News
Shadowy websites trip up bank customers
View(s):By Nidarshani Wickramasinghe
Nearly 500 complaints related to online fraud, including financial scams, have been reported to the Sri Lanka Computer Emergency Readiness Team (SLCERT) so far this year.
According to these reports, 95% of these incidents occur due to user error.
Senior Information Security Engineer at SLCERT, Charuka Damunupola, explained: “This is like a bank customer handing over their own credit card and PIN to someone else and asking them to withdraw money.
“These mistakes are largely made by users themselves. They open unfamiliar links promising discounts, gifts, or cash rewards, and then voluntarily provide OTPs, passwords, and other sensitive information.
“We continuously advise the public not to use the same password for social media accounts, email, and digital banking accounts. It is essential to use strong, secure passwords. Under no circumstances should these be shared with anyone, no matter what message or link is received on your phone.”
Meanwhile, the Sri Lanka Police has also noted a steady rise in reports of fraudulent websites that closely resemble legitimate bank websites and online banking portals.
In addition, police have uncovered a dangerous form of financial fraud involving ‘.apk’ files distributed through WhatsApp and Telegram.
These files are often disguised as wedding invitations, electricity bills, or prize notifications. When a user clicks on them, believing them to be an image or PDF, malicious software is immediately installed on their phone.
This malware can allow hackers to control the user’s phone screen and read SMS messages. As a result, confidential OTP codes related to bank accounts can be intercepted without the user’s knowledge.
Therefore, users should never download or open suspicious ‘.apk’ files received from unknown numbers or even from someone appearing to be a friend.
When downloading applications, users should always use only the Google Play Store or the Apple App Store. It is also important to ensure that the ‘Install Unknown Apps’ setting on their phone is disabled.
If someone falls victim to such a scam, they should immediately contact their bank to freeze their accounts and report the incident to the nearest police station or to the Computer Crime Investigation Division of the Criminal Investigation Department.
Explaining the issue, Mr Damunupola emphasised that there are currently no inherent security flaws in Sri Lanka’s banking system or its digital banking infrastructure.
According to him, the banking system itself remains fully secure.
“No one can take control of a bank’s official website. What fraudsters do instead is create fake websites that closely imitate the original. When users receive a link on their phone, they often fail to verify whether it is genuine because the fake site looks almost identical to the real one. They assume it is legitimate and enter their passwords and OTPs. This is known as a phishing attack,’’ he said.
“Malicious software can also take complete control of a smartphone. Banking apps, WhatsApp, email, and social media accounts can all become accessible to hackers or fraudsters. In many such cases, the phone screen may suddenly go black and become unresponsive.
“At that point, there is very little the bank can do, because the transactions are being carried out using the genuine customer’s own password and OTP. Therefore, the responsibility ultimately lies with the user.’’
The best way to say that you found the home of your dreams is by finding it on Hitad.lk. We have listings for apartments for sale or rent in Sri Lanka, no matter what locale you're looking for! Whether you live in Colombo, Galle, Kandy, Matara, Jaffna and more - we've got them all!