Kathmandu— In recent weeks, Nepal has witnessed a surge in sophisticated online scams targeting social media users, with cybercriminals employing new tactics to steal money directly from victims’ bank accounts. Multiple Nepali financial institutions, including Laxmi Sunrise Bank, have issued urgent warnings as these scams become more prevalent and costly for ordinary citizens.

How the Scam Works: A Step-by-Step Breakdown

According to cybersecurity experts and banking officials, the latest wave of scams follows a meticulously orchestrated pattern that exploits both digital trust and technical vulnerabilities. Here’s a step-by-step breakdown of how these scams unfold:

1. Deceptive Social Media Ads

The scam typically begins with enticing advertisements on popular platforms such as Facebook, TikTok, and Instagram. These ads promote attractive products or services at prices that seem too good to pass up, luring unsuspecting users to initiate contact.

2. Fake Order Process and Advance Payment

Once a user expresses interest, the scammer poses as a legitimate seller and requests an advance payment to “confirm” the order. After the payment is made, the scammer falsely claims that the transaction failed or the amount is “on hold,” creating a sense of urgency and confusion.

3. The WhatsApp Screen Sharing Trap

To “assist” the buyer in recovering their money, the scammer contacts the victim via WhatsApp and persuades them to share their mobile screen under the guise of technical support. This grants the scammer real-time visibility into the victim’s device, including sensitive information.

4. Accessing Mobile Banking Apps

During the screen-sharing session, the scammer instructs the victim to open their mobile banking or digital wallet app. This exposes account balances and other confidential details, making it easier for the scammer to initiate fraudulent transactions.

5. Stealing OTPs to Complete the Theft

The scammer then sends a payment request from the victim’s account to their own. To authorize this, they trick the victim into entering a One-Time Password (OTP), often by claiming it’s needed to “release” the held funds or reverse the transaction. Once the OTP is entered, the money is instantly transferred to the scammer’s account.

Real-Life Impact: Victims Lose Thousands, With Little Recourse

These scams have already led to significant financial losses across Nepal. Victims often realize what has happened only after their funds have vanished. Since OTPs are designed to authenticate and authorize transactions, banks have limited ability to reverse such payments once the OTP is used.

Recent police investigations have uncovered organized groups operating these scams, with some criminals stealing millions of rupees through platforms like eSewa and mobile banking apps. Even educated and tech-savvy individuals have fallen victim, highlighting the sophistication and psychological manipulation involved.

Why Are These Scams So Effective in Nepal?

Several factors contribute to the success of these scams:

• Widespread Use of Social Media: With millions of Nepalis active on social platforms, scammers have a vast pool of potential targets.

• Lack of Digital Literacy: Many users are unfamiliar with advanced digital security practices, making them vulnerable to manipulation.

• Limited Legal Protections: Nepal currently lacks specific laws targeting online scams, with existing legislation offering only partial coverage.

• Trust in Technology: The rise of mobile banking and digital wallets has outpaced public understanding of the associated risks.

What Are Banks and Authorities Doing?

Financial institutions such as Laxmi Sunrise Bank and Nepal Bank Limited have ramped up public awareness campaigns, emphasizing that they will never ask for OTPs, PINs, or passwords over the phone or online. They urge customers to remain vigilant and report any suspicious activity immediately.

The Cyber Bureau of Nepal Police has also issued repeated warnings about phishing, fake offers, and remote access scams, urging the public to avoid installing unknown apps or sharing screens with strangers.

How to Protect Yourself: Essential Tips for Nepali Internet Users

To combat the growing threat, experts and banks recommend the following precautions:

• Never Share OTPs, PINs, or Passwords: No legitimate bank or payment provider will ever ask for these details. If someone requests them, it is a scam.

• Avoid Screen Sharing with Strangers: Never share your screen on WhatsApp, Zoom, or any platform unless you know and trust the person completely. Screen sharing can expose all your sensitive information.

• Be Skeptical of Too-Good-To-Be-True Offers: Research sellers, check for authentic reviews, and insist on cash-on-delivery or trusted escrow services for online purchases.

• Understand How OTPs Work: OTPs are used to authorize outgoing payments, not to receive money. If someone asks for an OTP to “refund” or “release” money, it’s a red flag.

• Enable Two-Factor Authentication (2FA): Strengthen your account security by enabling 2FA on all banking and payment apps.

• Report Suspicious Activity Immediately: If you suspect fraud or see unauthorized transactions, contact your bank and the Nepal Police Cyber Bureau at 01-5319044 without delay.

What Should Victims Do?

If you fall victim to such a scam:

• Notify your bank or wallet provider immediately and request a transaction reversal. Quick action increases the chances of recovering lost funds.

• Report the incident to the Cyber Bureau of Nepal Police and provide all evidence, including chat logs and transaction records.

• Share your experience to warn others and help prevent further scams in the community.

The Road Ahead: Raising Awareness and Strengthening Protections

As Nepal’s digital economy grows, so too does the risk of cybercrime. While banks and law enforcement agencies are stepping up their efforts, the most effective defense remains public awareness and vigilance. By understanding how these scams work and adopting safe online practices, Nepali users can better protect themselves and their finances.

“The bank will never request sensitive information from customers, such as online banking passwords, OTPs, mobile/wallet passwords and PINs, or ATM card PIN/CVV. If you receive such a request, it is a scam.” — Nepal Bank Limited

Stay informed, stay alert, and help spread the word to keep Nepal’s digital community safe from online fraud.

Also Read: 

Man Arrested for Running Fake Facebook IDs to Scam Money