Sri Lanka Post has issued a public warning about an active phishing scam targeting members of the public through fake websites designed to impersonate the official Postal Department.
The scam follows a pattern that has become increasingly common across the region. Victims receive SMS messages claiming that a fee must be paid before a parcel can be delivered. The message includes a link directing them to a fraudulent website that closely mimics Sri Lanka Post’s official online presence. Once on the fake site, users are prompted to enter their debit or credit card details, after which their bank accounts are accessed and funds are withdrawn.
The Postal Department confirmed that multiple complaints have been received and that there has been a recent surge in such incidents. The matter has been referred to the Criminal Investigation Department and other relevant authorities.
The warning comes at a time when digital payment adoption is accelerating across Sri Lanka, creating a larger pool of potential victims who are increasingly comfortable entering card details online but may not always scrutinise the legitimacy of the site they are on. Phishing scams of this nature exploit that comfort, using urgency and the credibility of a trusted institution like Sri Lanka Post to bypass scepticism.
The public is being urged not to click on links received via SMS from unknown numbers, and under no circumstances to share bank card details or one-time passwords with any source that cannot be independently verified. If a parcel delivery notification seems unexpected or the link looks unfamiliar, the advice is straightforward: go directly to the official Sri Lanka Post website by typing the address manually, rather than following any link.
Anyone who has already clicked on a suspicious link or shared card details should contact their bank immediately to block the relevant cards and dispute any unauthorised transactions.
