Be Scam Proof campaign faces scrutiny as cyber heists, phishing attacks, and insider bank fraud raise questions over financial security.
The Be Scam Proof campaign launched by the Central Bank of Sri Lanka has drawn major attention, but recent financial scandals show that public awareness alone cannot hide deeper failures inside the country’s banking system.
The Central Bank recently produced a rap song under the theme “Be Scam Proof.” The song, titled “Money Money,” targets Generation Z and has gained significant attention in recent days.
Through the song, the Central Bank delivers advice in an attractive format on how the public can protect themselves from cyber scams, fake links, OTP theft, and pyramid schemes.
However, while the Central Bank is promoting “self-protection” through a trendy rap song, several recent incidents have exposed how Sri Lanka’s financial and banking system is buckling under serious cyber attacks and internal financial fraud.
The US$ 2.5 Million Cyber Heist
While public education campaigns continue, hackers reportedly breached the computer system of the Ministry of Finance, the country’s main financial administration institution.
A bilateral debt repayment scheduled for September 2025 to Australia was diverted by hackers to other accounts, causing a loss of around US$ 2.5 million.
The hackers carried out the heist by altering payment instructions sent through email during the debt repayment process.
Four years after the severe economic crisis of 2022 and Sri Lanka’s default on US$ 46 billion in external debt, such a breach in the country’s financial system raises serious national security concerns.
Commercial Bank’s 99-Account Phishing Trap
While the Central Bank song warns people about thieves using suspicious links, a large number of Commercial Bank customers have already fallen victim to an organized cyber attack.
A fake website resembling the real Commercial Bank website was created to steal confidential customer passwords and data, even as the Central Bank continues warning the public about OTP fraud.
Millions of rupees were stolen from the accounts of 99 customers through this attack.
A CID investigation is now underway following a complaint filed by Janindu Deshan Ranawaka de Costa, an executive officer in the bank’s digital banking division.
However, the incident has exposed the banking system’s technical weakness in regulating or quickly disabling fake websites.
Recently, our website published a special investigative article series titled “Financial Fraud: An ‘Internal Game’? The Crisis of Consumer Protection.”
Following those revelations, Commercial Bank issued a notice on its official Facebook page on April 24, 2026, claiming that the ‘Harideshaya’ website was publishing false and baseless information.
‘Harideshaya’ has now taken strong legal action against what it describes as a deliberate mudslinging campaign aimed at damaging the reputation of its editor and website.
The Internal Fraud at NDB Bank
Although the song warns the public to be cautious of external thieves, the National Development Bank incident proves that present systems are also failing to prevent large-scale fraud from inside the banking sector.
Rs. 29 million was fraudulently siphoned from the General Ledger account of NDB Bank.
One of the main suspects is a Deputy Manager attached to the bank’s Information Technology division.
Audits revealed that more than Rs. 10 million had been credited to his single account alone.
We are proud to state that ‘Harideshaya’ was the first to reveal information about this NDB Bank fraud to the public.
Can Songs Alone Protect the Banking System?
It is true that the Central Bank’s “Money Money” song delivers an important cybersecurity message in a way that may appeal to today’s youth.
But this investigation shows that Sri Lanka’s current financial crisis is not caused only by public ignorance.
The question is whether singing songs is what the Central Bank, as the regulator of the entire banking system and an institution carrying major national responsibility, should be doing at this moment.
The security systems, or firewalls, of the country’s highest financial institutions appear weak enough for hackers to penetrate.
At the same time, senior officers responsible for information technology security within banks are allegedly taking the lead in stealing public funds.
Money stolen from one bank can move through five other major banks without obstruction, escaping the country’s financial regulatory system.
Colombo Chief Magistrate Asanga Bodaragama made a strong statement in open court that directly challenged the entire banking sector.
“Banks must be extremely careful about public deposits. The lack of security for public funds is a serious problem, and especially at a time like this, preventing such fraudulent activities is the responsibility of all banks.”
While the Central Bank of Sri Lanka tells the public to “Be Scam Proof,” it must first strengthen the banking system under its control and ensure that state financial technology systems become “Cyber Attack Proof” and “Insider Fraud Proof.”
Just as the public must avoid clicking unknown links, authorities have a duty to guarantee that deposited money is protected, whether the threat comes from inside the bank or from the state financial system.
Otherwise, the “Money Money” song will remain just another entertainment product, enriching another advertising company favoured by some “big shot.”
