The digitalization of the banking sector, driven by the Fourth Industrial Revolution, has significantly impacted the ease of financial transactions through digital banking services. However, this progress also creates vulnerabilities to cybercrimes, particularly phishing, which aims to steal customers' personal data via fake websites or messages. This article examines relevant legal frameworks, including Law No. 19 of 2016 on Electronic Information and Transactions (EIT Law), the Indonesian Criminal Code (KUHP), and regulations issued by the Financial Services Authority (OJK), such as POJK No. 12/POJK.03/2018 on Digital Banking Services. Employing a normative qualitative approach, the study explores the legal protection available to customers as phishing victims and the responsibilities of banks in preventing and addressing such threats. This article recommends strengthening banks' technological security systems, enhancing customers' digital literacy, and enforcing laws more effectively to establish secure and reliable digital banking services.