Sri Lanka’s financial phishing cases spike in 2024: Kaspersky

• Stresses it is crucial for businesses to adopt a multi-layered approach to cybersecurity to protect sensitive data
• Sri Lanka has reported a significant number of phishing attacks aimed at B2B financial notifications, with 9,218 incidents detected in 2024
• Points out island nation remains vulnerable, with a significant number of businesses still at risk of falling victim to these cybercrimes

Sri Lanka is increasingly vulnerable to cyberattacks targeting businesses’ financial transactions, with 9,218 incidents of financial phishing detected in 2024 alone, according to the latest Kaspersky Security Bulletin. 

The figure highlights the growing sophistication of cybercriminals, who are targeting businesses with deceptive online tactics designed to steal sensitive financial information, it said.

Financial phishing attacks, which involve fraudulent notifications designed to impersonate legitimate financial institutions, have become a major concern for businesses worldwide. These attacks trick individuals and organisations into revealing critical credentials such as banking login details, credit card numbers and payment information. Cybercriminals use malicious links or attachments to lure victims into falling for their schemes, often causing severe financial and reputational damage.

Kaspersky Head of Sales for Asia Emerging Countries Sam Yan asserted that the financial phishing attacks in Sri Lanka are a clear signal that the cybercriminals are becoming more sophisticated. 

“As businesses digitise their financial transactions, they must recognise the risks associated with phishing and other cyber threats. It is crucial that they adopt a multi-layered approach to cybersecurity to protect sensitive data,” he said in a statement.

He called on the organisations across Sri Lanka to prioritise cybersecurity as a business imperative. 

Phishing attacks are among the most prevalent threats today and they can have far-reaching consequences, if not addressed. 

“Businesses should take immediate steps to implement effective anti-phishing technologies and ensure that their employees are well-trained to recognise and avoid such attacks,” added Yan.

Kaspersky’s report highlights that financial phishing, particularly in the business-to-business (B2B) sector, is on the rise. 

Sri Lanka has reported a significant number of phishing attacks aimed at B2B financial notifications, with 9,218 incidents detected in 2024. This places Sri Lanka in a critical position, urging the businesses to adopt stronger cybersecurity practices.

To counteract this growing threat, Kaspersky recommended the businesses and financial institutions in Sri Lanka to implement a series of proactive security measures: Deploy anti-phishing technologies to detect and block malicious communications in real-time. Invest in employee training to raise awareness about phishing tactics and how to spot suspicious activities. Implement multi-factor authentication to add an extra layer of protection to sensitive financial transactions.

The Kaspersky Security Bulletin further revealed that Sri Lanka has seen a significant increase in web-borne and local malware attacks. In 2024, Kaspersky products detected over 8.6 million web-based cyberthreats and 12.5 million local malware incidents on computers in Sri Lanka. This underscores the need for the businesses to adopt a comprehensive cybersecurity strategy that includes both proactive threat detection and incident response capabilities.

Sri Lanka’s position as a growing target for financial phishing attacks is not unique. According to Kaspersky’s global statistics, countries such as Belarus, Moldova and the Philippines top the list for the highest percentage of users attacked by web-borne threats. However, Sri Lanka remains vulnerable, with a significant number of businesses still at risk of falling victim to these cybercrimes.