Sri Lanka
USA
Canada
India
UK
UAE
Sri Lanka is facing a dramatic rise in cybercrime in 2025, with over 5,400 incidents reported so far, according to the Sri Lanka Computer Emergency Readiness Team (SLCERT). The sharp increase highlights growing vulnerabilities in both personal and institutional cybersecurity across the country.
Social media platforms such as Facebook, WhatsApp, Instagram, Snapchat, and TikTok remain the primary channels for cyberattacks, with nearly 90% of cases linked to Facebook. Alarmingly, there is a growing trend in the misuse of artificial intelligence (AI) tools to facilitate online fraud, harassment, and data theft.
SLCERT reports that common threats include malware, phishing scams, account hijackings, financial fraud, and the spread of deepfake videos. With over 7 million internet users—most active on social media—the threat landscape continues to expand.
Several government agencies, including the Sri Lanka Police and the Department of Government Printing, have also fallen victim to cyberattacks. In a significant breach in June, the SMS gateway of the National Water Supply and Drainage Board (NWSDB) was hacked, sending out ransom messages via its official shortcode. March saw ransomware attacks on banks, leaking 1.9 terabytes of sensitive data including NICs and employee records.
Criminals are also targeting individuals with fake overseas job offers, luring them into human trafficking and forcing them into online scams from abroad.
The Criminal Investigation Department (CID) has identified two main online fraud methods: fake remote job offers used for money laundering, and investment scams where victims are tricked into transferring large amounts of money.
Authorities urge the public to avoid clicking suspicious links, never share OTPs or banking credentials, and enable two-factor authentication on all digital accounts.
