The Supreme Court of Russia has invalidated a loan agreement fraudulently obtained through the hacking of a client's account in a bank's mobile application. This was reported by TASS, citing a review of judicial practice.
According to the case files, fraudsters reconnected the victim's phone number to their own, then called Alfa-Bank and disabled the notification function in the Alfa-Mobile application. After that, using an electronic signature, they took out a loan of 265.5 thousand rubles in her name. Notifications with one-time passwords were sent to the attackers' controlled number.
A criminal case was initiated regarding the incident, and a suspect from Novosibirsk was put on the wanted list. The court of first instance, followed by the appellate and cassation instances, refused to recognize the agreement as invalid, citing the incomplete investigation and the client's alleged imprudence in using an electronic signature.
The Supreme Court overturned these decisions, pointing out significant violations of legal norms in their issuance. In the ruling, the court also recalled the position of the Constitutional Court from October 13, 2022, according to which the bank is obliged to take increased precautions when issuing loans remotely, especially if the money is immediately transferred to third parties.
Read more on the topic:
Neither give nor take: fraudsters cleverly use self-bans on loans to deceive Russians
After the introduction of self-bans on loans, fraudsters may increase phishing attacks on Russians
Data at your fingertips: why and how fraudsters hack "Gosuslugi" of Russians