Contact SriLankan Airlines on Security Issues

This page includes information regarding SriLankan Airlines security and how security researchers, law enforcement personnel, and members of the media can contact SriLankan Airline to report a concern or enquire about a security issue.

Customers

If you suspect that your FlySmiLes account or customer profile on srilankan.com has been compromised, for example through phishing, or if you have any concerns regarding the security of your account, we strongly recommend signing in to the FlySmiLes page https://www.flysmiles.com/flysmiles/forgot-password and updating your password immediately.
Please remember: Never share your FlySmiLes ID or password with anyone. SriLankan Airlines will never request this information during verification or support interactions.
If you have forgotten your FlySmiLes password or membership number, you may conveniently reset it using our secure password recovery feature available here .
If you receive a suspicious email or message claiming to be from SriLankan Airlines or any entity within the SriLankan Group, and you believe it to be a phishing attempt, please report it to the SriLankan Airlines Cyber Security Team at: cybersecurity@srilankan.com
Customers are solely responsible for maintaining the confidentiality of their account credentials and for all activities conducted under their account.

Security and privacy researchers

To report any security or privacy issues affecting SriLankan Group products or web servers, please contact our Privacy Office at privacy.office@srilankan.com .

SriLankan Airlines supports responsible disclosure of security vulnerabilities. Security researchers acting in good faith will not be subject to legal action, provided they do not exploit vulnerabilities or access data beyond what is necessary for reporting.

Law enforcement

The SriLankan Group processes government information requests in accordance with the applicable laws and regulations of the countries in which it operates. Law enforcement agencies may contact the Privacy Office at privacy.office@srilankan.com .

Media

Journalists can contact our press office at media@srilankan.com, or visit the Srilankan Media Centre.

Avoid phishing emails, ‘free ticket scams’, ‘fraudulent invoices’, phony travel agent calls, and other scams

Use the following tips to help protect yourself from scams and understand what to do if you believe your FlySmiLes ID has been compromised.

If you receive an email, message, or phone call from someone claiming to represent SriLankan Airlines and asking for your account name, password, or any other personal information, it is highly likely that you are being targeted by a scam.

Scammers may use various tactics to steal your personal information—such as fake emails, deceptive pop-up ads, text messages, instant messages, or unsolicited phone calls. These attempts are designed to trick you into revealing sensitive information, including your FlySmiLes ID password and credit card details.

Below are key recommendations to help safeguard your account:

Protect Your FlySmiLes ID

Never share your FlySmiLes ID or password with anyone. SriLankan Airlines will never request this information during validation or support processes.
If you suspect that your FlySmiLes ID has been compromised, we strongly encourage you to change your password immediately through the FlySmiLes login page .
Always verify the authenticity of communications before responding or clicking on any links.
SriLankan Airlines is not responsible for the content, security, or practices of external websites.

If you receive a phishing email or text message

Scammers often attempt to imitate legitimate companies by using copied email formats, text message layouts, and unauthorized use of corporate logos to deceive you into revealing personal information or passwords. To stay safe, we strongly advise customers not to click links or open attachments in suspicious or unsolicited messages.

If you need to change or update your personal information, always contact SriLankan Airlines directly through trusted channels.

Contact SriLankan Airlines

How to Identify Potential Phishing Scams

Mismatched sender information: The email address or phone number does not align with the organization the sender claims to represent.
Incorrect recipient details: The message is sent to an email address or phone number that you never provided to the company.
Suspicious links: A hyperlink appears legitimate but redirects to a web address that does not match the official company domain.
Unusual formatting: The style, tone, or layout of the message differs noticeably from authentic communications you normally receive from the company.
Requests for sensitive information: The email or message asks for personal data, such as credit card numbers or account passwords.
Unexpected attachments: The message is unsolicited and includes an attachment, which could contain malware.

If you think your FlySmiLes ID has been compromised

Are you concerned that an unauthorized person may have access to your FlySmiLes ID?

The following guide will help you determine whether your account has been compromised and outline the steps you can take to secure it.

Because your FlySmiLes ID can be used across SriLankan Airlines and its partner products and services, it is essential to ensure that your account remains fully protected. Never share your password with anyone. If someone you do not know or do not trust can sign in to your FlySmiLes account, your account is not secure.

Why Your FlySmiLes Account May Not Be Secure

Your FlySmiLes account may be at risk for any of the following reasons:

The account was created by someone else, such as a travel agent, or you are using an account set up on your behalf.
You are sharing your FlySmiLes account with family members or friends. Please note that your FlySmiLes ID is intended to be your personal account.
An unfamiliar FlySmiLes ID appears signed in to the SriLankan App on your device.
Your password may have been shared intentionally or unintentionally, such as someone choosing your password for you, you telling someone your password, or accidentally entering it on a fraudulent “phishing” website.
You no longer have access to the email address or phone number associated with your FlySmiLes ID. Providing access to your email to other parties may expose the OTP.
Your password is weak, meaning it lacks complexity. Strong passwords should include a combination of uppercase and lowercase letters, numbers, and symbols — forming a string of characters that do not resemble common words, names, or predictable sequences.

If any of the above sounds familiar, your account may be compromised, and we recommend you reset your password as soon as possible and review your account information.

How do I know if my FlySmiLes account was compromised?

Signs Your FlySmiLes Account May Be Compromised

Your FlySmiLes account might be compromised if you receive an account notification from SriLankan FlySmiLes for a change that you did not make, or if you notice unfamiliar changes to your account details.

Examples include:

You receive a confirmation email from SriLankan Airlines stating that your FlySmiLes account password was changed or your account information was updated, but you do not recall making those changes.
Password changes can be completed using the “Change Password” or “Forgot Password” options with OTP verification.
You notice FlySmiLes miles deducted for purchases or redemptions that you did not authorize.
Your password no longer works, or your account may have been changed, locked, or restricted.
You do not recognize some or all of the information displayed in your account details.

How can I gain control of my FlySmiLes account?

If You Believe Your FlySmiLes Account Has Been Compromised

If you suspect that your FlySmiLes account has been compromised, follow the steps below to secure your account and review your personal information.

1. Sign in to Your FlySmiLes Account

If you are unable to sign in or your account appears locked, try using the reset or unlock options. If you still cannot access your account, contact the FlySmiLes Service Centre at (94) 197 333 333 or email flysmiles@srilankan.com.

While SriLankan Airlines will make reasonable efforts to respond to reported security issues, response times are not guaranteed.

2. Change Your Password

Update your FlySmiLes account password immediately using the Forgot Password option.
Choose a strong, unique password using uppercase and lowercase letters, numbers, and symbols.

3. Verify Control of Your Email Addresses

Ensure you have access to all email addresses linked to your FlySmiLes account.
Review and update your personal and security information, including your name and primary email address.
If you do not recognize or no longer control any linked email addresses:
- Change the password of those email accounts immediately, or
- Update your FlySmiLes account to a secure email address you control.
If social media login details were used, you are responsible for securing those accounts.

If you have completed all steps but still believe your account is compromised, contact the SriLankan Contact Centre for further assistance.

Learn to spot fake emails and fake websites

Criminals use fake emails and fake websites.

They set them up to con people into giving away passwords and other sensitive details. The technical word for this is ‘phishing’.

For example, they might send you an email that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by email.

They are good at making their emails and websites look realistic. But the fake ones often share some common characteristics:

Strange looking email or web addresses
Poor design, typos or bad spelling
They ask you to do something unusual
A site that requires you to log in but doesn't display the padlock symbol in the address bar when you do so

If in doubt, stop. Don’t click on any links. Don’t open any attachments. Just forward the email to cybersecurity@srilankan.com and we will investigate it.

Intellectual Property & Misuse

Unauthorized use of SriLankan Airlines branding, logos, or systems for fraudulent purposes may result in legal action.

Data Protection Clause

All personal data is processed in accordance with applicable data protection laws including the Sri Lanka Personal Data Protection Act No. 9 of 2022 and other applicable international regulations.

Limitation of Liability

SriLankan Airlines shall not be liable for any loss, damage, or unauthorized access arising from customer negligence, phishing attacks, or third-party actions beyond its reasonable control.

General Disclaimer

This information is provided for general guidance only and does not constitute a guarantee of security. SriLankan Airlines shall not be responsible for any losses arising from cyber incidents beyond its reasonable control, including but not limited to phishing, malware, or unauthorized access caused by third parties.

Contact SriLankan Airlines on Security Issues

Below are key recommendations to help safeguard your account:

Protect Your FlySmiLes ID

If you receive a phishing email or text message

How to Identify Potential Phishing Scams

Are you concerned that an unauthorized person may have access to your FlySmiLes ID?

Why Your FlySmiLes Account May Not Be Secure

Signs Your FlySmiLes Account May Be Compromised

If You Believe Your FlySmiLes Account Has Been Compromised

1. Sign in to Your FlySmiLes Account

2. Change Your Password

3. Verify Control of Your Email Addresses

Essential information to enter the UK

Notice

Notice

Notice

Notice

Notice

Essential information to enter Colombo

Essential information to enter Kerala

Essential information to enter Bengaluru / Hyderabad / New Delhi

Essential information to enter Maharashtra

Essential information to enter Tamil Nadu

Essential information to enter Singapore

Important Notice