Dodanduwa cyber fraud raid uncovers 55 foreign suspects, 152 phones and 22 computers, raising fears of a South Asian scam network.
The Dodanduwa cyber fraud raid has exposed what Sri Lankan authorities believe is a fast-evolving cross-border digital crime network involving Indian and regional operators.
A major police operation in southern Sri Lanka has brought renewed attention to the spread of organised cybercrime across South Asia. The raid in the coastal town of Dodanduwa led to the arrest of 55 foreign nationals, including 35 Indian nationals and 20 Nepalese citizens, according to Sri Lankan law enforcement officials in Galle.
Investigators say the suspects were operating from rented accommodation that had allegedly been converted into a coordinated digital fraud centre. The case has raised serious questions over how mobile, foreign-linked cybercrime groups may be using Sri Lanka as an operational base.
The discovery of 22 computers and 152 mobile phones inside the premises immediately suggested that the operation was not an ordinary isolated scam. Instead, authorities believe they may have uncovered a structured, industrial-scale cyber fraud setup designed for mass communication and financial deception.
The equipment found at the location indicates a system capable of running simultaneous outreach campaigns targeting victims across several countries. These campaigns may have used messaging apps, social media platforms, and phone-based scams to reach potential victims.
Sri Lankan investigators have not yet officially confirmed the exact nature of the alleged crimes. However, early assessments indicate that the operation may have involved phishing schemes, fake investment platforms, impersonation scams, and mobile-based social engineering fraud.
These methods have become increasingly common across South Asia, where the rapid expansion of digital banking has created both convenience and serious new vulnerabilities for ordinary users.
The arrests come at a time when cybercrime is rising sharply across the region, especially in India, where digital fraud has reached unprecedented levels. According to official data from India’s Ministry of Home Affairs, cybercrime complaints increased from around 2.6 lakh cases in 2021 to more than 24 lakh cases in 2025.
That nearly tenfold increase shows how quickly online financial fraud has expanded within just a few years.
Financial losses have grown at a similarly alarming pace. Over the past five years, Indians are estimated to have lost approximately ₹55,659 crore to cyber-enabled scams. In 2025 alone, losses were reported at around ₹22,495 crore, making cyber fraud one of the fastest-growing categories of financial crime in the country.
Authorities also note that some scam categories, including fake investment schemes, UPI fraud, and impersonation-based deception, are growing at annual rates exceeding 30 percent.
The Sri Lankan case shows that these trends are no longer limited by national borders. Cybercrime networks are increasingly operating as regional ecosystems, involving multiple nationalities, mobile teams, and shifting operational bases.
The presence of Indian and Nepalese suspects allegedly working together in Dodanduwa highlights the transnational nature of such operations. These networks often exploit enforcement gaps between neighbouring countries, making detection and prosecution more complicated.
Cybersecurity experts describe these networks as highly “industrialized.” Unlike earlier cybercriminal activity, which was often carried out by individuals or small groups, modern fraud operations increasingly resemble organised call centres.
They include specialised roles such as recruiters, technical operators, script writers, data handlers, and supervisors who coordinate communication strategies and monitor victims. The large number of devices recovered in Sri Lanka points toward this type of structured operation.
The seizure of 152 mobile phones is especially significant because it suggests the possible use of SIM farms and multi-account systems designed to scale fraudulent communication.
Together with the 22 computers, the setup points to possible backend infrastructure capable of managing victim databases, tracking financial flows, and automating messaging campaigns. Such systems are commonly associated with large-scale digital fraud networks operating across Asia.
The rise of these scams is closely linked to South Asia’s rapid digital transformation. The growth of mobile banking, instant payment systems, and online trading platforms has opened new opportunities for fraudsters.
Common scams now include fake investment platforms promising high returns, impersonation of bank officials, QR code payment frauds, and so-called “digital arrest” scams, where victims are pressured into transferring money under false legal threats.
A defining feature of these operations is their dependence on psychological manipulation rather than technical hacking. Victims are usually contacted through phone calls or messaging apps and pressured into revealing sensitive information such as one-time passwords or banking credentials.
In many cases, urgency, fear, and impersonation of authority are used to force quick financial decisions before victims have time to verify the claims.
The Sri Lankan raid also echoes the wider “Jamtara-style” cybercrime phenomenon in India. The term comes from Jamtara, a district in Jharkhand that became infamous for phone-based phishing scams.
Popularised internationally through the Netflix series “Jamtara – Sabka Number Ayega,” the model showed how small, coordinated groups could exploit banking users through deception and social engineering.
However, what began as a localised crime pattern has now evolved into a far more complex transnational system. Investigators increasingly report that similar fraud models are being replicated across borders, with mobile teams shifting locations frequently to avoid detection.
The Dodanduwa case suggests that such networks may now be embedding themselves in rented accommodation across the region, using anonymity and mobility to continue their operations.
Sri Lanka’s geography and tourism infrastructure may be unintentionally helping this trend. Coastal towns, with their transient populations and rental properties, can provide convenient cover for groups seeking short-term operational bases.
The raid in Dodanduwa raises concerns that such locations could be increasingly exploited for illegal digital activities targeting victims across multiple jurisdictions.
The involvement of Indian nationals in the case adds another layer of regional complexity. As cybercrime investigations expand, cooperation between South Asian law enforcement agencies is expected to become increasingly important.
The cross-border movement of suspects between India, Nepal, and Sri Lanka reflects a growing pattern of mobile cybercrime networks operating beyond the reach of any single national authority.
The financial stakes are enormous. With Indian losses alone exceeding ₹55,000 crore in recent years and similar upward trends reported across neighbouring countries, cyber fraud is emerging as a systemic regional threat.
Authorities warn that without coordinated enforcement and stronger digital safeguards, the scale of losses could continue to rise sharply.
As forensic experts begin analysing the seized devices, investigators hope to reconstruct communication networks, financial flows, and possible victim lists. Those findings could determine whether the Dodanduwa group was an isolated cell or part of a larger, more sophisticated cybercrime syndicate operating across South Asia.
