Kathmandu - In recent years, the landscape of cybercrime in Nepal has shifted dramatically. What once appeared mostly as social media scams or minor hacking attempts has now expanded into the financial sector, communication systems, and even our daily personal lives. The most striking recent example is the so-called “NEPSE AI” mobile app. Promoted on social media as a tool for stock market analysis, the app lured unsuspecting users to download it. Once installed, it gave remote access to criminals, who were then able to wipe data and siphon off large sums of money. In some cases, individuals lost nearly three million rupees in a single attack.
This was not an isolated case. Phishing scams have become a routine threat in Nepal. Banks and digital wallet users are increasingly targeted through text messages, emails, or instant messaging platforms. Victims are tricked with urgent warnings, too-good-to-be-true offers, or fake service updates. A single careless click on a malicious link can expose login credentials, passwords, or OTP codes. In more sophisticated attacks, users are persuaded to download fraudulent apps or files, giving attackers full control of their devices and accounts.
There are several reasons why such crimes are spreading so quickly. Digital services are expanding at a rapid pace, but awareness of safe online practices has not kept up. Many people still reuse the same simple password across multiple accounts, use public Wi-Fi for financial transactions, or click on unknown links without hesitation. At the institutional level, outdated cyber laws make it difficult to deal effectively with new forms of crime, while criminals are adopting advanced technology and social engineering tactics to exploit vulnerabilities.
In this environment, vigilance must begin at the individual level. Every internet user needs to adopt some basic habits: create long and complex passwords and never reuse them across accounts, enable two-factor authentication wherever possible, and avoid downloading apps or software from unofficial sources. Suspicious emails, links, or messages should be ignored or deleted rather than opened. Sensitive transactions should never be conducted over public Wi-Fi, and financial accounts should be checked regularly for unusual activity. Personal information, especially banking details and OTPs, must never be shared-even with someone who appears trustworthy. If something seems suspicious, the safest step is to immediately notify your bank, telecom provider, or the Cyber Bureau.
Institutions, too, must step up. Banks, telecom companies, and government agencies need to run continuous awareness campaigns for their customers. Cyber laws should be updated to match modern threats, ensuring that new forms of fraud can be prosecuted effectively. Schools and universities should begin teaching digital literacy and cybersecurity basics from an early age, so that awareness grows with technology use.
Cybercrime is no longer a niche issue for tech professionals; it affects everyone. Just as we lock the doors of our homes every night, we must learn to lock our digital lives with awareness and caution. The recent cases show how devastating a single careless click can be, both financially and emotionally. Nepal’s digital future can only be secure if each of us takes personal responsibility for safe online behavior, supported by strong policies and institutional preparedness from the state.
