Cyber Alert: Sri Lanka CERT Warns of Sophisticated Credit Card and “Fake Police” Scams
By Lions Roar Aotearoa Cyber-Security Desk
COLOMBO, SRI LANKA (Saturday, January 31, 2026) — Sri Lanka CERT | CC (Computer Emergency Readiness Team) has issued an urgent public warning regarding a surge in sophisticated financial scams. Fraudsters are reportedly using SMS, WhatsApp, and Viber to siphon hundreds of thousands of rupees from unsuspecting victims by threatening them with credit card suspensions and legal action.
According to Sri Lanka CERT, these criminals are employing two primary psychological tactics: fear of financial loss and intimidation through impersonating law enforcement.
🚨 Method 1: The “Suspended Card” SMS Phishing
Victims receive text messages or online alerts claiming to be from well-known banks. The messages state that their credit card has been suspended due to “suspicious activity.”
- The Trap: The SMS contains a link to a fake website that looks exactly like a bank portal. Victims are told they have only 24 hours to enter their NIC (National Identity Card) number and personal details to reactivate the card.
- The Theft: Once the victim enters their data, the scammers access their actual bank account. They then call or message the victim to request the OTP (One-Time Password), which allows them to drain the account instantly.
🎭 Method 2: The “Police Officer” WhatsApp Video Call
In a more terrifying evolution of cybercrime, scammers are now using video calls to impersonate high-ranking police officials.
- The Performance: A scammer wearing a police uniform appears on a WhatsApp video call, identifying himself as an Assistant Superintendent of Police (ASP).
- The Allegation: He claims that a criminal in custody has used the victim’s identity to obtain multiple credit cards and commit millions in fraud.
- The Extortion: To “clear their name” and avoid immediate arrest, victims are pressured into sharing bank details or transferring “security deposits” worth hundreds of thousands of rupees.
🛡️ How to Protect Yourself (CERT Guidelines)
Sri Lanka CERT advises the public to follow these strict protocols:
- Never Click Unknown Links: Banks in Sri Lanka will never ask for your password, PIN, or sensitive data via a link in an SMS.
- Verify via Official Channels: If you receive a suspension alert, ignore the link. Instead, call your bank’s official hotline found on the back of your physical card.
- Protect Your OTP: Never share your OTP with anyone, even if they claim to be a police officer or a bank manager.
- Stay Calm: Scammers rely on panic. Official police investigations are not conducted via WhatsApp video calls demanding money.
