By: Staff Writer
November 01, Colombo (LNW): Sri Lanka is confronting a surge in cyber-enabled crimes, particularly involving foreign actors targeting the financial sector.
Criminals are exploiting vulnerabilities in the country’s digital infrastructure to transfer funds from local accounts to foreign ones, highlighting the increasing sophistication of cybercriminal networks.
According to the Criminal Investigation Department (CID), cybercriminals typically fall into one of four categories: black hat hackers, cyberstalkers, cyber terrorists, and scammers.
Among them, black hat hackers pose a serious threat by infiltrating networks to steal sensitive data such as credit card details and passwords.
The Computer Emergency Readiness Team (CERT) recently issued warnings about a spike in fake messages circulating on social media and messaging platforms like WhatsApp.
These messages impersonate credible institutions such as banks or commercial entities to fraudulently obtain personal information.
CERT’s findings indicate that cybercriminals are leveraging social media, fake websites,
SMS, and even physical mail to deceive victims with promises of rewards or donations, ultimately requesting sensitive data, including One-Time Passwords (OTPs).
CERT cautions users against sharing OTPs over messaging platforms, as it could allow hackers to gain unauthorized access to their accounts, which they can then use to solicit further sensitive information from other contacts.
CERT has urged the public to be cautious about sharing personal information online and recommends verifying requests by consulting official channels or directly contacting organizations.
In recent cases, professionals, not just general citizens, have increasingly become targets of cyber scams, as noted by Police Media Spokesman DIG Nihal Thalduwa.
With social networks facing mounting scrutiny over data misuse, platforms are imposing tighter access restrictions, though motivations behind these changes—whether user protection or concerns over government surveillance—remain uncertain.
Prominent tech companies, including Apple, Google, Microsoft, and Facebook, have publicly emphasized their commitment to user privacy by refusing government data requests.
Despite awareness campaigns by banks advising users to ignore scams, such as messages demanding processing fees for fictitious lottery wins, hackers continue to bypass security protocols and gain access to funds, which they promptly move to foreign accounts.
After these transactions are completed, tracking the perpetrators becomes nearly impossible as they erase digital traces from their devices, explains DIG Thalduwa.
These scams often involve millions of rupees, making financial fraud a serious issue for the nation.
In response to the cybercrime rise, Sri Lanka has strengthened its cooperation with international partners. For example, a delegation of ten Chinese law enforcement officials recently arrived in Sri Lanka to assist in combating cybercrime.
This partnership followed a diplomatic request from the CID, as foreign nationals are often implicated in these financial fraud cases.
The CID is also working on enhancing Sri Lanka’s legal framework and collaborating with agencies like Interpol and Europol, though many challenges remain.
