Phishing Victim? Learn How to Recover Your Money

Phishing has become one of the most common scams in Spain. According to a recent study, 33% of Spaniards have been victims of phishing, positioning it as the most reported threat in the country. Additionally, 74.7% of respondents stated they had experienced some type of fraud attempt in the past year, with phishing being one of the most commonly used techniques

What is phishing?

Phishing is a fraud technique that seeks to obtain confidential information from victims through identity impersonation of trusted entities, such as banks or public institutions. Criminals use various methods to deceive people and get them to provide personal data, passwords, or financial information. It’s not just the typical suspicious email. Today they can reach you via SMS, WhatsApp… or even through a simple QR code.

Most common types of phishing

Classic phishing

This is the most well-known type. You receive an email that appears to be from your bank. It includes their logo, an address that resembles the official one, and an urgent message («We have blocked your account,» «Access to avoid a penalty,» etc.). When you click on the link, you enter a fake website where you input your credentials. And that’s it: you’ve given them

How to recognize a phishing attempt? Keys to avoiding becoming a victim of phishing

Phishing attacks are designed to deceive users and obtain sensitive information, such as passwords, banking data, or personal identification. Although cybercriminals constantly refine their methods, there are some common signs that can help you identify these frauds before it’s too late:

• Urgent requests or imminent threats: A classic phishing tactic is creating a sense of urgency. For example, emails claiming your account will be suspended if you don’t click a link «immediately,» or messages alleging suspicious activity has been detected. This pressure aims to make you act without thinking or verifying.
• Grammar or spelling errors: Although phishing messages are becoming increasingly sophisticated, many still contain obvious writing, grammar, or translation errors. This is because they are often automatically generated or translated without review.
• Suspicious or redirected links: It’s essential to check the URL address before clicking. Although the apparent link may seem legitimate, by hovering your cursor over the link (without clicking), you can see the true destination address. If it differs from the company’s official domain, it’s probably a fraudulent site.
• Requests for confidential information: No legitimate financial institution, payment platform, or public administration will request your credentials, card numbers, or verification codes via email or SMS. If a message asks for this information, it’s almost certainly a scam attempt.

Being a

Have you been a victim of phishing? You can now claim against the bank

Can I claim against the bank if I have been a victim of a cyber scam or phishing?

Yes, you can and should file a claim. And now more than ever, with a new Supreme Court doctrine that strengthens banking customer rights.

On April 9, 2025, the Civil Chamber of the Supreme Court issued a landmark ruling that marks a turning point in banking phishing cases. This decision orders Ibercaja Banco S.A. to refund more than 56,000 euros to a customer who was a victim of a cyber scam. The Supreme Court considers that the bank did not act with the required diligence and that, according to the Payment Services Law, the responsibility lies with the financial services provider, not the user, except in cases of proven gross negligence or fraud.

What does this mean for you?

If you have suffered fraud in your bank account —whether through phishing, SIM swapping, or unauthorized transfers— you are not defenseless. This ruling sets precedent: banks cannot hide behind two-factor authentication or liability exemption clauses if they cannot clearly prove that you acted with gross negligence or deliberately allowed the fraud.

In the words of the Supreme Court:

«The provider’s liability is quasi-objective in nature. Once the transaction has been reported