Live Sri Lanka’s news, updated around the clock FB X YT
Latest PoliticsGeneralCrimeBusinessTechnologySportsHealthWeatherTravelDevelopmentLawSecurityEducationEntertainmentSinhalaTamil
General

Inside Sri Lanka's Cybersecurity Crisis: Victims Hacked, Scammed and Left Without Help

07 Jul 2026 By Lankanewspapers.com Local
Inside Sri Lanka's Cybersecurity Crisis: Victims Hacked, Scammed and Left Without Help

A Growing Digital Threat With Few Answers

Across Sri Lanka, a quiet but devastating crisis is unfolding in the digital space. Ordinary citizens — from young professionals to small business owners and retirees — are falling victim to sophisticated cyberattacks and online scams, only to find themselves with little recourse and even less support once the damage is done.

The Human Cost of Cybercrime

The stories emerging from victims paint a troubling picture. Bank accounts drained overnight. Social media profiles hijacked and used to defraud friends and family. Personal data stolen and weaponised. For many Sri Lankans who have experienced these attacks, the trauma is compounded by a frustrating lack of institutional response — leaving them feeling abandoned by the very systems meant to protect them.

Unlike physical crimes where a police station offers an immediate and familiar avenue for help, cybercrime victims often find themselves bounced between agencies, unsure of where to report, who is responsible, and whether any meaningful investigation will ever take place.

What the Landscape of Cyber Threats Looks Like

The range of threats facing Sri Lankan internet users is broad and constantly evolving. Among the most common forms of attack reported are:

  • Phishing scams targeting banking credentials through fake websites and fraudulent SMS messages
  • Social media account takeovers used to run scams on victims' contact lists
  • Investment fraud conducted through messaging platforms such as WhatsApp and Telegram
  • SIM-swap attacks that bypass two-factor authentication
  • Ransomware incidents targeting small businesses and organisations

With smartphone penetration rising rapidly and digital financial services expanding, the pool of potential victims continues to grow — while awareness of basic cybersecurity practices remains alarmingly low among large segments of the population.

Institutional Gaps and a Slow Response

Sri Lanka does have structures in place to deal with cybercrime. The Sri Lanka Computer Emergency Readiness Team, known as Sri Lanka CERT|CC, serves as the national body for coordinating responses to cyber incidents, and the Police have an established Cybercrime Division. However, critics argue that these institutions remain under-resourced, understaffed, and insufficiently equipped to handle the volume and complexity of cases being reported.

Victims frequently describe a disheartening process of reporting incidents only to receive little feedback on the progress of their cases. In many instances, the technical complexity of cybercrime means that investigations stall or fail to produce results, leaving perpetrators — many of whom operate from outside Sri Lanka — beyond the reach of local law enforcement.

For those targeted, the experience is not just a financial blow — it is a profound erosion of trust in digital systems and in the institutions responsible for safeguarding them.

The Need for Urgent Reform

Cybersecurity experts and digital rights advocates have repeatedly called on the government to treat online crime with the same urgency as conventional criminal threats. Key recommendations include greater investment in law enforcement capacity, public awareness campaigns, stronger collaboration with international cybercrime agencies, and clearer, more accessible reporting mechanisms for victims.

There is also growing consensus that Sri Lanka must modernise its legislative framework to keep pace with rapidly changing forms of digital crime. While the Computer Crimes Act of 2007 provides a foundational legal basis, many argue it is no longer adequate to address the sophisticated threats that have emerged in the years since its enactment.

What Victims Are Being Advised to Do

In the absence of a robust national response, individuals are largely being encouraged to take personal responsibility for their digital safety. Security professionals recommend the following precautionary steps:

  • Enable two-factor authentication on all accounts wherever possible
  • Avoid clicking on unsolicited links received via SMS, email, or messaging apps
  • Verify the authenticity of websites before entering personal or financial information
  • Regularly update passwords and avoid reusing them across multiple platforms
  • Report suspected cybercrime to Sri Lanka CERT|CC and the Police Cybercrime Division promptly

A Crisis That Demands Attention

As Sri Lanka continues its push toward greater digital inclusion and e-governance, the vulnerability of its citizens in cyberspace represents a serious and urgent challenge. Without meaningful investment in both the technical and human infrastructure needed to combat cybercrime, victims will continue to be left waiting — hacked, scammed, and without justice.

The time for incremental responses has passed. What is needed now is a coordinated, well-funded national strategy that places the safety of Sri Lanka's digital citizens at its centre.

Related Video

💬 Join the Discussion 3

See what readers are saying — and add your view.

D
Dilani Wickramasinghe 07 Jul 2026

my aunty lost 80,000 rupees to a fake job scam last month. goverment sleeping.

H
Hashini Madushani 07 Jul 2026

reported to cyber crimes unit twice, both times nothing happened. total waste of time.

S
Suresh Wijesinghe 07 Jul 2026

same experience here, they just take the complaint and thats it. no followup nothing.

Add to the conversation — you’ll sign in with Google to post. No links, text only.

Related Stories