The Criminal Investigation Department (CID) has launched a comprehensive investigation into a massive cyber heist involving Commercial Bank, one of Sri Lanka’s premier private banks, where tens of millions of rupees were stolen from customers through a sophisticated fake website.
Taking the facts into consideration, Colombo Chief Magistrate Asanga Bodaragama has ordered the CID to conduct a thorough probe into the incident and to report the progress of the investigation to the court.
The Modus Operandi
According to the Computer Crimes Investigation Division of the CID, an organized group of cybercriminals created a fraudulent website (phishing site) that closely mirrored the official Commercial Bank portal. Unsuspecting customers who attempted to access online banking services through this fake site had their confidential login credentials subtly compromised. Using this stolen data, the perpetrators successfully drained tens of millions of rupees from 99 customer accounts.
The Money Trail
Investigations conducted by the Cyber Surveillance and Intelligence Unit of the CID revealed that the stolen funds were fraudulently transferred into accounts maintained across several other financial institutions in the country.
The funds were illicitly diverted to accounts in the following banks:
- Private Banks: Seylan Bank, Sampath Bank, Nations Trust Bank (NTB), and Pan Asia Bank.
- State Banks: People’s Bank.
The Complaint and Legal Action
The investigation was officially initiated following a formal complaint lodged by Mr. Janindu Deshan Ranawaka De Costa, an Executive Officer attached to the Digital Banking Division at the Commercial Bank Headquarters, and a resident of Athurugiriya. Following the complaint, the CID has actively begun operations to track down the suspects and trace the money laundering network.
Law enforcement authorities strongly urge the public to remain vigilant and to double-check the URL and security certificates of banking websites before entering any sensitive information or passwords.