Skip to main content

How to act if I am a victim of phishing?

By December 22, 2021phishing
Cómo actuar si soy víctima de phishing

Phishing is a technique used by cybercriminals to obtain personal and banking information from users, through which messages are sent impersonating the identity of banks, service companies or public entities (among others) to achieve an interaction with the recipient that allows access to such personal data. In this publication we will advise what to do and how to act if I am a victim of bank phishing in any of its modalities.

It is common to receive e-mails or sms that, in appearance, could come from a bank or company of which the recipient of such communication is a customer. To create such appearance and generate confidence in the victim, a graphic environment similar to that of the company in question is designed and/or communications are sent with a clear, concise and direct message that generates in the victim the need to click on the link it contains.

Examples of phishing

A clear example of phishing is the e-mail sent, in appearance, by a financial institution informing that the account has been blocked, requiring the victim to click on a link to unblock it.

Another example is the increasingly frequent communications that impersonate the identity of courier companies, in which the appeal to click on the link sent are messages such as “click to track your package” or “we have not been able to deliver your package, click to arrange a new delivery”.

What to do if it is too late?

Clicking on the attached link allows the cybercriminal to access the victim’s personal information and bank details, which is why the sender’s address should always be verified before interacting.

The ultimate goal is to gain access to the victim’s bank accounts and credit cards, so you should immediately check (if possible from a different terminal than the one used to click on the link) if there has been any undue charge on bank accounts or credit cards and be very attentive to the movements in the coming days.

It is usual that, in these cases, several charges are made on the debit or credit card (up to the daily limit available) that have as destination a virtual POS that is usually located in Eastern countries (Bulgaria or Romania among others), Baltic countries (Estonia, Latvia or Lithuania) or Russia.

In the event that the charges are verified, it is necessary to speak immediately with the bank to report the incident.
At the same time, it is highly advisable to contact a lawyer in order to carry out the next steps in the best possible way.

Among these actions we can highlight the drafting of the complaint, as well as the drafting of a formal letter to the financial institution issuing the credit card.

Portillo Estudio Legal recommends that you contact us from this initial phase to try to facilitate the rest of the process aimed at recovering your amounts.

Ways to recover the amounts

When we talk about phishing, we refer to a crime of fraud through computer media, without prejudice to which, there are ways away from the criminal jurisdiction to claim the stolen amounts.

The most effective way would be linked to the verification that the card issuer has implemented the necessary security measures to ensure the identity of the payer and the authentication of the transaction. If this is not the case, there would be the possibility of claiming against it for omission or neglect of its obligations, imposed through Royal Decree-Law 19/2018, of November 23, on Payment Services.

This is the fastest and most effective way to recover the money.

In some cases, the insurances contracted by the financial entities assume the damages caused by phishing as a claim, discounting the injured party only a small amount as an excess.

In the event that the insurance company of the corresponding bank or savings bank rejects the claim, it will be necessary to go to court to demand the return of the amounts charged without due diligence on the part of the financial entity in the verification and control of the issuer of the transaction.

As we anticipated, there is also the possibility of going to criminal proceedings, a much slower and more tedious path since the identity of the offender is unknown, the collaboration of other countries is required and, on many occasions, the trail of the stolen funds is lost as they are reinvested in cryptocurrencies and other assets that are difficult to track.


If you have been a victim of phishing, we suggest you contact Portillo Estudio Legal to evaluate your case and recover your money with the least amount of headaches.