providers and has conducted numerous proceedings against institutions. We are familiar with the banks' argumentation patterns and know where they are vulnerable.
Special case: Phishing on the business account
Businesses are also targets of phishing, for example, when a business account is emptied through manipulated payment authorizations or so-called CEO fraud, where perpetrators impersonate company management. Different standards apply in these cases than for consumers, because certain protective regulations between companies and banks can be waived. Whether and to what extent your company has a claim depends on the specific agreements with the bank and the course of the attack. We will review your case and represent companies in Krefeld in such situations.
Are you unsure whether taking legal action against your bank is worthwhile? We assess your chances of success and clearly explain what a realistic outcome of pursuing your case can be.
FAQs – Frequently Asked Questions about Phishing and Banking Law for Krefeld
Your banking law lawyers for Krefeld
Rogert & Ulbrich represents clients nationwide in banking and capital markets law, with attorneys Dr. Marco Rogert and Tobias Ulbrich. The firm has handled numerous cases against banks and financial service providers and is familiar with the institutions' practices in dealing with phishing cases from many proceedings.
We represent your interests out of court with your bank as well as in court. From the initial letter and the handling of the burden of proof to the filing of a lawsuit, we manage the entire process for you. You can conveniently engage our services online, allowing us to act quickly without you having to appear in person.
Was your account debited following a phishing attack and the bank is refusing to refund you? Get in touch and secure your rights.
Professional advice & support
We offer you professional and comprehensive initial advice in the area of banking and capital market law. Take advantage of your opportunity and avoid mistakes.
