This page includes information regarding SriLankan Airlines security and how security researchers, law enforcement personnel, and members of the media can contact SriLankan Airline to report a concern or enquire about a security issue.
Privacy
You can read about our Privacy Policy here and know how we safeguard your personal information.
If you have a concern about the security of your account, you can contact SriLankan call center or speak to us online.
To report security or privacy issues affecting The srilankan Group products or web servers, you can contact cybersecurity@srilankan.com. We will respond via this secure channel if we require additional information to investigate a security issue.
For the protection of our customers, The srilankan Group generally does not disclose, discuss, or confirm security issues until a full investigation has been completed and any necessary patches or fixes are available.
The srilankan Group handles government information requests in accordance with local laws within the countries in which it operates. You can contact privacy.office@srilankan.com if you are a law enforcement agency.
Journalists can contact our press office at media@srilankan.com, or visit the Srilankan Media Centre.
Use these tips to avoid scams and learn what to do if you think your FlySmiLes ID has been compromised.
If you receive an email or someone claiming to be from SriLankan, who calls and asks for your account name and password, then it’s likely you have been a target of a scam.
Scammers use any means to obtain your personal information including but not limited to fake emails, pop‑up ads, texts and instant messages, and even phone calls. They will try to trick you into sharing personal information, such as your FlySmiLes ID password or credit card information. Here are some helpful tips on how you can protect your account and avoid scams.
Protect your FlySmiLes ID
Never share your FlySmiLes ID, password with anyone. SriLankan will never ask you for this as part of our validation process or when providing support. If you believe that your FlySmiLes ID has been compromised, we encourage you to change your password immediately.
If you get a suspicious phone call or voicemail
Scammers also try to copy email and text messages including the unauthorized use of corporate logos and formats from legitimate companies in order to trick you into sharing your personal information and passwords. We recommend our customers do not follow links or open attachments in suspicious or unsolicited messages. If you need to change or update your personal information, contact us directly.
The following signs can help you to identify potential phishing scams:
Report phishing attempts and other suspicious messages to Srilankan
To report a suspicious email claiming to be from Srilankan, you can forward the message to us at cybersecurity@srilankan.com. Please include complete header information. Whilst this email address is monitored by SriLankan, you may not receive an individual reply to your report beyond an auto‑acknowledgement.
Are you concerned that an unauthorized person might have access to your FlySmiLes ID? These steps can help you find out and regain control of your account.
Because our customers can use their FlySmiLes ID for SriLankan and its partner products and services, we encourage you to ensure that your FlySmiLes account is as secure as possible. We recommend that our customers do not share password information with anyone. If someone you don’t know or don’t trust can sign in with your FlySmiLes account, your account is not secure.
Here are some reasons why the FlySmiLes account you are using may not be secure:
If any of the above sounds familiar, your account may be compromised, and we recommend you reset your password as soon as possible and review your account information.
Your FlySmiLes account might be compromised if you receive an account notification from SriLankan FlySmiLes for a change that you did not make, or if you do not recognize changes to account details. For example:
If you believe that your FlySmiLes account has been compromised, you can use these steps to gain control of it and review your account information:
If you have completed the steps above but still have reason to believe your account is still compromised, you can contact the SriLankan contact center.
Criminals use fake emails and fake websites.
They set them up to con people into giving away passwords and other sensitive details. The technical word for this is ‘phishing’.
For example, they might send you an email that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by email.
They are good at making their emails and websites look realistic. But the fake ones often share some common characteristics:
If in doubt, stop. Don’t click on any links. Don’t open any attachments. Just forward the email to cybersecurity@srilankan.com and we will investigate it.