Beware of fake lookalike websites replicating ComBank Digital!

Insight Social
Pavithra SandamaliLeave a Comment on Beware of fake lookalike websites replicating ComBank Digital!

Subscribe to our WhatsApp Channel

Scammers often pretend to be household brands, in the form of websites or apps, in their vicious acts of deceiving the unsuspecting consumer. In this regard, we recently came across a fraud targeting a well-known bank in Sri Lanka.

Social Media Posts:

A post was published saying, “CID is investigating another theft through Commercial Bank!”

Facebook | Archived Link Archived Link

Below are some other posts published on this theme.

As reported in these posts, we have taken steps to investigate whether fraud has occurred and whether the bank’s officials involved are being questioned as suspects because the digital system used to process financial transactions at Commercial Bank is insecure.

Explainer:

In late 2025 and early 2026, scammers created fake websites that resembled the “ComBank Digital” system.

The scammers were able to get the scam website, which replicated the original bank website login, to appear at the top when searching for “Commercial Bank login” on Google. The fake site was displayed as an advertisement above the real site, and SMS and WhatsApp messages saying “Your account has been suspended” or “Update information” were sent with fake links that led customers to the fake site.

As soon as you enter your user ID and password to access the website, the information ends up in the hands of fraudsters.

The fake site then asks you for a one-time password (OTP). When you enter it, the scammers immediately log into the real banking system and transfer the money from your account to other accounts.

However, a fake website carried out the scam; the fraud was not perpetrated by the Commercial Bank system.

Commercial Bank

The bank emphasises that its internal systems are secure and that this fraud occurred because customers unknowingly provided their confidential information to external parties.

However, some media outlets are continuously trying to portray the situation as a fraud committed by commercial banks, and it is stated that the Criminal Investigation Department is questioning bank officials regarding this fraud and is working to convince them that this fraud was committed within the bank.

The bank published the clarification below.

Facebook

As these scams were carried out by redirecting customers to malicious websites through fraudulent web advertisements posted on Google, the bank said it reduced the daily transaction limit to 100,000 as a precautionary measure. This reduction applied only to customers transacting via the Commercial Bank website and the ComBank Digital system and did not affect mobile application (App) transaction limits.

The bank also said it took steps to recover as much money as possible for customers who fell victim to these scams, informed the public, notified the Criminal Investigation Department and the Computer Emergency Response Team, and worked to remove the fake website.

They emphasised that customers should always check the official URL when accessing the ComBank Digital system and ensure they make transactions through the mobile app.

Criminal Investigation Department

The Computer Crimes Investigation Division of the Criminal Investigation Department (CID) is conducting an extensive investigation into the matter, based on complaints from consumers who have lost millions of rupees.

Information has emerged about several organised groups involved in this racket, and several suspects have been remanded in custody.

Our team also enquired with the Criminal Investigation Department about the above incidents, and a senior officer stated that this fraud had taken place through a fake website designed to resemble the official website of the Commercial Bank. The officer said the incident was not a fraud committed by hacking the bank’s official website. He added that further investigations are being conducted, that bank officials have not been questioned as suspects, and that the Criminal Investigation Department has not uncovered any evidence that this involves bank officials.

How do you protect yourself from these fraudulent websites?

Check the URL: always use only the official addresses https://www.combank.lk or https://www.combankdigital.com.

Use the Mobile App: It is safer to use the official ComBank Digital mobile application (App) than using websites.

OTP Confidentiality: Never provide your OTP number to anyone in a phone call or text message. Bank officials will never ask you for your OTP number or password.

Suspicious links: Avoid clicking on suspicious links received via SMS.

If you feel you have been scammed: Immediately call the Commercial Bank hotline at +94 11 2353353 and take steps to freeze your accounts. Then file a complaint with the nearest police station or CID.

These are common steps that customers transacting online at any bank can follow.

Sri Lanka Emergency Response Computer Forum

They stated that caution should be exercised during the festive season regarding fake bank pages that resemble official bank pages.

Facebook

Join us to learn about our fact-finding efforts

Facebook | Twitter | Instagram | Google News | TikTok

Result Stamp

Title: Is the CID investigating the ComBank Digital fake-website scam?

Fact Check By: Pavithra Sandamali

Result: Insight


Related Posts

Don’t Get Fooled by Pencil Packing Work-from-Home Opportunities for Nataraj Pencils! Find out the facts…

Fact Crescendo Team

Unrelated Videos and Images Being Spread about the Israel-Palestinian War

Kalana Krishantha

This is NOT an image of Ranil Wickremasinghe’s personal residence library, before being burnt down!

Kalana Krishantha

Leave a Reply

Your email address will not be published. Required fields are marked *