Police alert public to fake SriLankan Airlines scam targeting bank accounts

Sri Lanka Police have issued an urgent alert over a sophisticated online scam in which fraudsters are impersonating SriLankan Airlines to gain access to victims’ bank accounts.

According to authorities, scammers are reaching out to individuals via WhatsApp, falsely claiming to represent the airline. Victims are then persuaded to download a malicious mobile application designed to compromise their financial security.

Investigations reveal that targets are directed to install an app named “Sri Lankan.apk” from unofficial websites. Once downloaded, the application functions as a banking trojan, enabling cybercriminals to remotely control the device. This allows them to intercept One-Time Passwords (OTPs), bypass biometric protections such as fingerprint or facial recognition, and carry out unauthorized fund transfers.

SriLankan Airlines has clarified that it does not communicate with customers through WhatsApp for bookings or promotional offers, nor does it require users to install external applications.

Police are urging the public to exercise extreme caution by avoiding downloads from unknown sources and verifying all offers through official channels. Any suspicious activity should be reported immediately to the nearest police station or the Cyber Crimes Division.

Authorities continue to investigate the scam while warning that increased vigilance is essential to prevent financial losses.