Sri Lanka has launched a comprehensive investigation into a significant cyber fraud incident that resulted in the diversion of a government payment worth 2.5 million US dollars, as confirmed by the country’s Ministry of Finance. The cyber criminals managed to gain unauthorized access to the External Resources Department’s computer system via email and redirected the payment initially meant for an Australian creditor. Authorities, in collaboration with international partners, are actively tracing the funds and working to identify the perpetrators behind the fraudulent activity.
The fraudulent scheme was uncovered when Treasury officials noticed suspicious alterations to account details during a payment process related to India, prompting immediate attention and preventing a further illicit transaction. Treasury Secretary Harshana Suriyapperuma highlighted that prompt actions enabled the authorities to uncover the fraud without disrupting ongoing inquiries. An internal committee, comprising senior officials including two deputy treasury secretaries, has been established to propose additional measures, while disciplinary actions have been initiated against individuals accountable for procedural oversights.
Officials have informed the Australian government, creditor institutions, and stakeholders involved in Sri Lanka’s debt restructuring efforts about the incident. Despite this cyber fraud, debt experts have reassured that the country remains committed to fulfilling its sovereign obligations, as reported by Xinhua news agency. The Australian High Commission has affirmed its close coordination with Sri Lankan authorities and continuous support for the country’s endeavors towards debt sustainability.
Cyber fraud encompasses various criminal activities conducted by cyber attackers over the internet with the aim of illicitly obtaining and exploiting sensitive information of individuals or businesses for financial gain. These activities include phishing, Business Email Compromise (BEC), ransomware, and online shopping scams. Essential precautions involve using strong, unique passwords and activating multifactor authentication.
