Multiple Sri Lankan banks issued simultaneous customer alerts on Friday warning of a coordinated phishing campaign in which hackers are directing customers to fake look-alike websites to steal login credentials and drain accounts, EconomyNext reported.
Hatton National Bank (HNB), Standard Chartered Sri Lanka, PanAsia Bank, DFCC and Sampath Bank all issued near-simultaneous alerts beginning Thursday. The fraudulent sites use domain names that closely resemble the banks’ official addresses.
“Please remain vigilant against fraudulent websites that may impersonate the official HNB corporate website,” HNB said. “Access HNB services only by typing www.hnb.lk directly into your browser or by using official HNB applications.”
Standard Chartered Sri Lanka warned customers via SMS to “beware of fraudulent websites impersonating sc.com/lk” and not to click on suspicious links or share personal banking details.
The attack mechanism described by the banks follows a credential-relay pattern: hackers send urgent emails prompting customers to change passwords, capture entered credentials on the fake site, then re-enter them on the legitimate bank website. The customer’s one-time password (OTP) sent to their phone is also relayed through the fake interface to the attacker, who then accesses the real account and transfers funds to a third-party account.
PanAsia Bank told customers to “always check the website address” before entering credentials and to use only https://online.pabcbank.com for online banking. DFCC warned that “scam sites often use misspelled or lookalike web addresses.” Sampath Bank advised customers to access Sampath Vishwa only via www.sampath.lk or its mobile app.
The coordinated alerts mark the third major cyber-incident affecting Sri Lankan institutions in a week, after the $2.5 million Treasury email-fraud breach tied to the Australian Export Finance Agency channel and the Public Administration Ministry website cyberattack flagged by SLCERT on Thursday.
