Fake text messages - but no one is liable?

A bank customer falls for a deceptively genuine text message, loses almost 5,000 euros through fraud - and still has to pay for the loss. As reported by heise online, the regional court in Bielefeld has now made it clear: A household contents insurance policy with included "internet protection" does not have to pay out if phishing is not carried out by email but by text message.

What initially sounds like a legal detail has tangible consequences: Anyone who believes they are on the safe side with supplementary internet insurance could end up empty-handed in an emergency - depending on how the fraud came about. This is shown by a reference decision of the Bielefeld Regional Court dated September 25, 2025 (Ref.: 22 S 81/25), which is currently causing discussion in the legal scene.

The devil is in the detail - No protection for fraudulent text messages

In this particular case, a Volksbank customer was lured to a fake login page with a text message that supposedly required her banking app to be updated, where she entered her login details in good faith. The fraudsters were able to apply for a digital Girocard without her knowledge and then debit it with around 5,000 euros.

The bank refused to reimburse the customer, accusing her of gross negligence. However, the lawsuit against the insurance company was also unsuccessful: first before the district court in Halle/Westphalia, then before the regional court in Bielefeld. Its judges emphasized: The insurance terms and conditions expressly only cover phishing attacks via email - text messages are expressly excluded.

Reason: E-mails and text messages are not similar, according to the court. An email provides more information about the sender, for example through sender addresses or header information. An SMS is technically simpler, but more difficult to check - a point that insurers apparently use to clearly limit their liability.

Only those who read carefully are really protected

The case is a lesson in insurance cover in the digital age. Terms such as "internet protection" sound comprehensive - but they are not. Even the exact wording in the contract can decide whether an insurance company pays out or not. A text message is not an e-mail, and the term "phishing" is often interpreted narrowly in policies.

Comment: Insurance companies love exceptions - customers pay the price

The case shows what many people rely on - and what is ultimately missing: real protection. While insurers like to advertise comprehensive internet protection, they often point to a sophisticated list of exceptions in the event of an emergency. A digital attack is then only insured if it takes exactly the right route - in case of doubt, not via text message, messenger or browser pop-up.

Anyone who believes that everything is taken care of by taking out a supplementary policy is mistaken. The reality is: if you don't read carefully, you pay twice - first the premium, then the damage. In a world in which digital attacks are becoming increasingly creative, narrow insurance definitions seem like relics from the days of fax machines.

Conclusion? If you want to protect yourself, you don't just have to compare the price - you have to read the small print with eagle eyes. Otherwise, "Internet protection" quickly becomes a placebo with a pretty label.