Courtesy The Daily Mirror

Cyberattacks are becoming an increasingly serious issue in Sri Lanka, with the number of computer crime complaints rising sharply in 2025. According to the Sri Lanka Computer Emergency Readiness Team (SLCERT), over 5,400 cybercrime incidents have been reported so far this year.

The majority of cases involve social media platforms such as Facebook, WhatsApp, Instagram, Snapchat, and TikTok, with nearly 90% linked to Facebook. A significant number also involve misuse of artificial intelligence (AI) tools.

Common cybercrimes reported include malware attacks, data theft, phishing scams, and online financial fraud. With over seven million internet users in Sri Lanka, of which about 90% are active on social media, the risk of online exploitation remains high.

Complaints in recent months point to a sharp rise in fake profiles, account hacking, and WhatsApp hijackings. The increasing use of AI-generated malware, phishing emails, and deepfake videos has introduced new risks, often used to harass individuals, extort victims, or manipulate public opinion.

Several government institutions have also been targeted. Earlier this year, cyberattacks disrupted websites belonging to key agencies, including the Department of Government Printing and the Sri Lanka Police.

In June, the SMS gateway of the National Water Supply and Drainage Board (NWSDB) was compromised. Customers received ransom messages demanding Bitcoin payments via the board’s official shortcode, raising serious concerns about public sector cybersecurity.

In March, multiple banks were affected by ransomware attacks that led to the leak of 1.9 terabytes of sensitive data. The stolen information included national identity card images, transaction histories, and employee records.

Meanwhile, there has been a surge in WhatsApp and Telegram account takeovers, many involving phishing techniques and intercepted one-time passwords (OTPs). Attackers have also used deepfake videos and fake emergency messages to trick victims into giving up account access.

Beyond technical threats, cybercrime is taking on a more human dimension. Increasingly, individuals are being lured overseas with fake job offers and trafficked into scam operations. Once abroad, they are forced to engage in online fraud through encrypted platforms, often under threats or coercion.

The Sri Lanka Police have also warned of a sharp increase in crimes committed through platforms such as Facebook, WhatsApp, Telegram, Skype, and WeChat. The Criminal Investigation Department (CID) has identified two main methods used in online financial frauds.

The first involves fake investment and work-from-home schemes. Victims are shown fake profits to gain trust, then tricked into sending large sums. Scammers later demand extra payments under false pretenses before vanishing.

The second method uses bogus remote job offers to collect bank account details, which are then used to launder stolen funds.

Police urge people to avoid clicking suspicious links, refrain from sharing banking information with strangers, and never transfer funds received from unknown sources to third-party accounts.

The SLCERT also advised users never share OTPs or passwords, verify requests—even from known contacts—enable two-factor authentication, and maintain strict privacy settings on social media accounts.