📈 Sri Lanka Reports Surge in Online Banking Fraud via Social Engineering

A sharp rise in digital banking adoption across Sri Lanka has led to a noticeable increase in online financial fraud. The Association of Professional Bankers Sri Lanka highlights that cybercriminals are exploiting human error rather than hacking bank systems, using urgency and fear to deceive customers. • Modus Operandi: Fraudsters use fake SMS, WhatsApp, Facebook ads, and phone calls impersonating bank or government officials. Victims are lured via phishing links to counterfeit websites to steal login credentials, PINs, and One-Time Passwords (OTPs). • Critical Defense Measures: No Sri Lankan bank will ever request passwords, PINs, CVV numbers, or OTPs via phone, text, or social media. Users must manually type official URLs, look for "https://" secure padlocks, and avoid clicking promotional links. Sharing an OTP effectively authorizes a unauthorized transaction; it must never be disclosed to third parties. • Device & Platform Security: Given heavy reliance on mobile banking apps, consumers must secure devices by avoiding public Wi-Fi, disabling unauthorized app downloads, and verifying social media financial offers directly with institutions. • Emergency Protocol: If compromised, customers must immediately contact 24-hour bank hotlines to block accounts/cards, reset passwords, and report the incident to authorities. Awareness remains the strongest national defense.