Back

Delhi High Court Rules on Customer Negligence in Cyber Fraud Cases

Severity: Low (Score: 36.9)

Sources: Storyboard18, Barandbench

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: delhi, high, court, customers, suspicious, links, despite

Severity indicators: ot

Summary

The Delhi High Court ruled that customers who ignore security warnings and click on suspicious links cannot hold banks liable for losses due to cyber fraud. This decision arose from a case involving a customer who lost ₹2.6 lakh after clicking a phishing link. The court emphasized that customer negligence extends beyond sharing OTPs or login credentials to include interactions with suspicious links. The ruling overturned a previous decision that favored the customer, highlighting the importance of vigilance in digital banking. The Reserve Bank of India's 2017 guidelines were cited, indicating that banks are not liable if customers act negligently. The case underscores the shared responsibility between banks and customers in preventing cyber fraud. Key Points: • Customers clicking suspicious links are deemed negligent by the Delhi High Court. • The court's ruling emphasizes that negligence includes ignoring security warnings. • Banks are not liable for losses if customers fail to protect their credentials.

Detailed Analysis

**Impact** The ruling affects bank customers in India, specifically those using digital banking services, as it clarifies that customers who ignore security warnings and interact with suspicious links bear responsibility for resulting financial losses. The case involved a ₹2.6 lakh loss from a State Bank of India savings account due to a phishing scam. This decision may influence liability disputes between banks and customers nationwide, potentially reducing banks' financial exposure in cyber fraud cases where customer negligence is evident. **Technical Details** The attack vector involved voice phishing (vishing) and phishing messages prompting the victim to click on suspicious links, leading to unauthorized transactions. The fraud exploited social engineering to bypass security protocols, with no specific malware, CVEs, or technical indicators of compromise detailed in the sources. The case raised questions about credential compromise, OTP interception, and possible malware but lacked forensic evidence to confirm these technical aspects. **Recommended Response** Defenders should prioritize user education on recognizing and avoiding phishing links and calls, reinforcing the importance of not interacting with suspicious content despite repeated advisories. Banks must ensure robust multi-factor authentication and monitor for unusual login activities, although no specific technical vulnerabilities were identified. Monitoring for phishing campaigns and suspicious link interactions remains critical, as detailed forensic investigations are necessary to attribute credential compromise conclusively.

Source articles (2)

  • Customer clicking suspicious links despite warnings can't blame bank for losing money to cyberfraud — Barandbench · 2026-05-30
    The Delhi High Court recently observed that bank customers who click on suspicious links sent by fraudsters, despite security warnings not to so, are also to blame when they lose money through such cy…
  • Delhi High Court says banks cannot be blamed for cyber fraud losses if customers ignore ... — Storyboard18 · 2026-06-01
    The Delhi High Court has ruled that bank customers who click on suspicious links despite repeated security warnings cannot automatically hold banks responsible for financial losses arising from cyber…

Timeline

  • 2026-05-30 — Delhi High Court ruling on customer negligence: The court ruled that customers who click on suspicious links cannot automatically hold banks responsible for cyber fraud losses, emphasizing customer vigilance.
  • 2026-05-30 — Customer loses ₹2.6 lakh in phishing scam: An academic lost ₹2.6 lakh after clicking a phishing link that led to unauthorized transactions from his SBI account.
  • 2026-06-01 — Division Bench sets aside earlier ruling: The Division Bench of the Delhi High Court overturned a single-judge ruling that favored the customer, emphasizing the need for customer vigilance in digital banking.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • India (Country)
  • Financial (Industry)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed