Close this search box.
Close this search box.

The nullity of the credit requested through the crime of “phishing”

Tabla de contenidos

The nullity of the credit requested through the crime of “phishing”

La nulidad de crédito solicitado mediante el delito de “phishing”
The nullity of the credit requested through the crime of “phishing”

The increasing digitization of payment services has significantly increased the commission of bank fraud crimes (also known as “phishing”), consisting of the computer artifice by which a third party accesses the consumer’s bank accounts in order to steal their patrimonial assets. In addition to the outstanding balance in the affected bank account, there are cases in which the fraudster requests instant credit on behalf of the user that allows him to subtract more capital than the defrauded user has.

Unauthorized credit

The damage derived from computer fraud usually consists of a third party, after obtaining the user’s bank details through computer tricks, steals their funds in a completely unlawful manner. However, there are also cases where the fraudster requests an instant loan on behalf of the affected user whose amount is subtracted as soon as it is deposited by the bank, so that the fraudster manages to obtain more money from the affected party than is available in his bank account.

That is, if there is an amount of 13,000 euros in the affected bank account, and the alleged fraudster requests an instant credit for 15,000 euros on behalf of the user, once Said amounts are deposited (which is usually immediately after the credit application), the fraudster has at his free disposal a total amount of 28,000 euros. In this way, the damage is even greater since the injured party, in addition to seeing his funds reduced, now has a debt in the amount of 15,000 euros before the bank, whose monthly installments will have to be paid promptly so as not to incur delinquency.< /p>

Read: “Smishing, computer scam by SMS

Of the nullity of credit for lack of consent

In this regard, it is worth considering the provisions of article 1265 of the Civil Code, which says:

“Consent given by mistake, violence, intimidation or fraud shall be null.”

According to the aforementioned article, the total absence of consent of one of the contracting parties, as occurs when the fraudster requests a credit on behalf of the scammed absolutely simulating your consent, has as a legal consequence the nullity of the business. This nullity affects the entire title, that is, the entire loan contract since the lack of conformity on the part of the user is with respect to the business itself, of which he had no knowledge, and not a condition or clause specific contractual.

Of course, the annulment will take place as long as the credit has been requested without the consent of the debtor, and the defect in the consent is of an essential and excusable nature, that is, that from the events that occurred it can be clearly concluded that the user has not requested such credit. Therefore, the fraudster must be a total stranger and act without authorization, the victim being completely oblivious to what happened and not being able to avoid it by using medium or regular diligence.

In this regard, it is worth mentioning Ruling No. 1286/2018 of the Supreme Court, of April 5, 2018 (no. rec. 1233/2017), which is clear when considering that Contracts requested without the consent of one of the parties cannot be considered legal transactions under any circumstances. It goes like this:

em>(…) it is clear that one cannot speak of a contract or a legal business in cases like this in which one of the parties does not consent ex inicio to be bound, there may be an “appearance”, but not a business legal in the proper sense, and that appearance would be the deceptive element that would give life to the crime of fraud.

Of the effects of nullity

In article 1.303 of the Civil Code we find the effects of the nullity of a contract, as follows:

Declared the nullity of an obligation, the contracting parties must reciprocally restore the things that would have been the subject of the contract, with their fruits, and the price with interest”.

The aforementioned article establishes the effects ex tunc derived from the declaration of nullity of the contract, which translates into the duty of the parties to bring the legal situation back to the state it was in before the conclusion of the contract. In other words: the affected parties must return to the personal and patrimonial situation prior to the unlawfully requested credit contract. This means in the planned case of “phishing” that the bank, in addition to canceling the loan contract, must repay the monthly installments actually paid by the lender.

Procedural strategy: accumulation of actions

To solve the situation where the affected party sees his patrimonial assets stolen and also has to assume the payment of a loan that he did not authorize, the accumulation of actions provided for in article 71 is applicable of the Civil Procedure Law, through which both the action for nullity of the credit contract and the action derived from Royal Decree-Law 19/2018, of November 23, on payment services and other measures can be exercised jointly urgent financial matters, which establishes in its article 45 the possibility of claiming from the bank the restitution of the amounts unlawfully taken by the alleged fraudster.

That is, in the event that the bank does not assume its responsibility as a provider of payment services for unauthorized operations and does not pay the injured party the amounts that were unlawfully stolen, the following may be requested cumulatively in the same lawsuit before the Court of First Instance: i) the nullity of the credit agreement, ii) the restitution of the totality of the amounts of the monthly loan installments paid and, iii) the refund of unlawfully stolen balances.

It May Interest You: “Scams Digital: Bank’s Responsibility for Phishing

Nerea Ortiz de Zárate Beitia
Commercial Law Department


Leave a Comment

Artículos relacionados

Get information without obligation


    Under the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, CASAJUANA ASESORES S.L.P informs you that your personal data included in this form, will be included in a file created under our responsibility, in order to communicate with you to carry out the maintenance and control of the business relationship that binds us and may be transferred to third parties to manage the business relationship.
    According to Regulation (EU) 2016/679 of 27 April 2016, you may exercise your rights of access, rectification, opposition and deletion by writing to CASAJUANA ASESORES S.L.P at Calle de Diego de León, 47, 28006, Madrid or email


    Scroll to Top
    Abrir chat
    Scan the code
    ¿En qué podemos ayudarte?