Cybercrime Surges in Sri Lanka: Over 5,400 Cases Reported in 2025 | Sri Lankan Post News

Colombo, July 26 — Sri Lanka is facing a growing cybercrime crisis, with more than 5,400 incidents reported so far in 2025, according to the Sri Lanka Computer Emergency Readiness Team (SLCERT). The surge in digital crime reflects the increasing vulnerabilities in the country’s cyber landscape, particularly as internet usage and social media engagement reach new highs.

SLCERT reports that nearly 90% of cybercrime cases are linked to Facebook, followed by platforms like WhatsApp, Instagram, Snapchat, and TikTok. A rising number of incidents also involve the misuse of artificial intelligence (AI)—from deepfake videos to AI-generated phishing emails.

Common Cyber Threats on the Rise

The most frequently reported cybercrimes include:

• Malware attacks
• Data theft and phishing scams
• Online financial fraud
• Account hijackings and fake profiles

With over 7 million internet users in Sri Lanka, and nearly 90% of them active on social media, the risk of exploitation is rapidly expanding.

Recent trends reveal a sharp increase in WhatsApp hijackings, deepfake content used to harass or extort, and phishing techniques that trick users into giving up sensitive data. Fake emergency messages are also being used to manipulate public sentiment or gain unauthorized access to devices and accounts.

Government Institutions Targeted

Cybercriminals have not spared the public sector. In early 2025, several government websites, including those of the Sri Lanka Police and the Department of Government Printing, were disrupted by coordinated cyberattacks.

In a more alarming breach, the National Water Supply and Drainage Board’s (NWSDB) SMS gateway was hacked in June. Hackers sent ransom messages to users via the board’s official shortcode, demanding Bitcoin payments and exposing vulnerabilities in state-owned digital infrastructure.

In March, ransomware attacks hit multiple banks, resulting in the leak of 1.9 terabytes of sensitive data, including NIC images, transaction logs, and employee files—one of the most serious breaches to date.

The Human Cost of Cybercrime

Beyond technical intrusions, cybercrime in Sri Lanka is taking on a human trafficking dimension. Individuals are reportedly being lured abroad with fake job offers and forced into operating online scam networks under threat and coercion, often via encrypted messaging platforms.

Meanwhile, Telegram and WhatsApp account takeovers are becoming increasingly common. Scammers intercept one-time passwords (OTPs) and use social engineering tactics to gain control of users’ accounts.

CID: Two Main Online Scam Tactics

The Criminal Investigation Department (CID) has identified two primary schemes used in online financial frauds:

1. Fake investment and remote work scams – Victims are shown fake profits to build trust, then tricked into sending large sums of money. Scammers often demand “processing fees” or “tax payments” before disappearing.
2. Bogus remote job offers – Fraudsters use these offers to collect victims’ bank details, which are then used for money laundering or illegal fund transfers.

Warnings and Safety Measures

Police and cybersecurity experts are urging the public to remain vigilant. Key recommendations include:

• Avoid clicking suspicious links
• Never share banking details or OTPs
• Do not transfer money received from unknown sources
• Enable two-factor authentication on all accounts
• Keep privacy settings strict on social media platforms
• Verify unusual requests, even if they appear to come from trusted contacts

SLCERT emphasized that public awareness and personal responsibility are the first lines of defense against the rapidly evolving cyber threats in Sri Lanka.