Interesting EU opinion requires banks to immediately refund losses to phishing victims - even if the bank was not at fault in the fraud. If the bank later finds that customer negligence played a role, they can go after the customer to recover the refund. Seems reasonable to me - banks have the resources to monitor their brands for phishing sites while consumers do not. https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/