SLCERT issues public warning over surge in financial fraud cases
2026-01-30 - 09:49
Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) has issued a public warning over a surge in financial fraud cases involving bank and police impersonation scams, urging the public to remain vigilant and avoid sharing personal or financial information. In a media release issued today (Jan. 30), SLCERT said it has received multiple complaints about fraudulent SMS messages and online notifications claiming that credit cards have been suspended due to “suspicious activity.” The media release further adds : Approach Used by Fraudsters • Fake Bank Alerts via SMS and Online Messages It has been reported that scammers send messages stating that a credit card has been suspended due to “suspicious activity,” often mentioning the names of several well-known banks to appear credible. Recipients are instructed to reactivate their cards by clicking on a link and providing sensitive personal information, including their National Identity Card (NIC) number. These messages typically warn that the card will be permanently cancelled if the information is not provided within 24 hours, creating a sense of urgency. Alarmed recipients may then click on the link and submit their details. Subsequently, fraudsters gain access to the victims’ bank accounts, send a One-Time Password (OTP) to the victim’s phone, obtain that OTP through deception, and proceed to steal funds from the account. • Police Impersonation via WhatsApp Video Calls In another reported method, some victims have received WhatsApp video calls from individuals dressed in police uniforms, impersonating Assistant Superintendents of Police. These callers claim that a criminal is in police custody and allege that the criminal has used the victim’s name and NIC details to obtain credit cards from multiple banks and commit large-scale fraud. The impersonators pressure and intimidate victims by questioning them while quoting their NIC numbers and bank account details. Complaints indicate that this information is often data previously obtained through earlier fraudulent messages but is presented in a way that makes victims believe it is being accessed by law enforcement. Victims are then threatened with arrest, leading to some transfer of large sums of money in an attempt to avoid legal action. Sri Lanka CERT strongly urges the public to: • Never share personal or financial information, including NIC numbers, card details, passwords, or OTPs, through unknown or unverified links received via SMS, email, or online messages. • Be cautious of unsolicited calls or video calls, even if the caller claims to be a police officer or bank official. • Verify directly with your bank or the relevant authorities using official contact details before taking any action. • Report suspected fraud immediately to your bank.