• US response pending on $ 625,000 misdirected in alleged email fraud
• Funds misdirected through email spoofing involving 3rd-party intermediary

Approximately $ 625,000 from the Department of Posts, intended for payment to the United States Postal Service (USPS), had allegedly been diverted through a coordinated phishing attack involving a third-party intermediary, according to Postmaster General Ruwan Sathkumara.

Cabinet Spokesperson Nalinda Jayatissa first revealed the matter during the weekly Cabinet media briefing on 28 April, hot on the heels of the controversial $ 2.5 million loss of a loan repayment to an Australian creditor by the Treasury, which is currently under scrutiny by the parliamentary oversight mechanism and law enforcement.  

Speaking to The Sunday Morning, Sathkumara revealed that the illicit transfers had occurred in three distinct phases over a two-year period.

“There is one instance involving around $ 900 that occurred in 2024,” he said, explaining that the perpetrators had then significantly escalated their operations the following year. 

“After that, a large amount, over $ 400,000, was sent in February 2025,” he noted, adding that nearly $ 190,000 had subsequently been sent in October 2025.

Although Sri Lanka has requested assistance, efforts to recover the stolen assets are now tied to international cooperation and diplomatic channels. 

Sri Lankan authorities are seeking assistance from the United States to secure the flagged funds and have requested more information; however, US authorities have yet to respond, the Postmaster General said on Friday (1).

“We will definitely need the support of the relevant country for that. That is why we are providing our statement to the Criminal Investigation Department (CID),” Sathkumara said. 

He noted that while contact had been initiated via embassy channels, a formal breakthrough was still pending. “We are trying to get confirmation from the USPS, but there has been no response from their side yet.”

Preliminary findings suggest that the breach had occurred within the communication channels used between Sri Lanka’s Department of Posts and its American counterpart. According to the Postmaster General, it is suspected that a malicious third party had successfully intervened in the digital correspondence, masquerading as an official entity to misdirect the financial transaction. 

Sathkumara explained that the fraud had been facilitated by a middleman who had managed to infiltrate the final stages of the communication process.

“It is suspected that it was a phishing-style incident involving a third party,” Sathkumara said. 

He further clarified the mechanics of the deception, noting that the communication had appeared legitimate to the staff involved.

“In this instance, much of this occurred because of communication with a third party via email. It was made to appear as though the communication was coming from the USPS. If it had been checked properly, this could have been avoided,” he added.

The financial impact involves two distinct payments. While one payment is currently under a hold status, the other is believed to have been successfully siphoned by the fraudsters. 

According to the Postmaster General, a sum of over $ 400,000 remains the subject of intense verification efforts. 

Significant discrepancies in the recipient data have raised alarms within the department, as the beneficiary name, account number, and bank listed were all different from the official USPS credentials. “Since there is such a suspicion, we are investigating further as to how it happened,” Sathkumara said. 

The CID has launched a comprehensive probe into the sophisticated cyber fraud that resulted in this loss. The investigation remains in its active stages as authorities work to record statements and trace the digital footprint of the perpetrators. 

Sathkumara noted that the sensitive nature of the ongoing inquiry prevented the full disclosure of all technical details at this stage. “CID officials are currently recording reports for the investigation, so it is difficult for me to provide many details at this moment,” he said.

In response to the breach, the Department of Posts is reviewing its internal financial protocols and communication systems. The Postmaster General emphasised the importance of adhering to the established circulars provided by the Universal Postal Union and the International Post Corporation (IPC). 

Moving forward, the department intends to implement more rigorous verification measures to ensure that all financial transfers follow secure, authorised routes rather than relying on email-based instructions. Sathkumara indicated that the department was discussing the adoption of a more secure system with relevant stakeholders to prevent the recurrence of such an incident.