COMUNICAE Cybercriminals Empty the Bank Account of an Asturian Neighbor
According to Sello Legal Abogados, the defending firm, the thieves took 27,500 euros by fraudulently securing a loan.
The Provincial Court of Oviedo has fully upheld the ruling issued by the Court of First Instance number 1 of Cangas de Onís, which declared the nullity of a loan of 27,500 euros (approximately 30,000 dollars) and a virtual prepaid card contract, both fraudulently signed in the name of a client of a well-known Malaga bank following a "phishing" and "smishing" attack. The court considered that the entity could not demonstrate the legitimate authorization of the operations nor the due diligence in protecting the account.
The case dates back to April 2022, when the client, a resident of Cangas de Onís, reported suspicious movements in her account after receiving several fraudulent calls. Although the affected party didn't provide banking data, and this is key, the cybercriminals managed to access her credentials and, after linking a phone without any hindrance, proceeded to contract an instant loan of 27,500 euros (approximately 30,000 dollars), in addition to a virtual prepaid card with which multiple fund withdrawals were made.
The contracting was done instantly, online, and the credentials were sent to the phone previously registered by the cybercriminals, without any restriction from the financial entity.
Íñigo Serrano, attorney at Sello Legal Abogados and the victim's representative, states that the ruling is "very clear" in emphasizing that financial entities have "a heightened responsibility in the protection of funds." The judge concluded that the bank didn't adopt the required security measures to prevent this fraud and, furthermore, "failed to demonstrate that the operations were legitimately authorized. With this pronouncement, a further step is taken in the defense of banking users against cyber scams," Serrano notes.
He concludes by pointing out that this case is particular, as "the cybercriminals not only emptied the account but also managed to contract a loan and a prepaid card without the client's consent, which the ruling now annuls for 'cause torpe'."
"The justice system has highlighted the lack of a reinforced authentication system by the entity, the deficiency in detecting high-risk operations, and the failure to exercise due diligence by not blocking or alerting about these suspicious transactions," he adds.
In its resolution, the Court emphasizes that "technological advancement must be joined by reinforced protection for those exposed to fraudulent actions, not by shifting the risk to the client." Under this criterion, the ruling obliges the banking entity to return the account to its pre-fraud state and assume the legal costs, stressing that financial entities have a "practically objective" responsibility as guarantors of the security of their clients' funds.
The ruling sets a significant precedent in the field of cybersecurity and financial consumer protection, reinforcing the idea that entities must adopt adequate technical and control measures to prevent the occurrence of such massive scams.
More posts: