Sri Lanka’s banking system is facing an alarming surge in cyber threats, prompting urgent warnings from multiple financial institutions. Customers across more than a dozen banks have been cautioned about sophisticated phishing campaigns aimed at stealing login credentials and emptying accounts within minutes. The scale and coordination of these attacks suggest a well-organized operation, raising serious concerns about the strength of the country’s digital banking defenses.
The method used by attackers is both simple and highly effective. Fraudsters create nearly identical replicas of official bank websites, often with only minor changes in the web address. Customers are then targeted through emails, text messages, or social media posts that urge immediate action, such as resetting passwords or verifying accounts. Once users enter their login details and one-time passwords (OTPs), hackers gain direct access to their accounts, enabling rapid transfers that are difficult to detect or reverse.
Banks such as Hatton National Bank, Standard Chartered Sri Lanka, DFCC Bank, Pan Asia Bank, and Sampath Bank have issued warnings urging customers to remain vigilant and use only official banking channels. While these alerts show awareness, they also highlight a largely reactive approach to cybersecurity rather than a proactive one.
This wave of cyberattacks comes at a time when Sri Lanka’s banking sector is already under pressure following internal fraud incidents, including those reported at NDB Bank. The combination of internal weaknesses and external cyber threats reveals a deeper systemic risk. Customers may begin to lose confidence in digital banking platforms, potentially affecting the sector’s stability.
Cybersecurity experts indicate that although local teams have taken steps to counter these attacks, the level of coordination suggests that attackers may be using advanced tools such as automated phishing systems and real-time credential interception. This raises serious doubts about whether current security systems are sufficient to handle evolving threats.
The situation calls for urgent action. Banks must strengthen their cybersecurity infrastructure, introduce multi-layered authentication systems, and invest in continuous monitoring and testing. Customer awareness campaigns are equally important, as human error remains a major vulnerability.
Ultimately, trust is the foundation of digital banking. Without decisive and immediate improvements, this growing wave of cybercrime could have long-term consequences for Sri Lanka’s financial system and economic stability.
By a special correspondent