Cybercrime is expected to rise sharply in 2025 as criminals continue to exploit the rapid growth of digital communication, online trade, and electronic financial transactions. This warning comes from the Sri Lanka Computer Emergency Response Team (Sri Lanka CERT), which has observed a worrying increase in cyber-related incidents across the country.

According to Charuka Danunupola, Chief Information Security Engineer at Sri Lanka CERT, cybercriminals are now using highly sophisticated and deceptive techniques to gain the trust of internet users. These criminals target people through social media platforms, emails, SMS messages, and fraudulent websites, often pretending to be trusted institutions or individuals.

Sharp Rise in Cyber Complaints

Sri Lanka CERT has recorded a significant increase in cybercrime complaints over the past year. More than 12,650 incidents related to social media misuse and cybersecurity threats were reported in 2024 alone. This figure marks a notable rise compared to previous years and highlights how cyber threats are becoming more frequent and more complex.

Among the most common complaints were:

• Fake social media accounts

• Online financial fraud

• Phishing messages and scam links

• Unauthorized access to personal accounts

Cybercriminals frequently use fake profiles, impersonate banks or service providers, and send misleading messages to trick users into sharing sensitive information.

How Cybercriminals Exploit Trust

Mr. Danunupola explained that criminals take advantage of the trust people place in digital platforms. Many users believe that messages appearing to come from banks, online stores, or known contacts are genuine. Fraudsters use this trust to steal personal information, access bank accounts, or conduct illegal financial transactions.

One common tactic is sending alarming messages such as “Your account has been locked” or “Immediate verification required.” These messages often contain suspicious links that lead users to fake websites designed to steal login details.

Most Vulnerable Groups Identified

Sri Lanka CERT has identified certain groups as being more vulnerable to cyber scams:

• Young internet users, who may lack awareness of online risks

• Elderly individuals, who may not be familiar with modern digital threats

• First-time internet users, who may struggle to identify fraudulent activity

These groups are often targeted because they are less likely to recognize warning signs or verify suspicious messages.

Essential Steps to Stay Safe Online

To protect the public, Sri Lanka CERT has emphasized several key cybersecurity practices that everyone should follow:

• Never share sensitive information such as bank account numbers, passwords, OTPs, or CVV numbers via email, SMS, or social media

• Avoid clicking on suspicious links, especially those received from unknown sources

• Treat alarming messages with caution, particularly claims that your account has been locked or compromised

• Use strong, unique passwords for different accounts

• Enable two-factor authentication (2FA) wherever possible

• Install or update banking apps only through official platforms like the Play Store or App Store

• Remove malware and malicious applications from browsers and devices

These simple steps can significantly reduce the risk of falling victim to cybercrime.

National Cybersecurity Framework to Be Strengthened

Looking ahead, Mr. Danunupola stated that the Ministry of Information and Communication Technology, in collaboration with telecom service providers, banks, and financial institutions, is planning to strengthen Sri Lanka’s national cybersecurity framework.

New and more modern technological systems are expected to be introduced in 2026, aiming to:

• Improve detection of cyber threats

• Enhance protection for financial transactions

• Strengthen coordination between institutions

• Increase public awareness of cybersecurity risks

Sri Lanka CERT is also working closely with law enforcement agencies and service providers to ensure a more secure digital environment nationwide.

Reporting Cybercrime: Act Fast

The public is strongly encouraged to report cybercrime incidents immediately. Early reporting helps authorities respond quickly and prevent further damage.

Cyber incidents can be reported to Sri Lanka CERT through:

• Hotline: 101

• Email: report@cert.gov.lk

Prompt reporting can also help protect others from falling victim to similar scams.

A Final Message to Internet Users

Sri Lanka CERT reminds the public that the internet itself is not dangerous. However, careless behavior and lack of awareness can make users vulnerable to cybercriminals.

By staying informed, being cautious, and following basic cybersecurity practices, individuals can safely enjoy the benefits of the digital world while minimizing risks.

As cybercrime continues to evolve, smart and responsible internet use will remain the strongest defense.