Sri Lanka Banks’ Association, LankaPay, and FinCSIRT have issued a joint warning alerting the public to a surge in financial fraud incidents, both locally and globally. These scams often appear as enticing online offers that trick users into clicking on malicious links or downloading harmful apps and files. Such actions grant cybercriminals complete control over the user’s mobile device, enabling them to access and steal from bank and payment app accounts linked to the device.
The authorities have noted that these scams are predominantly spread through social media platforms, websites, and online messaging platforms. They emphasize that the vulnerabilities exploited by fraudsters are related to user behavior rather than any inherent security flaws in the banking or payment apps themselves, which continue to meet international security standards.
In light of these findings, the Sri Lanka Banks’ Association, LankaPay, and FinCSIRT are urging the public to exercise increased vigilance. By being more cautious and aware of the sources of online offers and downloads, users can protect themselves from falling victim to these sophisticated mobile device scams.
To prevent falling victim to such scams, the public is advised to exercise caution and follow these guidelines:
• Beware of online advertisements offering unrealistic deals.
• Avoid clicking on links and downloading apps or files from unknown sources.
• Exit from unknown and unfamiliar groups on social media platforms or online messaging platforms to which your are added without consent.
• Avoid clicking on links shared via such groups.
• Refrain from saving passwords on your device.
• Download apps only from official app stores like the Apple App Store, Google Play Store etc
• Use biometric authentication (e.g., fingerprint, facial recognition) to access bank/payment apps where available.
• Regularly review app permissions and remove any excessive permissions granted to installed apps.
• Install a reputable antivirus app from official app stores and keep it updated to detect and remove viruses and malware.
• Be cautious of messages prompting you to disclose personal or financial information by clicking on links.
• Immediately disable your mobile data/WiFi or switch to airplane mode if you notice unusual behavior on your device.
• Pay attention to security warnings issued by FinCSIRT, banks and financial institutions and follow their recommended precautions.
