Stolen Funds Can Be Recovered With International Police Assistance: Sri Lanka CERT

24-Apr-2026

.

Senior Information Security Engineer Charuka Damunupola of the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) said that investigations can be conducted with the assistance of international police agencies to recover approximately USD 2.5 million that was fraudulently diverted through a cyber breach from funds allocated by the Treasury for sovereign debt repayments.

He made these remarks at a media briefing held in Colombo on April 23.

He explained that the fraud was carried out through a “Business Email Compromise (BEC)” attack, where hackers illegally gain access to an organisation’s email account and impersonate senior officials or suppliers to execute fraudulent transfers.

He said that when urgent payment requests are received via email, it is essential not to confirm them through the same email thread. Instead, verification must be done through alternative means such as direct phone calls. He also urged vigilance over minor alterations in email addresses or domain names.

Since the funds may have been transferred across multiple countries, he noted that investigations cannot be limited to Sri Lanka alone. However, with the technical cooperation of international agencies such as Interpol and Europol, as well as foreign computer emergency response teams, there is potential to recover the funds.

He warned that fraudsters often create fake email accounts resembling those of senior officials or suppliers. He added that account holders bear responsibility for losses caused by sharing passwords or OTP codes.

He urged the public not to share personal data with individuals claiming to be bank officers, and to remain cautious of fraudulent messages about foreign job offers, gifts, or fake company logos. While online transactions are convenient, he stressed the importance of greater user awareness and cyber vigilance.