Will you get your money back if you are a victim of phishing?
More and more people are becoming victims of phishing or other forms of online fraud. Significant sums are stolen from a bank account, or the bank account is “hacked”. The perpetrators often operate from abroad and the police and public prosecutor’s office do not have sufficient resources to investigate. So is there still a chance you will ever get your money back?
In this Wanted Fact, we set out a number of possible actions if you are a victim of phishing.
Notify your bank immediately of the unlawful transactions and have the accounts blocked
If you are a victim of phishing in which your data has been stolen, and money has already been diverted using that data, inform the bank immediately. Do not wait until the next business day, but try to notify the bank via any possible channel so that certain transactions can still be blocked.
Legal nuance: what do we mean by “notification”? By “notification” we mean, in practice: the moment you inform your bank (and/or Card Stop) and explicitly ask to block the relevant payment instruments and access channels. Note down the date/time and the channel used (phone, app, branch, email) and, if possible, ask for a reference number.
If, after notification, transactions are still carried out without your consent, the bank must reimburse these amounts to you without further formalities. This is a form of risk liability. The bank must be able to ensure that everything is blocked after notification. If that fails because it would no longer be technically possible, the risk lies with the bank, which remains liable for the damage.
Also contact Card Stop to have your card blocked. This can be done on 078 170 170.
Practical: calling from abroad If you are abroad or calling with a foreign provider, the format +32 78 170 170 is often used.
Also keep a very careful record of all communication you have had with your bank, as this will remain essential in any further (legal) discussions.
Legal nuance: speed remains crucial The faster you notify and have things blocked, the stronger your file usually is and the greater the chances of limiting further damage. So do not wait “until tomorrow” if you already see irregularities today.
Be sure to file a police report
Gather all evidence of the phishing and of the unauthorised transactions and file a report with the police. It cannot hurt to report it, even if the complaint will almost never lead to a positive outcome. However, the bank will also expect you to have done so, so it is strictly necessary.
Practical: additional reporting channel In addition to filing a police report, in many cases you can also report via ConsumerConnect (FPS Economy). This can help register fraud practices and provide targeted information on possible next steps.
Contact the bank to obtain reimbursement for transactions made before notification
Usually, you only realise afterwards that you have been scammed and became a victim of phishing. The damage is then already done because the money has already disappeared from the account. Any notification to the bank therefore always takes place at a later time. But is the bank then not liable at all?
In this situation too, it is advisable to contact your bank with a view to obtaining reimbursement. In most phishing cases, the bank will reimburse everything. In some cases, there is a limited own liability of EUR 50.00, with the bank reimbursing anything above that amount.
Legal nuance: explicitly dispute the transactions (and in writing where possible) Try — in addition to a phone notification — to also obtain written confirmation (e.g., via the banking app, chat or email) of which transactions you dispute as unauthorised. This often makes later discussions easier.
What are the conditions:
- You could not detect the loss, theft or unlawful use of your data before a payment took place.
- You must not have acted fraudulently yourself.
The bank is required to reimburse you unless it proves that you committed fraud, that you acted intentionally (and therefore fraudulently) or that there was gross negligence that allowed your data to be stolen.
A lot has already been written about this gross negligence.
In concrete terms, it must be a fault or negligence that is so serious and excessive that it would not be committed by any other reasonable person. Gross negligence therefore requires more than mere carelessness.
Some examples of gross negligence:
- Giving your PIN code or response code for online banking to strangers over the phone;
- Writing your PIN code on your bank card;
- Leaving your card or data unattended in a space accessible to third parties (e.g., a hospital room);
- Noticing someone watching you while withdrawing cash at an ATM and still entering your code.
Every case is different. It is important to document your file well with the necessary evidence so that you can show that anyone could have become a victim of the scam.
Practical: watch out for “recovery scams” After phishing, scammers sometimes try to strike a second time, for example by pretending to be a “helpdesk”, “bank”, “police” or a “service that can recover your money”. Never pay upfront and always verify via official channels.
Victim of phishing or online fraud?
Then be sure to contact the lawyers at Wanted Law. You can let us know when it suits you best for us to contact you. We will then call you for a brief consultation at a time that works for you.
Book your video consultation with a lawyer at Wanted Law here!
Would you like to consult quickly, without hassle, without travel, but in complete peace and quiet with a lawyer? Make it easy and book a video consultation via our webshop.
Once booked, a lawyer at Wanted Law will contact you quickly and schedule your appointment according to your availability.