COLOMBO – The Sri Lanka Computer Emergency Readiness Team (CERT) issued a public alert on Tuesday (29) warning of a surge in fake messages being disseminated via social media and communication platforms, particularly WhatsApp. It said the deceptive messages are designed to fraudulently obtain personal and financial information by impersonating credible institutions, including banks, commercial organizations, and international bodies.

CERT noted that recent observations indicate cybercriminals are using social media platforms, fake websites, SMS, and even postal services to reach potential victims and that in many cases, the messages falsely promise donations, monetary rewards, high-value products, or services and request sensitive information, including One-Time Passwords (OTPs).

“By interacting with these fraudulent messages or clicking on embedded links, individuals risk exposing their personal data to criminal misuse, including financial fraud and identity theft,” Sri Lanka CERT warned, alerting users about the risks of sharing One-Time Passwords (OTPs) requested through WhatsApp, as this may unintentionally grant malicious intruders access to their accounts.

Such access, it said, can then be misused to solicit further support or sensitive information from contacts, adding that CERT has noted a concerning rise in these crimes and an increase in victims across the country.

It urged to exercise caution and verify any requests for OTPs or sensitive information, even if they seem to come from trusted sources.

Sri Lanka CERT urged the public to exercise caution when sharing personal information during online transactions and to question the necessity of data requests. It also advised verifying the authenticity of messages received on social media and communication networks by consulting official websites, contacting institutions directly, or checking through verified phone numbers before responding.

-ENCL