SriLankan Airlines on April 8, 2026, issued a public warning over an escalating fraud campaign targeting passengers, with scammers impersonating airline staff on WhatsApp and in unsolicited phone calls.
The national carrier said fraudsters typically contact victims under the guise of ticketing, promotion or customer service, and then instruct them to install mobile applications, share their device screens, or hand over one-time passwords (OTPs), banking PINs and credit card details.
“The airline does not contact customers via WhatsApp or make unsolicited calls for ticketing, promotions, or any other purpose,” the carrier said in its statement. It added that SriLankan will “never request confidential information, such as OTPs, banking PINs, credit card details” or ask customers to share screens or install applications.
Passengers were urged to disregard suspicious communications, report fraudulent contacts to authorities, and verify promotions only through the official website at srilankan.com or verified social media channels.
The warning lands during a high-risk travel booking period ahead of Sinhala and Tamil New Year on April 13-14, when scammers traditionally ramp up activity. It follows a similar Sri Lanka CERT warning about Avurudu-themed online scams and a separate Data Protection alert on impersonation calls issued earlier this week. Kaspersky also reported this week that Sri Lanka recorded nearly 15 million local malware incidents in 2025, underscoring the scale of the cybersecurity challenge facing consumers and institutions.
