AC
Anasayfa Makaleler Computer Crimes

TCK Article 158/1-f Qualified Fraud with Information Systems: Attack Scenarios

TL;DR

TCK m.158/1-f: Bilişim sistemi/banka/kredi kurumu araç olduğunda nitelikli dolandırıcılık (3-10 yıl). En sık senaryo: phishing, BEC, IBAN sahteciliği, deepfake voice.

15 Şubat 2026 Computer Crimes 3 dk okuma 5 görüntülenme Son güncelleme: 9 Mayıs 2026

TCK art.158/1-f, when the information system, bank or credit institution is the tool, it is the crime of qualified fraud (3-10 years + criminal money). The 5 most common scenarios: phishing, BEC, IBAN fraud, deepfake voice, card copying.

5 attack scenarios

  • Phishing: Collecting user password/OTP via fake bank SMS/email.
  • BEC (Business Email Compromise): Payment forwarding by impersonating the manager's e-mail.
  • IBAN fraud: Invoice PDF modification; Payment redirection to different IBAN.
  • Deepfake voice: Transfer confirmation in a bank call by imitating the manager's voice with AI.
  • Card copying: Stealing card information in skimmer or web application.

    • Victim side strategy

    • First 1 hour: Call the bank and request a chargeback.
    • Receiving SS hash chain + message/email original header.
    • Complaint to the public prosecutor's office (TCK art.158/1-f, MASAK, if necessary).
    • BTK + KVKK parallel application.
    • Forensics report (device image, mail header, IP geography).

    Perpetrator defense strategy

    • Against the claim of "conscious deception": defense of working under user instructions (financial courier defence).
    • Lack of intent: "I was also deceived" defense in multiple party chains.
    • Voluntary restitution + effective repentance (parallel to TCK Article 168).

    How long does it take to request a transfer recall to the bank?

    Practically within 1-3 hours; Collection is difficult after the interbank reconciliation period has passed. 60 days with CBRT chargeback procedure.

    How to refute the "financial courier" claim?

    Determination of the alleged courier's: (a) Whatsapp group messages, (b) e-mail chain regarding payment instructions, (c) connection with a criminal organization. Device examination + forensic report according to CMK article 134.

    Is the customer responsible for a BEC attack?

    Not generally, but lack of internal control (e.g. failure to confirm IBAN change over the phone) may be considered as joint fault.

    How to collect money transferred abroad?

    The Chief Public Prosecutor's Office with the MLAT (Mutual Legal Assistance Treaty) procedure. EU countries 6-18 months; USA is faster (Mutual Legal Assistance Treaty US-Türkiye).

    Is it covered by insurance?

    Partly yes, if there is a cyber insurance policy; scope BEC, ransomware, data breach. SME insurances generally include a cyber exclusion clause.

    Relevant legislation

    • TCK art.243 — Entering the information system (1-3 years + criminal money).
    • TCK Article 244 — Preventing/disrupting system operation (1-5 years).
    • TCK art.245 — Bank/credit card fraud (3-6 years).
    • TCK art.158/1-f — Qualified fraud when the information system/bank/credit institution is the tool (3-10 years).
    • CMK article 134 — Computer search, copying, seizure.
    Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case. Durations, rates and practice are shaped by jurisprudence; Check the current legislation before applying.

    Kaynaklar ve referanslar

    Kaynaklar

    TCK m.158/1-f Bilişim Sistemiyle Nitelikli Dolandırıcılık: Saldırı Senaryoları içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla