Subscribe to our WhatsApp Channel
Following crackdowns on cyber fraud operations across Southeast Asia, displaced international criminal syndicates have turned to Sri Lanka, establishing a growing pattern of fraud targeting both Sri Lankans and foreign victims. Official reports confirm that more than 1,000 foreign nationals were arrested for Sri Lanka-linked cyber fraud in just the first five months of 2026, most of them Chinese, Vietnamese, and Indian nationals who entered on tourist visas before launching organised scam operations. Further information is available here, here, and here.
Before this shift, organised criminal gangs had built large-scale online fraud operations across Cambodia, Myanmar, and Laos, run on the forced labour of trafficked individuals held inside guarded compounds. The Asia Foundation and United Nations agencies estimate at least 300,000 people are held in these compounds, with the scams defrauding victims of roughly USD 40 billion a year. Asia Foundation / Lowy Institute.
Since mid-2025, the situation has worsened. Cambodia has carried out raids and deportations targeting these networks. On 29 January 2026, China executed 11 people, including leaders of cyber fraud networks linked to scam operations in Myanmar’s Kokang region. Yet despite this enforcement, the networks show no sign of collapsing. As international media has reported, they simply scatter and regroup elsewhere. Further information is available here and here.
Why Sri Lanka Has Become a Target
Several factors have made Sri Lanka attractive to these networks. Citizens of more than 40 countries, including China and India, receive free 30-day tourist visas extendable on arrival, and Sri Lanka Police confirm that every cyber fraudster arrested this year entered on a tourist visa.
Weak regulation of SIM cards and internet connections allows these operations to run from hotel rooms or rented apartments. Lax online gambling laws and informal money transfer systems known locally as “Undiyal,” which move cash and crypto without bank records, add to the appeal. Critically, Sri Lanka’s limited capacity to prosecute such networks has made the country an attractive base.
These networks operate from within Sri Lanka, targeting both foreign victims and Sri Lankans directly, reaching local emails and phone numbers via WhatsApp, Facebook, and Telegram. Additional information is available here, here, and here.
Major Raids of 2026
| Date | Location | Arrested | Nationalities |
|---|---|---|---|
| March 2026 | Single scam center | 135 | Chinese |
| March 2026 | Anuradhapura (North Central) | 134 | Predominantly Chinese |
| April 2026 | Chilo Hotel (Northwestern) | 150+ | Majority Chinese |
| April 2026 | Colombo Airport | 9 | Chinese |
| 11 May 2026 | Midigama, Hikkaduwa, Galle | 198 | Indian 173, Nepali 25 |
| May 2026 | Galle & Matara | 221 | Indian 192, Nepali 29 |
| May 2026 | Colombo & surrounds | 280 | Various |
| June 2026 | Colombo | 19 | Chinese 18, Laotian 1 |
Official data confirms more than 1,000 arrests in connection with cyber fraud networks operating in Sri Lanka in just the first five months of 2026. Further information is available here, here, and here.
How These Operations Actually Work
How these fraudsters operate in Sri Lanka differs from Cambodia and Myanmar. Reports indicate they work in small groups of around five to ten people, rotating between hotels, residences, and offices every few months, which makes them significantly harder to track and apprehend.
During a June raid in Colombo, officers seized 62 Chinese passports, phones, laptops, pen drives, a document forgery stamp, fake US Treasury letters, a fraudulent US company registration, and a certificate claiming the fake company was worth USD 10 billion. Sri Lanka Police confirmed a Chinese organisation was behind the operation, which targeted Americans by soliciting investment in the fictitious US company. Further information is available here, here, and here.
The Main Types of Fraud and How They Operate
These networks run multiple fraud types simultaneously, not just one.
Investment and crypto fraud, including deepfakes:
This is their primary method. Operators build fake trading platforms and convince people to invest by promising extraordinary returns, through AI-generated content. To lure victims, they create deepfake videos of trusted public figures including President Anura Kumara Dissanayake, Prime Minister Harini Amarasuriya, Kumar Sangakkara, and Otara Gunawardena, falsely portraying them as endorsing these investment schemes.
Romance scams and “pig butchering” fraud:
Operators build romantic or friendly relationships via dating apps, WhatsApp, or social media, then once trust is established, direct the victim to a fake investment platform. Reports identify this as one of the primary methods used by these networks. Because the victim has already developed trust with the scammer, they are significantly more vulnerable to being deceived. Additional information is available here, here, and here.
Job recruitment fraud and human trafficking:
Fake job advertisements promising high-paying IT, call centers, or overseas positions are used to lure victims. More evidence is available here.
Business email compromise (BEC) fraud:
Not every scam targets individuals. Between December 2025 and late January 2026, hackers breached the email and payment systems of Sri Lanka’s Ministry of Finance Foreign Resources Department, diverting USD 2.5 million from a debt repayment due to Australia. Investigators are still determining whether this was conducted by domestic or external actors. Detailed information is available here and here.
Fake traffic fines and government payment fraud:
This is a widespread local scam affecting many Sri Lankans. In May 2026, Sri Lanka Police and Sri Lanka CERT warned of SMS and WhatsApp messages falsely claiming a CCTV camera had captured a traffic violation, prompting recipients to click a link to pay a fine. The link leads to a fake page mimicking the government’s GovPay platform, harvesting bank card details, OTP codes, and national ID information. Additional material is available here.
Phishing and impersonation fraud:
These scams target sensitive information rather than immediate cash transfers. In January 2026, Sri Lanka Police identified nine common online financial fraud types, including phishing links via SMS, email, and WhatsApp; fake bank promotions; QR code scams; caller ID spoofing; fake commercial websites; and impersonation of senior officials up to the President and Prime Minister. The goal is to harvest national ID numbers, bank card details, OTPs, and PINs.
Also Read: A Fraudulent Scheme Using Fake Documents and Promising Low-Cost Housing? Find Out the Truth
Legal Action on These Cases
Sri Lanka’s Cybercrime Unit is investigating these cases, with Police, the Department of Immigration and Emigration, and the Central Bank working jointly. Experts identify a critical legal gap, though: enforcement is ending in deportation rather than prosecution, letting perpetrators escape without facing trial. Additional information is available here, here, and here.
How to Identify and Protect Yourself from These Scams
These fraudsters consistently use several tactics across their scam methods.
Warning Signs to Watch For
• Urgency: “Invest now, offer ends tonight” or similar pressure to act immediately.
• Unsolicited friend requests: via WhatsApp, Telegram, or Facebook, often framed as “a friend of a friend.”
• Unverifiable payment requests: requests to pay into accounts you cannot independently verify.
• Borrowed credibility: videos or images of celebrities used to build trust in an investment scheme.
• Requests for sensitive data: OTPs, PINs, passwords, card numbers, or national ID numbers.
• Suspicious links: links asking you to pay fines, claim prizes, or update account details.
What to Do
• Never share OTPs, PINs, passwords, card details, or national ID numbers with anyone, for any reason.
• Verify independently: search the company name, confirm any financial institution is Central Bank-registered, and type official website addresses (such as GovPay) directly into your browser rather than clicking links.
• Think carefully before investing. Legitimate institutions never guarantee fast returns.
• Report suspicious messages, advertisements, or videos to the Police Cybercrime Unit, and send screenshots to Fact Crescendo’s WhatsApp tipline 0771514696. We will investigate and publish a fact-check report.
Join us to learn more about our fact-check investigations.
Facebook | Twitter | Instagram | Google News | TikTok
Conclusion :
Cyber fraud networks pushed out of Southeast Asian countries have established themselves in Sri Lanka, with arrests rising sharply through 2026. These networks reach the public through investment fraud, romance scams, fake job offers, business email compromise, fake traffic fine phishing, and impersonation fraud.
Fact Crescendo Sri Lanka urges the public to stay updated with advisories from Sri Lanka Police, the Central Bank, and Sri Lanka CERT, and to verify independently before trusting any investment opportunity, job offer, or payment request that arrives unsolicited.
Title: How Cyber Fraud Networks Pushed Out of Southeast Asia Have Set Up Shop in Sri Lanka
Fact Check By: B.P. Hansani
Result: Insight
