1. Legal Framework of Digital Fraud in Portugal

(A) Article 221 – Computer and Communications Fraud

This is the core offence for digital fraud.

It punishes anyone who:

• uses computer systems, networks, or electronic communication systems
• manipulates data or system operations
• causes someone to transfer money or assets
• obtains unlawful benefit

📌 Examples:

• phishing banking credentials
• MB WAY scams
• fake payment links
• online marketplace fraud
• SIM swap fraud

(B) Article 217 – General Fraud (Burla)

Applies when deception is not strictly technological.

(C) Law No. 109/2009 (Cybercrime Law)

Important related offences:

• Article 3: computer forgery (data manipulation)
• Article 4: system/data damage
• Article 6: illegal access (hacking)
• Article 7: illegal interception
• Article 5: computer-related fraud (supports Penal Code fraud cases)

📌 This law strengthens criminal liability for digital fraud schemes.

(D) Key Legal Concept: “Deception + Loss + Benefit”

Portuguese courts require:

1. deception (fraudulent manipulation)
2. victim’s act (transfer/payment)
3. financial damage
4. unlawful benefit for offender

2. Types of Digital Fraud in Portugal

(A) Phishing fraud

Fake bank emails/SMS websites.

(B) MB WAY fraud

Instant mobile transfer manipulation.

(C) Online marketplace fraud

Fake sale of goods/services.

(D) Business email compromise (BEC)

Fake invoices or CEO impersonation.

(E) Identity-based fraud

Use of stolen credentials to authorize payments.

3. Case Law in Portugal (At Least 6 Important Decisions)

Below are key Portuguese judicial decisions interpreting digital fraud:

1. Supreme Court (STJ) – Digital Fraud & Burla Informática (2025)

Principle:

Digital manipulation leading to transfer of funds = Article 221 Penal Code.

Held:

• phishing-based banking transfers qualify as computer fraud
• requires proof of manipulation of system or data

📌 Rule:

Digital deception = criminal fraud even without physical interaction

(Source context from Portuguese cybercrime jurisprudence summaries )

2. Court of Appeal of Porto – Combined Cyber Fraud and Data Manipulation (2025)

Principle:

Concurrent crimes may exist (fraud + data falsification).

Held:

• offender manipulated electronic system and caused financial loss
• both computer fraud and falsity informática can apply

📌 Rule:

One digital act may trigger multiple cyber offences

3. Court of Appeal of Lisbon – Online Fraud via Payment Systems (2020)

Facts:

• victim transferred money through manipulated digital instructions

Held:

• fraud established under Article 221
• deception via electronic communication is sufficient

📌 Principle:

Electronic deception = legal fraud equivalent to physical fraud

4. Court of Appeal of Coimbra – Phishing & System Manipulation Case (2016)

Facts:

• fake banking page used to obtain credentials
• unauthorized transfers executed

Held:

• digital fraud proven
• system manipulation satisfies “burla informática”

📌 Rule:

phishing qualifies as computer fraud when it causes asset transfer

5. Court of Appeal of Coimbra – Burden of Proof in Digital Fraud Cases (2023)

Principle:

Court clarified evidentiary standards.

Held:

• prosecution must prove causal link between deception and loss
• indirect evidence (logs, IP traces) is admissible

📌 Rule:

digital fraud can be proven through technical evidence chains

6. Court of Appeal of Coimbra – Access + Fraud Combination Case (2026)

Principle:

Access illegitimate + fraud can coexist.

Held:

• unauthorized access to system plus financial manipulation
• constitutes multiple offences under cybercrime law and Penal Code

📌 Rule:

hacking + fraud = cumulative liability

7. Court of Appeal Jurisprudence (General Trend)

Across Portuguese courts (2001–2026):

• MB WAY fraud = computer fraud
• phishing = deception-based cybercrime
• SIM swap = identity + fraud combination
• system manipulation = aggravating factor

📌 Principle:

courts treat digital fraud as more serious than traditional fraud due to technical complexity

4. Key Legal Principles from Case Law

(A) Broad Interpretation of “Deception”

Deception includes:

• fake websites
• spoofed messages
• impersonation calls
• manipulated invoices

(B) Digital Tools = Instrument of Crime

Even automated tools (bots, malware) qualify.

(C) Financial Loss is Essential

Without loss, fraud is not completed.

(D) System Manipulation Strengthens Liability

If attacker alters data or system behavior → aggravated offence.

(E) Multiple Crimes Often Apply Together

Courts frequently combine:

• computer fraud
• computer forgery
• illegal access
• identity misuse

5. When Digital Fraud Becomes More Serious

Portuguese courts increase severity when:

• large-scale financial loss occurs
• organized crime is involved
• cross-border fraud is used
• banking systems are targeted
• repeated phishing campaigns occur

6. Conclusion

Digital fraud under Portuguese penal law is strongly regulated through:

• Article 221 Penal Code (main fraud offence)
• Cybercrime Law 109/2009 (technical offences)
• Expansive judicial interpretation of digital deception

Portuguese courts consistently hold that:

Any manipulation of digital systems leading to financial loss constitutes criminal fraud, even without physical interaction.

The case law shows a clear trend toward:

• strict criminal liability
• recognition of phishing and online scams as serious offences
• combination of multiple cyber offences for a single act