Threats You Can’t Ignore

What You Don’t Know Can Hurt You.

The internet isn’t dangerous because of code — it’s dangerous because of trust. Scammers today don’t need viruses or malware. They use emotion, timing, and confidence to make their victims click, pay, and believe.

Report a Threat Our Investigations

Seeing Through Digital Deception

At HackAware, we uncover the deception that hides in plain sight — fake investment pages, Telegram “jobs,” cloned brand accounts, and impersonators who look real enough to fool even the careful ones.

This isn’t about cybersecurity for corporations. It’s about protecting people. Every story, every report, and every warning here is built to help you see through manipulation before it’s too late.

Awareness Isn’t Fear — It’s Protection

Know the threat. Stop the attack.

Common Digital Threats

Fake Investments & Job Offers HIGH RISK

Promises of wealth, independence, or career growth

Across Telegram and social media, scammers build convincing “companies” that look legitimate — using stolen brand logos, fake dashboards, and even paid promotions. They invite people to “invest” in quick-profit platforms or pay small fees to secure dream jobs abroad. Victims see fake returns, testimonials, or screenshots designed to keep them depositing more. Once trust is built, access vanishes and the money is gone.

Red Flags:

  • “Guaranteed” or “time-limited” investment programs.
  • Requests to pay deposits, training, or account activation fees.
  • Unregistered entities pretending to be recognized global brands.

Protect Yourself:

  • Verify companies with Sri Lanka’s Registrar of Companies (ROC) before sending funds.
  • Avoid investing or job-hunting through WhatsApp or Telegram.
  • Report suspicious recruitment or trading platforms to HackAware.org for review.
Social Engineering & Impersonation Critical RISK

These scams don’t steal — they convince.

Social engineering attacks target trust instead of technology. Scammers copy official pages, mimic voices of authority, or clone familiar profiles to trick people into revealing information or making payments. They often use urgency, fear, or empathy to cloud judgment — pretending to be banks, delivery companies, or even friends in trouble. In Sri Lanka, this method is one of the fastest-growing online crimes.

Red Flags:

  • A “bank officer” insists your card will be blocked unless you verify details.
  • A “delivery service” demands a small reshipping payment.
  • A “friend” messages from a new number asking for quick help.

Protect Yourself:

  • Pause before responding; genuine institutions never rush you.
  • Verify requests using official numbers or websites.
  • Avoid forwarding messages or screenshots unless confirmed legitimate.
Identity Theft & KYC Abuse HIGH RISK

Your personal details can become someone else’s weapon.

Scammers collect identity documents — NICs, selfies, and phone numbers — under the guise of “KYC verification” or account activation. These details are later used to open fake financial accounts or launder money. Victims often discover the misuse months later, when bills, tax notices, or warnings arrive under their name. Digital identity theft is silent, but deeply damaging, and recovery can take years.

Red Flags:

  • Requests for ID uploads on unverified websites or forms.
  • SMS or Telegram messages claiming to need “account verification.”
  • Unexpected messages referencing your NIC or registered number.

Protect Yourself:

  • Never upload IDs or selfies unless you initiated the process.
  • Regularly monitor accounts for unusual activity.
  • If your ID was exposed, document evidence and alert financial institutions immediately.
Phishing & Account Takeovers HIGH RISK

One wrong click can hand over everything.

Phishing remains the most common entry point for digital compromise. Fraudulent emails, SMS messages, and cloned websites imitate banks, courier services, and even social platforms. Once users click and log in, their credentials are captured. The attacker then locks them out and exploits contacts to spread the scam further. It’s quick, quiet, and increasingly believable.

Red Flags:

  • Domain names that slightly misspell official ones.
  • “Security alerts” demanding instant verification.
  • OTP requests through links instead of official apps.

Protect Yourself:

  • Always navigate manually to official websites.
  • Enable two-factor authentication (2FA) across major accounts.
  • Change all passwords immediately if unexpected logouts occur.
Recovery Scams HIGH RISK

The cruelest scams target victims twice.

After people lose money, recovery scammers pretend to help them get it back. They pose as investigators, banks, or anti-fraud organizations — sometimes even using stolen police IDs. Their approach is always empathetic and professional: “We can recover your funds; we just need a small processing fee.” Once paid, they disappear, leaving victims deeper in loss and despair.

Red Flags:

  • Promises of guaranteed refunds or fast recovery.
  • Requests for service or unlocking fees.
  • Messages from unverified “law enforcement” profiles.

Protect Yourself:

  • Genuine authorities never charge to investigate a case.
  • Don’t trust anyone contacting you first after a scam.
  • Forward all suspicious messages or documents to HackAware.org before replying.
Data Misuse & Information Leaks HIGH RISK

Your data is valuable — and it’s everywhere.

Even if you haven’t been scammed, your information might already be circulating online. Data leaks from e-commerce sites, social media, and unsecured apps are collected and sold, enabling targeted scams. A simple resume upload or public profile update can expose details used to impersonate or harass you. Protecting data isn’t just technical — it’s behavioral.

Red Flags:

  • Calls or emails containing details you never shared publicly.
  • Accounts receiving spam tied to old registrations.
  • Fake social media pages using your photos or information.

Protect Yourself:

  • Limit what personal data you post online.
  • Use strong, unique passwords for every platform.
  • Check if your email or number appears in data-breach lists.
Fake E-Commerce & Delivery Scams HIGH RISK

That perfect online deal might never exist.

Fake online stores mimic real brands with stolen images, cloned product pages, and fabricated reviews. They appear across Facebook, Instagram, and TikTok, targeting young buyers seeking discounts. Payments are collected instantly — and the shop disappears or blocks the buyer. Some go further, delivering counterfeit or empty packages to appear legitimate before vanishing.

Red Flags:

  • Only online payments accepted (no cash on delivery).
  • Unrealistically low prices and limited contact info.
  • No verifiable physical address or customer support channel.

Protect Yourself:

  • Buy only from verified marketplaces or brand-owned websites.
  • Search online for “reviews” or “scam” alongside the store name.
  • Keep screenshots and receipts to assist complaint filing.

Think You’ve Found a Scam?

Your evidence — a screenshot, chat, or payment receipt — can help protect someone else from falling victim. You can stay anonymous. Every report matters.

Report a Threat

The Anatomy of a Scam

The Hook

A believable offer, message, or ad designed to catch attention.

The Trust

Fake proofs, references or testimonials to build credibility.

The Transaction

Payment, credentials or data handover that benefits the scammer.

The Vanish

Deleted chats, blocked accounts and fake support when you realize.

They study behavior, not technology — that’s what makes them effective.

Awareness Is the First Line of Defense

HackAware was built to make deception visible — for everyone. Use what you learn here. Share it. Teach it.

Explore Defenses Report a Threat