German Court Rules Victims – Not Banks – at Fault in Phishing Scams

A German court ruled earlier this week that victims of phishing scams, and not banks, are responsible for money lost in online scams.

A German court ruled earlier this week that victims of phishing scams, and not banks, are responsible for money lost in online scams.

The German Federal Court of Justice in the town of Karlsruhe made the ruling on Tuesday, according to English language German newspaper The Local, which called the ruling a landmark judgment.

The case in question involved a retiree who lost approximately $6,600 after mistakenly entering his banking credentials on a fake bank website. Citing another German newspaper, Süddeutsche Zeitung, The Hour claims the plaintiff entered ten TAN codes, transaction numbers used for German banks, into a site that resembled his bank, Sparda Bank. Three months later, the money was siphoned into a Greek account without his authorization.

While the plaintiff argued that the bank should have protected its customers from abusing the codes he entered, the judges upheld previous judgements by district and state courts and ruled the plaintiff’s own negligence was to blame.

Phishing has been on the rise in Germany, with counts spiking up 82 percent, to 5,300 reported incidents, in 2010.

For more on this, head to The Local.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.


  • Anonymous on

    I agree with this ruling to a point and that is the victim should have been watching what he was clikcing on and where he was entering in his information. However if the bank was watching its accounts for abuse it would have seen these transactions and could have stopped them or froze his account. Moral of the story is watch where you are entering senisitve information as it will cost you if live in Germany.

  • jan on

    How long before the courts say that the end user is liable for man-in-the-browser? (Except when the bank requires javascript ...)
  • Anonymous on

    I agree with the first post. You user of the computer needs to be aware of what he is doing at all times. People like to pass the blame if they can, especially when it's something big, and they definitely don't like to say it was their own fault. When I was traveling, my bank froze my account because they saw purchases made in completely different areas than I was from. All it took was a simple call for me to have it unfroze.


  • Anonymous on

    protecting big money

  • Anonymous on

    The debate about culpability continues. With banks ruled not liable and the phishers uncaught, phishing stand to become a booming industry.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.