Financial fraud through social media and online scams: Growing threat in Sri Lanka and globally

As financial services become increasingly digital, so do the methods employed by cyber criminals and fraudsters. In both global and Sri Lankan context, social media platforms and online channels have become breeding grounds for financial scams. These schemes exploit the public’s lack of awareness and in some cases, desperation during economic hardships. While the exact scale is difficult to gauge, the prevalence of such incidents in media paints a concerning picture. This has raised the need for financial institutions to step up their security measures and educate the public.

This article explores recent fraud incidents, the importance of user education, and how financial organisations can protect their customers while ensuring convenience and minimising service disruption.

Global trends – the rise of social media fraud

Globally, cybercriminals are exploiting the popularity of social media to launch sophisticated scams.

According to the US Federal Trade Commission, in 2023 alone, social media was linked to over $ 1.2 billion in fraud losses, nearly 20% of all reported scams in the country.

One significant trend is the rise of cryptocurrency scams. Fraudsters create fake profiles and use high-profile endorsements to lure individuals into investing, promising extraordinary returns. Once they receive the money, they vanish without a trace. Another common scam involves fake online marketplaces where criminals offer products at heavily discounted prices. Customers pay for these goods only to receive counterfeit items – or nothing at all.

Sri Lanka – economic hardships fuelling fraud

Sri Lanka is experiencing a surge in online fraud cases, particularly as citizens face economic instability. Fraudsters exploit these circumstances, offering fraudulent loans, fake investment schemes, and even false job opportunities via social media and messaging apps. The Central Bank of Sri Lanka (CBSL) has reported multiple incidents where scammers impersonate legitimate financial institutions, tricking individuals into divulging sensitive information such as banking details and passwords.

A notable example is the rise of social media investment scams, where fraudsters impersonate friends or acquaintances to lure users into fake investment opportunities. These scammers gain victims’ trust by pretending to be a friend and making a lucrative offer. They then persuade users to invest money in fake projects, often promising high returns and rewards. In some cases, these criminals entice victims to gain access to their sensitive information like the One Time Password (OTP) from victims’ online banking app, supposedly to “verify” the transaction. Once they obtain this information, they gain access to the user’s bank account and withdraw funds. In other cases, they go further by planning a second email address on the victim’s contact list. This enables the fraudsters to continue their criminal activities gaining the trust of other people within the victim’s network.

These incidents highlight the urgent need for increased public awareness to help people recognise and avoid such deceptive schemes.

Digitisation and the push for online services

The drive towards digitisation is reshaping the global financial industry, and Sri Lanka is no exception.

As institutions aim to optimise resources and reduce operational costs, promoting online banking services has become a priority. This shift minimises branch visits, providing convenience for customers and allowing these institutes to better manage their resources. However, for this strategy to succeed, they must also ensure that users are educated about secure use of these digital services.

Public awareness – the first line of defence

Educating the public is essential in the fight against financial fraud. The more informed people are, the less likely they are to fall victim to scams that often prey on a lack of understanding of cybersecurity. The CBSL and other regulatory bodies must make an active role in educating citizens about the risks associated with online banking and social media interactions.

To be effective, awareness campaigns should cover:

nRecognising phishing attempts (a fraudulent message designed to trick recipients into revealing sensitive information) and fake websites.

nUnderstanding the dangers of sharing personal information on social media.

nSpotting fraudulent investment schemes and avoiding get-rich-quick traps.

Awareness initiatives can be disseminated through workshops, public service announcements, and social media campaigns. Schools and universities can also play a role by incorporating cybersecurity education into their curricula, ensuring that the next generation is equipped to navigate digital platforms securely.

Balancing security and convenience for customers

While educating users is important, financial institutions must also strengthen their own defences.

However, they face the challenge of implementing these security measures without compromising customer convenience. Striking the right balance is essential.

1.Multi-Factor Authentication (MFA)

Many financial institutions have introduced MFA to enhance security. This includes using biometric scans, one-time passwords (OTPs) or email confirmations to validate transactions.

While effective, it is essential to ensure that these methods are easy to use and don’t frustrate customers.

2.Real-time monitoring systems

Banks worldwide are investing in artificial intelligence (AI) and machine learning technologies to detect suspicious activities in real time. These systems flag unusual behaviour, such as unauthorised login attempts or sudden large transactions, alerting customers and preventing fraud before it escalates. This proactive approach helps keep customer inconvenience to a minimum while maintaining a high level of security.

3. User-friendly digital banking platforms

As digital banking becomes more widespread, institutions must design platforms that prioritise both security and usability. Encryption protocols, intuitive interfaces, and user-friendly MFA options can enhance customer experience while ensuring their safety.

Moreover, platforms should be secure by design, incorporating security from the very beginning to minimise vulnerabilities and protect user data.

Bridging the gap – strategies for secure financial ecosystem

While technical controls are essential for protecting digital systems, user awareness is just as important and should not be overlooked. Security policies, laws and regulations provide the framework for addressing cybercrime, but they are only effective if individuals understand how to recognise and respond to threats. In Sri Lanka, despite having sufficient laws and regulations to act against cybercriminals, many victims are unaware of how to report incidents or the necessary steps to take when they become a target. 

This gap in awareness means that even the most secure systems can be compromised if users are not equipped with the right knowledge to protect themselves and respond appropriately. Therefore, comprehensive cybersecurity awareness programs are vital to complement technical controls ensuring individuals know how to identify suspicious activity, avoid scams, and access the appropriate channels for reporting incidents.

1. Training customers on digital services

Financial institutions must go beyond teaching clients how to use their apps and platforms.

They should emphasise cybersecurity awareness, such as recognising fraudulent links and protecting personal information. Educating customers on what steps to take if they suspect their accounts have been compromised is equally important.

2. Transparent communication

Building trust through transparent communication is essential. Financial institutions should clearly explain their security measures and how they protect customer information followed by a breach or an incident. Providing prompt and accessible support for any security or technical issues further strengthens this trust, encouraging customers to embrace digital banking confidently.

3. Awareness campaigns during economic hardships

Raising public awareness about prevalent scams and providing individuals with tools to recognise early warning signs is essential in combating cybercrime. Economic downturns are prime times for scammers to prey on vulnerable populations. Financial institutions must run targeted campaigns to educate people about common scams and how to avoid them. A coordinated effort between government bodies, financial institutions, and non-profit organisations can drive impactful educational campaigns across digital, social and traditional media channels to maximise their reach and effectiveness.

Authorities and financial institutions – shared responsibility

Combating online financial fraud requires collaboration between authorities and financial institutions. Regulatory bodies like the CBSL need to set strict guidelines and closely monitor compliance to ensure a secure financial ecosystem. Close collaboration between law enforcement agencies, financial institutions and cybersecurity authorities like SL CERT is essential for timely threat detection, efficient investigation and sharing of intelligence. These partnerships enable stronger defence and faster responses to emerging threats.

Furthermore, authorities must hold online platforms accountable for fraudulent activities. Social media companies and e-commerce sites must implement stricter monitoring measures to detect and remove scams promptly. Only through such cooperative measures can ensure a safe and secure digital environment.

Emerging threats and future challenges for Sri Lanka

Beyond current threats, new challenges are emerging. Cyber criminals increasingly exploit cognitive biases that influencing human decision making through social engineering, phishing and deepfakes to manipulate these biases. By preying on emotions and ingrained mental shortcuts, they make their scams appear more credible and harder to detect. Addressing these threats require proactive, adaptive strategies that anticipate future criminal techniques and integrate advanced technological solutions.

The Government can take pivotal steps in enhancing cybersecurity by:

1. Legislative action – Implementing stronger laws to not only punish cybercriminals but also hold online platforms accountable for fraudulent activities that occur on their networks.

2. International collaboration – To effectively combat online financial fraud, Sri Lanka must actively collaborate with other nations facing similar challenges. Sharing threat intelligence, research and other effective countermeasures are essential for a unified global front against online financial fraud across borders.

A call to action – building a secure digital future

It is inevitable that, financial fraud through social media and online channels is a growing concern that demands immediate attention. In Sri Lanka, economic hardships have only amplified the threat, making it essentials for both Government authorities and financial institutions to prioritise public education and awareness.

While technological advancements have improved convenience in banking, they also opened doors for cybercriminals. By implementing security measures that balances convenience, promoting safe digital practices and raising awareness through targeted campaigns, financial institutions can protect their customers while minimising service disruptions. Combating this growing threat requires a comprehensive approach that balances strong technical measures with widespread public awareness. Only through combined efforts we can mitigate these risks and foster a safer digital financial ecosystem in Sri Lanka and beyond.

It is time for individuals to stay vigilant, educate themselves on cybersecurity and for institutions to take proactive steps in protecting their customers.

(The writer is an accomplished cybersecurity professional with extensive experience in leading Governance, Risk and Compliance initiatives for diverse global clientele at Meta Defence Labs. She is a certified ISO 27001 Lead Auditor and Implementer, and holds an MBA from Cardiff Metropolitan University, UK. Nisa also contributes to SHe CISO Exec., a global platform fostering emotionally intelligent cybersecurity leaders. She is passionate about leveraging innovation and technology to drive meaningful impact in the cybersecurity industry. Connect with her on LinkedIn.)