Sri Lankan Airlines has alerted the public after noticing an increase in scams targeting travelers and customers. They claim that there have been several cases of people pretending to be airline staff via WhatsApp or through outbound calls, which are now causing some people to be ensnared in a digital trap at one of their trusted travel points—the internet. The airline published this warning on April 8, 2026, and has requested that anyone who is contacted unexpectantly (by someone claiming to be from Sri Lankan Airlines) use extreme caution before acting.
The scams appear to be very straightforward in nature, dropping off suspicious individuals who request to have you download mobile apps from the internet, share your screens with others, and/or request to receive sensitive personal information like one-time codes, bank account PINs, and your credit card information. “Sri Lankan Airlines never contacts customers through WhatsApp, nor do they call [your] phone [with] unsolicited requests for ticket purchases, promotions, and/or otherwise.” The company also wants to convey that if you were contacted under unacceptable circumstances requesting private information or to download and install an app from a random source, it would raise a “red flag” immediately.
Scammers use serious looks in the digital world to impersonate and deceive as one of the most effective methods of perpetrating frauds. According to the U.S. Federal Trade Commission, verification codes and one-time security passcodes were designed to create a layer of security for customer accounts, but the fraudster would try to pass them by tricking anyone they were able to convince to provide them their verification code and then use their passcode as a way to gain access to their victim’s individual account, even though those codes were meant to provide additional security for the victims’ accounts. According to the FTC, fraudsters also frequently impersonate reputable businesses to create a false feeling of urgency for their victims to get them to act in haste and make poor financial decisions.
While the cautionary notice from the airline is good advice and should be observed by everyone regardless of their travel status, it is important to know that with just one code or a shared screen session, a scammer could have access to much more than a confirmation number; they could have all the necessary information to gain access to their victim’s accounts, commit financial fraud, and potentially steal their identities. The FTC states that consumers should never provide the verification code to anyone else, and the Sri Lanka CERT has provided public education material stating that consumers should never provide OTPs, PINs or passwords to anyone else and should never download any applications or screen sharing software that appears to be suspicious.
Sri Lankan Airlines requests that any passenger or anyone using its carriers refrain from payment until verification of a website’s validity has been completed via the airline’s official site or other legitimate social media channels. This advice corresponds with Sri Lanka’s general guidelines for Internet security, which provide a means to report incidents of Internet crime (e.g., phishing, fake companies) by contacting CERT. On CERT’s public reporting page, you can get more valuable information about general Internet security incidents, such as calling hotline number 101 or sending an email to: incidents@cert.gov.lk; for Internet-related incidents involving social media, you may also report them to: report@cert.gov.lk.
The message for travelers is highly important: while someone may create an email, impersonate an airline’s logo, and use a friendly-sounding voice at the other end of the email, it is not sufficient to automatically trust someone with your business. Additionally, Sri Lankan Airlines wants to make it clear that the situation is not simply a scam; there are many ways for criminals to target the weakest link in various attacks using other individuals who have not taken proper precautions to safely use technology. Thus, we clearly state that travelers should remain vigilant while using any type of travel provider regardless of how the provider may appear to them.
