Staying safe from Cyber Scams in Sri Lanka
In today’s interconnected world, cybersecurity threats are invisible yet dangerous. Modern con artists use emails, social media, and even artificial intelligence to deceive people into giving away money or personal data. In 2023, a ransomware attack wiped out four months of government data, triggered by malicious links clicked by officials with no backups to restore it. From phishing emails to deepfake videos, scams are becoming more sophisticated. However, we can learn to spot the red flags and protect ourselves.
Phishing: Don’t Take the Bait
Phishing is one of the most common scams. Scammers send messages appearing to be from trusted sources to trick people into clicking malicious links or revealing sensitive information. For instance, you may receive an email claiming to be from your bank, urging you to verify your password or threatening to close your account. These messages create urgency, prompting you to act without thinking, but the link often leads to a fake site that steals your login credentials or payment details.
In 2023, a phishing attack led to a significant data breach of Sri Lanka’s government cloud, showing how a single careless click can have massive consequences. Scammers now use AI tools like ChatGPT to craft convincing, error-free emails, making it harder to spot malicious attempts. If you receive an unsolicited message, never click links or download attachments. Contact the company directly through official channels to verify the message’s authenticity.
Phishing isn’t limited to emails. It also includes “vishing” (voice phishing) and “smishing” (SMS phishing). Scammers may impersonate officials to claim an issue with your account or ask for your OTP (One-Time Password). In general, no legitimate entity will ask for your OTP or sensitive security information over the phone unless you have already initiated the communication. For example, if you call your bank for assistance or to complete a transaction, they may ask you to provide your OTP to validate your identity or authorise a transaction. However, if you receive an unsolicited call asking for your OTP or personal information, it is likely a scam.
Always remember that legitimate institutions will never reach out to you first and ask for sensitive details like your OTP. If you receive such a request, hang up immediately and call the institution directly using a verified phone number from their official website or your account statement to confirm the legitimacy of the request.
Mother of All Data Breaches:
A Wake-Up Call for Cybersecurity Awareness
In January 2024, the “Mother of All Data Breaches (MOAB)” revealed over 26 billion records from previous breaches, affecting major tech companies, social media platforms, and governments across multiple countries. The breach exposed email addresses, passwords, and personal details, which criminals can use for credential-stuffing attacks. Many people tend to reuse passwords, making this an added risk.
MOAB has made it easier for criminals to craft targeted phishing scams. The exposed data will fuel cybercrimes for years, highlighting the need for strong cybersecurity. Regularly update your passwords, enable two-factor authentication (2FA), and stay vigilant against unsolicited communication. The breach may seem distant, but its consequences are global, reminding us of the need for proactive digital security.
Deepfakes and AI Scams: When Seeing (or Hearing) Is Not Believing
AI-generated deepfake videos have become a new threat. These fake videos manipulate the likeness and voice of a trusted individual to create convincing frauds. For example, a deepfake video of Sri Lanka’s Central Bank Governor Nandalal Weerasinghe in March 2025 falsely endorsed a high risk financial scheme, despite appearing authentic.
Deepfakes aren’t limited to public figures; anyone can be targeted. In one case, an Arizona (US) mother received a call from an AI-cloned version of her daughter’s voice, claiming she had been kidnapped and needed ransom money. Similarly, a 2024 deepfake scam in Hong Kong targetted an employee, who was duped by a fake video of her boss urging her to transfer a large sum of money.
The lesson: don’t trust your eyes and ears alone. Always verify unexpected requests through other channels.
Mobile Banking Scams and Identity Theft: Guarding Your Personal Data
Mobile banking is growing in popularity in Sri Lanka, but it has also become a prime target for scammers. Criminals may create fake banking apps or websites that look identical to legitimate ones. Download apps only from trusted app stores, and avoid following unsolicited links or messages.
Identity theft is another risk. Cybercriminals can steal personal information, such as your National ID number, and use it to impersonate you. A major breach in early 2025 involved hackers stealing 1.9 terabytes of sensitive data from Cargills Bank. To protect yourself, change passwords immediately after a breach and monitor your bank accounts for unusual activity.
Scammers may also use social engineering tactics, pretending to be from legitimate agencies like the electricity or water board, claiming you owe payments and threatening service disconnection unless you pay immediately. Always verify the situation through official customer service lines.
Protecting Yourself from Cyber Scams: Tips and Habits
While digital threats can seem overwhelming, adopting simple safety habits can significantly reduce your risk. Here are practical steps to follow:
1. Think Before You Click: Be cautious of unsolicited messages, calls, or emails. If a message creates urgency or panic, verify it through official channels rather than clicking links or calling back the number.
2. Protect Your Login Information: Never share passwords or OTPs. Banks and government institutions will never ask for these over the phone or via email. If someone does, it’s likely a scam.
3. Use Strong Passwords and Two-Factor Authentication (2FA): Use unique passwords for each account and enable 2FA wherever possible. This provides an extra layer of security by requiring a verification code sent to your phone or email.
4. Update and Secure Your Devices: Keep your devices updated with the latest software patches. Install a trusted antivirus app and download apps only from official app stores.
5. Limit Personal Data Sharing: Be mindful of the information you share on social media. Scammers can use details like your birthday or phone number to steal your identity. Adjust privacy settings to limit who can see your posts.
6. Stay Informed and Teach Others: Cyber threats evolve, so staying informed is essential. Keep an eye on news about new scams targeting Sri Lankans, and share what you learn with family and friends.
Staying Vigilant in a Digital World
In Sri Lanka’s fast-paced society, it’s easy to think cybercrime affects “other people,” but anyone with a phone or Internet connection is at risk. Awareness is the key defence. By recognising phishing tactics or identifying deepfake scams, we can protect ourselves and those around us.
Trust your instincts. If something seems too good to be true or feels off, pause and question it. Scammers rely on quick reactions and pressure tactics. Slowing down and verifying can prevent costly mistakes.
Staying safe online doesn’t require technical expertise, just skepticism and verification. Protecting your digital life is just as important as locking your front door. While companies and authorities in Sri Lanka are stepping up, it’s up to each of us to stay informed and vigilant. By practicing these safety habits, we can create a community one step ahead of cybercriminals. Awareness is our best armor in this digital age.
Stay safe, and don’t let the cyber con artists win!
(The writer is a Software Architect with over 15 years of experience in software development currently based in the UK).
Hitad.lk has you covered with quality used or brand new cars for sale that are budget friendly yet reliable! Now is the time to sell your old ride for something more attractive to today's modern automotive market demands. Browse through our selection of affordable options now on Hitad.lk before deciding on what will work best for you!