6th October 2025, Kathmandu
The public warning issued by Everest Bank Limited (EBL) is a timely and critical communication aimed at protecting its customer base from escalating cyber threats, which are known to surge during Nepal’s major festive season, particularly around Dashain.
EBL’s Cybersecurity Alert
The bank’s proactive stance in advising customers to remain vigilant against a specific set of fraudulent activities underscores the very real risks associated with increased digital transactions and the psychological distractions of national holidays. This advisory is a vital component of the bank’s commitment to being “Stable, Strong, and Reliable” by ensuring the financial safety of its patrons.
1. Contextualizing the Elevated Threat During Dashain
The period surrounding the Dashain festival is a high-risk environment for cybercrime for several sociological and economic reasons specific to Nepal:
Increased Financial Activity: Dashain is synonymous with increased spending, cash flow, and financial transfers. The tradition of receiving Dakshina (money/gifts) and the need to travel often necessitate more frequent use of digital wallets, mobile banking, and ATMs. This surge in digital traffic creates more opportunities for criminals to hide their fraudulent activities.
The Lure of ‘Bonus’ and ‘Discount’ Scams: The festive spirit creates a temporary lowering of caution. Scammers exploit this by using tempting language like “Dashain bonuses,” “lucky draws,” or “special discounts.” As confirmed by general security analysis in Nepal, these scams create a sense of urgency and false excitement, manipulating victims into believing they are missing out on a genuine offer from the bank or a well-known retailer.
Customer Distraction: People are preoccupied with travel, family gatherings, and festivities, making them less attentive to the red flags of a phishing message or a suspicious phone call. The festive mood is a significant psychological vulnerability that criminals target.
2. Analysis of the Specific Scam Modus Operandi
EBL’s warning highlights classic and highly effective social engineering tactics:
A. Phishing via Fake SMS and Social Media
The fraudulent messages, whether delivered via SMS, Viber, WhatsApp, or fake social media pages, are designed to create a convincing illusion.
Bait: The messages use the bank’s name or logo and offer a financial incentive (“Dashain bonus”).
Mechanism: The message contains a suspicious link that users are urged to click to “claim” the offer or “verify” their account. This link leads to a spoofed (fake) website meticulously designed to look like the official EBL login page or a survey form.
Objective: To steal login credentials (username, password) and, most critically, the One-Time Password (OTP).
B. Vishing (Voice Phishing) and Credential Theft
Though not explicitly mentioned, the request for sensitive information like PINs, OTPs, or passwords is a hallmark of Vishing, where a scammer calls the customer, often posing as a bank representative. The fraudster might claim:
“We are processing your Dashain bonus, we just need the OTP you received to finalize the transfer.”
“Your account has been temporarily locked due to suspicious activity; please provide your PIN and password to verify your identity.”
The bank’s stern advisory that its legitimate communications will never ask for this confidential information is the single most important defense against these types of attacks. Customers must understand that a bank will never call or message asking for their private security credentials.
3. Elaborating on the Essential Safety Tips
The safety tips provided by Everest Bank Limited are the standard best practices in digital security, and their reiteration is crucial for customer protection:
EBL Tip Detailed Explanation and Importance
- Verify links carefully This goes beyond merely glancing at the link. Customers should scrutinize the URL for misspellings (e.g., everestbank1td.com.np instead of everestbankltd.com.np) or unusual extensions. Legitimate bank websites will always use a secure connection, indicated by ‘https://’ at the beginning of the address bar. If in doubt, type the official website address directly into the browser.
- Stay alert to sender identity and message language Scammers often operate from non-Nepali backgrounds or use automated translation tools, leading to poor grammar, strange phrasing, or unconventional Nepali language usage. Additionally, the sender’s ID (e.g., a random mobile number instead of the bank’s official shortcode or name) is a significant red flag. Legitimate bank communications are typically professional and consistent in tone and format.
- Keep your confidential information secure Never share your password, OTP, or PIN with anyone. This is the golden rule of digital financial security. The OTP is the final digital key that authorizes a financial transaction. By protecting the OTP, the customer effectively locks the scammer out of their account, even if the scammer has stolen the password. EBL clearly states that this information must be held private, regardless of who is asking for it.
4. The Critical Role of 24/7 Customer Support
By providing 24/7 contact channels—two toll-free numbers and an email address—EBL ensures that its security commitment is active around the clock. The availability of 24/7 support is vital during a festive period, where immediate response can mean the difference between preventing a fraud attempt and suffering a significant financial loss.
Immediacy: If a customer suspects they have clicked a fraudulent link or, worse, entered their details, they must contact the bank immediately. The sooner the bank is alerted, the faster it can freeze the account, reverse unauthorized transactions, and limit the damage.
Accessibility: The toll-free numbers (16600171718 / 18102171718) remove any financial barrier to seeking urgent help, making the bank’s security services readily accessible to customers across the country.
The bank’s final message, “Stable, Strong, and Reliable. Stay alert, stay safe from cybercrime”, is a powerful reminder of the shared responsibility in banking security. While EBL maintains the robust systems and infrastructure (the ‘Stable, Strong, and Reliable’ part), the customer’s vigilance and adherence to security protocols (the ‘Stay alert, stay safe’ part) are equally indispensable in the fight against cyber fraud.
For More: EBL’s Cybersecurity Alert