Takeaway: The 3rd Panel of the Superior Tribunal de Justiça held that financial institutions must indemnify victims of the so-called “ghost hand scam,” a fraud in which criminals, posing as bank employees, induce customers to install an application and then gain remote access to their bank accounts.
In this case, the victim was led to install a fraudulent application, which enabled the contracting of a BRL 45,000 loan and the execution of several transactions outside her usual profile. The lower court had reduced the compensation, arguing that the customer had “facilitated” the scam. The STJ overturned this decision.
The STJ found that the bank failed to provide adequate services, as it authorized clearly atypical transactions without blocking them.
The STJ also rejected the argument of the victim’s contributory fault. According to the reporting Justice, compensation may only be reduced when there is a conscious assumption of risk, which, in principle, does not occur in this type of fraud, characterized by social engineering and inducement to error.
From a practical standpoint, the decision reinforces that banks must have effective systems in place to detect and block transactions that deviate from a customer’s profile. For consumers and companies, the message is straightforward: banks do not request the installation of applications or remote access to mobile devices. In case of doubt, the recommended course is to interrupt the contact and seek confirmation through the institution’s official channels.
Click here to access the full decision.
The MAC Advogados team closely monitors high court decisions on civil liability, assisting institutions and companies in reviewing security protocols, managing crises in fraud cases, and providing technical defense in high-complexity litigation to ensure compliance with consumer protection standards and the security of financial operations.