Last updated on June 16, 2023

Names and places mentioned herein are hypothetical.

Lasitha was a school teacher and did private tuition classes. One day when he was at a tuition class he kept his phone switched off. As soon as the class was over, Laistha was very fuzzy about some messages he got from Bank of XYZ. That is the bank his all accounts are created.

: I didn’t do any transaction, but why am I getting these messages from the bank 💭

He got one message from the bank mentioning an OTP (One Time Password) and another message saying LKR 25,000 was transferred to an unknown account with a name he has never heard of.

After some time, Lasitha received a message on Messenger from an unknown person and the message had no clear content. This person had the same name as the unknown account holder to whom his money was transferred to.

Meantime Lasitha was receiving calls from his friends.

Friend 1 : Hey bro , give me some time to transfer money you asked for

Lasitha : What, I didn’t ask for any money 😳
Friend 1 :But you sent me a message on messenger

Lasitha: Message 😵😵😵

Lasitha quickly checked his sent messages and noticed that a lot of messages has been sent to his friends asking for money for an urgent matter.

Friend2: Hi Lasitha, I transferred some money to your account

Lasitha: Oh no 🤕 I’m not aware of this, I’ll explain later

Lasitha quickly blocked his bank account. He was a bit aware of these technological matters. So he slowly started to think about this and also called one of his friends working at Hithawathi.

Lasitha realized that his email has been hacked and the hacker has been very smart to get his online bank details from cookies saved in the browser. Further he has also got through to his Facebook account and Messenger. The hacker has sent messages asking for money from his friends.

After logging to the Bank of XYZ portal, He has transferred money to his (hackers’) account and Lasitha has been usually getting OTP to both his email and phone.

As a result of this, Lasitha lost all money in his account and Hithawathi advised him to be cautious in future with the below precaution tips.

Precaution tips:

  • Logout from all accounts when you leave your device, specially if it is not your own device or shared device.
  • Clear saved passwords in cookies, browsers. If not it is easier for third parties to access your login credentials if the credentials are saved in a web browser
  • Enable two factor authentication (2FA) in email and social media accounts such as Facebook
  • Cyber-criminal complaints that are clearly mentioned with relevant evidence (correct links, screenshots, etc.) can be handed over to the CID, or sent to “The Director, Criminal Investigation Department, Colombo 01” by registered post. Additionally, you have the option of emailing the same via