Phishing Scams in Nepal: How to Spot and Stop Them

Phishing Scams in Nepal: How to Spot and Stop Them

⏱️ 7 min read

As digital adoption accelerates across Nepal, cybercriminals are increasingly targeting Nepali citizens with sophisticated phishing scams. These deceptive tactics trick people into revealing sensitive information like passwords, banking details, and personal data. This comprehensive guide will help you identify common phishing techniques in Nepal and provide practical steps to protect yourself and your loved ones.

Common Phishing Scams in Nepal

Banking and Financial Scams

Financial institutions are among the most impersonated entities in Nepali phishing attacks. Scammers create convincing copies of bank websites and communications to steal credentials.

How these scams work:

  • Fake emails claiming to be from Nepal Rastra Bank, NIC Asia, Global IME, or other major banks
  • SMS messages warning about “account suspension” or “unusual activity”
  • Requests to “verify” account details through fraudulent websites
  • Calls from scammers posing as bank representatives requesting OTP codes

🚨 Real Example: In 2023, thousands of NIC Asia customers received SMS messages claiming their mobile banking would be suspended unless they “updated” their information through a provided link. The fake site captured their credentials, enabling account takeovers.

Government Service Impersonation

Scammers exploit trust in government institutions by impersonating agencies like Nepal Telecom, Nepal Electricity Authority, or the Department of Immigration.

Common tactics include:

  • Fake bill payment notices with “discounts” for immediate payment
  • Fraudulent tax refund notifications requesting bank details
  • Counterfeit government websites asking for citizenship information
  • QR code scams disguised as government payment portals

🚨 Real Example: During COVID-19, scammers sent messages impersonating the Ministry of Health, claiming recipients were eligible for vaccination priority if they registered through a fake portal that harvested personal information.

Job and Employment Fraud

With many Nepalis seeking employment opportunities abroad, scammers have created elaborate phishing schemes targeting job seekers.

Warning signs include:

  • Too-good-to-be-true job offers requiring “registration fees”
  • Foreign employment scams requesting passport information
  • Fake job portals asking for extensive personal details
  • Fraudulent employment agencies requiring upfront payments

🚨 Real Example: A widespread scam in 2024 involved fake UK job offers sent via WhatsApp, where victims were asked to submit “visa processing fees” and passport information through a phishing site mimicking the UK embassy portal.

How to Spot Phishing Attempts

Check the URL Carefully

Legitimate websites use secure connections and proper domain names. Before entering any information, examine the URL in your browser’s address bar.



https://esewa.com.np/login


https://esewa-verify.com.np/login
https://esewa.com.np.secure-verify.xyz/login
http://esewa-nepal-login.com/verify

Notice how phishing URLs often include extra words, misspellings, or different domain extensions. Always check that the main domain (before the first single slash) is correct.

Look for Language and Design Issues

Phishing messages and websites often contain telltale signs in their content and appearance.

Red flags to watch for:

  • Poor grammar, spelling errors, or unusual phrasing
  • Mismatched or low-quality logos and branding
  • Unprofessional design that doesn’t match official websites
  • Mixed languages (e.g., English and Nepali incorrectly combined)

Legitimate organizations maintain consistent, professional communications. If something looks “off,” it probably is.

Beware of Urgency and Threats

Phishing attempts often create artificial urgency to pressure victims into acting without thinking.

Common pressure tactics:

  • “Your account will be terminated within 24 hours”
  • “Immediate action required to avoid legal consequences”
  • “Limited-time offer expires today”
  • “Security breach detected – reset password now”

Legitimate organizations don’t typically demand immediate action through email or SMS. When in doubt, contact the organization directly through their official phone number.

How to Protect Yourself

Enable Multi-Factor Authentication (MFA)

Add an extra layer of security to your accounts by enabling MFA whenever possible.

Benefits of MFA:

  • Prevents account access even if passwords are compromised
  • Provides notifications when login attempts occur
  • Creates a significant barrier for scammers
  • Available on most major Nepali banking and payment apps

How to set up MFA on popular Nepali services:


For eSewa:
1. Log into your eSewa account
2. Go to Profile Settings
3. Select Security
4. Enable Two-Factor Authentication
5. Follow the prompts to link your phone number

For Khalti:
1. Open the Khalti app
2. Go to Profile > Settings > Security
3. Toggle on Two-Factor Authentication
4. Verify your phone number when prompted

Verify Communications Independently

Never rely solely on the contact information provided in a suspicious message.

Safe verification steps:

  • Look up the official contact number from the organization’s website
  • Visit physical branches for banking concerns when possible
  • Use official mobile apps rather than following email links
  • Call customer service directly if you receive suspicious communications

💡 Tip: Save important official numbers in your phone contacts (banks, Nepal Telecom, NEA, etc.) so you can quickly verify if calls are legitimate.

Use Security Software and Keep Systems Updated

Technical protections can help identify and block phishing attempts before they reach you.

Essential security measures:

  • Install reputable antivirus software on all devices
  • Keep operating systems and apps updated with security patches
  • Use browsers with phishing protection (Chrome, Firefox)
  • Consider using a password manager for secure credential storage

Enable browser-based phishing protection:


// In Google Chrome:
1. Click the three dots in the top-right corner
2. Select "Settings"
3. Navigate to "Privacy and security"
4. Ensure "Safe Browsing" is set to "Enhanced protection"

// In Mozilla Firefox:
1. Click the menu button (three lines)
2. Select "Settings"
3. Go to "Privacy & Security"
4. Under "Security," check "Block dangerous and deceptive content"

What to Do If You’ve Been Phished

Act Quickly to Minimize Damage

If you suspect you’ve fallen victim to a phishing scam, take immediate action to limit potential harm.

Immediate steps to take:

  1. Change passwords for all affected accounts immediately
  2. Contact your bank to freeze accounts if financial information was compromised
  3. Monitor account statements and credit reports for unauthorized activity
  4. Enable additional security measures like login notifications

Report the Scam to Authorities

Reporting phishing attempts helps authorities track and combat cybercrime in Nepal.

Where to report phishing in Nepal:

  • Nepal Police Cyber Bureau: File a complaint at the Cyber Bureau office in Kathmandu or contact +977-01-4201145
  • Central Investigation Bureau (CIB): Report serious cyber fraud cases to CIB at +977-01-4412748
  • Nepal Rastra Bank: Report banking-related phishing to NRB’s Financial Consumer Protection Unit
  • National Cyber Security Centre: Submit cybersecurity incident reports online

📝 Documentation Tip: Save screenshots of phishing emails, texts, or websites before deleting them. Include these with your report to help authorities identify and track scammers.

Educating Your Community

Share Knowledge with Vulnerable Groups

Many phishing victims in Nepal are new internet users who may not recognize the warning signs.

Priority groups for education:

  • Elderly family members using digital banking for the first time
  • Young people opening their first financial accounts
  • Rural communities with limited digital literacy
  • Small business owners managing online payments

Consider creating a family or community “security check” system where less tech-savvy members can verify suspicious messages before responding.

Participate in Awareness Programs

Support and engage with cybersecurity awareness initiatives in Nepal.

Opportunities to get involved:

  • Attend community cybersecurity workshops
  • Follow Nepal Police Cyber Bureau’s social media for alerts
  • Participate in awareness programs at schools and colleges
  • Share verified information about current scams on social media

Conclusion

Phishing scams in Nepal continue to evolve as cybercriminals develop more sophisticated techniques. By staying informed, practicing digital hygiene, and teaching others about these threats, we can collectively reduce the impact of phishing in our communities.

Remember that legitimate organizations will never pressure you to provide sensitive information through unsolicited communications. When in doubt, verify independently through official channels.

Have you encountered phishing attempts in Nepal? Share your experiences and tips in the comments below to help others stay safe!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *