Sri Lanka Banks' Association (SLBA), LankaPay and FinCSIRT Issuing a joint statement said that they have been alerted regarding several incidents of financial fraud, both globally and in Sri Lanka, disguised as attractive online offers, leading to mobile device users inadvertently clicking on unknown links and downloading malicious apps and files.
The statement further said: “This action grants scammers complete access to the mobile device, enabling them to control it remotely. Once the fraudsters take control of the mobile device, they have easy access to bank/payment apps that are installed on that device, leading to theft from bank accounts and payment cards accessed via the mobile device.”
To prevent falling victim to such scams, it was advised the public to exercise caution to beware of online advertisements offering unrealistic deals, avoid clicking on links and downloading apps or files from unknown sources, exiting from unknown and unfamiliar groups on social media platforms or online messaging platforms to which your are added without consent, avoiding clicking on links shared via such groups, refraining from saving passwords on your device.
The statement further stressed to download apps only from official app stores like the Apple App Store, Google Play Store etc while encouraging the use of biometric authentication (e.g., fingerprint, facial recognition) to access bank/payment apps where available.
Meanwhile, regularly reviewing the app permissions and removing any excessive permissions granted to installed apps and installing a reputable antivirus app from official app stores and keeping it updated to detect and remove viruses and malware.
It was also advised to be cautious of messages prompting you to disclose personal or financial information by clicking on links, immediately disabling your mobile data/WiFi or switch to airplane mode if you notice unusual behavior on your device and to pay attention to security warnings issued by FinCSIRT, banks and financial institutions and follow their recommended precautions.
“We wish to advise the general public to be more vigilant in order to avoid falling prey to such scams. These fraudsters use social media platforms, websites and online messaging platforms to carry out such fraudulent activities.”
The statement also said that it is important to note that these reported fraud cases are due to fraudsters gaining control of your mobile device and not due to any security vulnerability of banking/payment apps which are adhering to international security standards.