In our earlier story, we reported a particular modus operandi of online financial frauds, where people were lured into investing in fraud schemes. They eventually lost hundreds of thousands of rupees in bid to secure their previous deposits and avert loss.
The incidents of online financial fraud are on rise. Suspicious social media pages still run targeted sponsored ads, deceiving users under pretext of online jobs that require no experience but one mobile phone and reward easy earning.
Similarly, hoax emails disguised as Nepal Police prey on users by sending them threatening emails of false allegations and potential arrests. Then, scammers extort money from the users to “pardon” the allegations.
One-Time Password (OTP) frauds are another form of financial scam, where scammers disguised as official trick users into sharing their bank and digital wallet details. They eventually ask users to share OTP that the latter received on their mobile number and withdraw the amount from their accounts.
From 2020/21 to 2023/24, 665 complaints relating to e-Sewa were registered with the Nepal Police. An additional 266 complaints have been recorded this fiscal year (as of March 13, 2025). For banks, the number of complaints was 683 from 2019/20 till last year. This year, it numbers 178.
These online financial frauds are just one of many cybercrimes and cyber-enabled crimes in Nepal.
Cyber-enabled crime refers to traditional crimes that have been enhanced, expanded, or facilitated by digital technology and the internet. These crimes existed before the internet but have become easier to commit on a larger scale due to online platforms.
According to latest data the_farsight obtained from the Cyber Bureau under the Nepal Police Headquarters, the current trends include the following —
Photo mutilation, where photos are digitally manipulated to create explicit, misleading, or defamatory images.
Revenge porn, where intimate photos and videos captured with consent of both partners, are published online unilaterally (without consent of each other).
Ransomware attack, hackers take access and control of a system or network, infecting it with malicious software called ransomware that locks or encrypts the victim’s files. To restore access to the original user(s), the hackers demand ransom.
Defamation imposter, where someone creates social media profile pages using someone else’s name and picture to defame and harass them
Hacking, unauthorised access, website defaces, where websites of government and other organisations are hacked.
The cyber bureau data shows a record breaking upward trend each fiscal year since 2018/19 with Facebook/Messenger topping the chart as the most used social platform to commit or enable the crime.
The following chart includes the number of complaints filed with the Cyber Bureau received since 2018/19 and the share of Facebook/Messenger.
As of March 12, 2025, the total complaints number 12,135, with Facebook/Messenger accounting for more than half of it — 6,741.
WhatsApp, Instagram and TikTok are other three platforms where crimes are committed and enabled. In 2019/20, their combined complaints numbered 13.
However, the number of complaints has exponentially grown since 2020/21 — the time they began gaining popularity alongside improved internet connectivity in the country amid the COVID pandemic. See the chart below.
This year, complaints related to Instagram numbers 758, WhatsApp 1,431, and TikTok 1,263 — suggesting that WhatsApp and TikTok users are more vulnerable to cyber crimes like photo mutilation and cyber-enabled crimes like financial scams.
According to Cyber Bureau’s spokesperson and information officer, SP Dipak Raj Awasthi, the bureau receives 60 to 70 complaints daily, which mostly include online financial scams and defamation by character assassination of girls and women.
Telegram was officially reported as one of such platforms this year only. So far, 1,296 complaints involving Telegram have been recorded.
“We have categorised Telegram as a suspicious [social] platform,” said SP Awasthi, adding that organised crimes like online financial fraud and child pornography operate from there.
Similarly, the police data shows girls and women are more vulnerable to cybercrimes and cyber-enabled crimes than boys and men in online spaces.
From 2018/19 to 2023/24, the total number of complaints relating to girls and women correspond to 904 and 19,079 respectively, and that to boys and men 412 and 17,797 respectively.
And the vulnerability is increasing year on year.
As of March 12, 2025 (this fiscal year), 255 complaints involved girls, 4,981 women, 229 boys, 6,395 men, and 275 others. The ‘other’ category is a legally recognised term for non-binary gender identifying people (LGBTQIA+).
the_farsight asked SP Awasthi how the cyber bureau is dealing with such crimes and if they are doing anything to prevent and control crimes.
He reiterated that cyber bureau is essentially a law enforcement agency, therefore is reactive in nature, meaning acts after crime takes place, and takes the case to the court for judicial remedy.
Yet, they run awareness campaigns informing the public about threats and possibility of falling prey to cybercrime or instigating defamation themselves on their social media handles and websites, and through caller tunes. They conduct information sessions for students as requested by schools and colleges.
The bureau also collaborates and coordinates with banking and financial institutions and community-based organisations and the development sector to spread awareness.
However, “this is not enough,” Awasthi pointed out, considering the limitations of cyber bureau in lack of specific legal framework that defines cybercrime and cyber-enabled crimes, and the vague jurisdiction of the bureau itself.
Located in Bhotahity of Kathmandu, it is the only agency that deals with cybercrime and cyber-enabled crimes in the country. They are authorised to proceed with complaints and file cases with the Kathmandu District Court under the Electronic Transaction Act, 2007.
“[However] every crime where the internet is involved is assigned to us regardless of its nature,” he said.
The bureau functions with whatever available legal provisions in consultation with the district attorney’s office, but it creates work overload and confusion for the bureau.
“Neither the existing laws are revised and updated, nor new legislation are formulated as per requirement, while the digital landscape evolves at a speed,” he highlighted. The Ministry takes months, and even years, for that matter, to act on the bureau’s recommendations.
A cabinet meeting in June 2024 had decided all 77 districts could take initial hearings on cyber-related matters. But it lacks implementation till day.
SP Awasthi suggests delegating jurisdictions to at least the provincial level would help cool off the burned-out bureau.
“Even the matters that can easily be handled by local police come to us because the internet is involved,” he said.
“For cases of [online] defamation, which can directly be dealt with at the court as given in the law, it is directed to us,” he added. “Now we have to call both parties to negotiate at the table. In some cases, neither party does not show up. It burdens our already scarce resources.”
In a very recent instance, they had to deal with copyright complaints from the makers of a Nepali movie because clips were circulated on the social media platform TikTok. There’s a copyright legislation, “but it came to us in lack of clear marking of jurisdiction. And it’s a regular thing.”
In another instance, if someone attempts suicide live on social media, the cyber bureau is called to take action.
Besides, Awasthi told the_farsight they are currently dealing with only social media under cybercrime or enabled crime, but its scope is greater.
“There’s the dark web, where more serious crimes take place. We need to study it and emerging [global] trends to keep pace with the evolving nature of crimes digitally. But we lack resources, let alone a budget. Lack of IT related human and technological resources is another limitation.”
Website hacking and data breach are another emerging trends in the cyber landscape of Nepal. Hackers access the system or network of government agencies and public organisations to obtain data which they are not authorised for. The data so obtained can have unprecedented implications, depending upon the intention and motive of hackers.
So far, 108 complaints of website hacking and data breaches have been reported since 2018/19, including six this year.
SP Awasthi sees policy research followed by specific legal frameworks mandating clear jurisdictions of law enforcement agencies as the way forward to navigate cyber crimes and cyber-enabled crimes in the country.
Read More Stories
Kathmandu’s decay: From glorious past to ominous future
Kathmandu: The legend and the legacy Legend about Kathmandus evolution holds that the...
Kathmandu - A crumbling valley!
Valleys and cities should be young, vibrant, inspiring and full of hopes with...
IT WAS AN ORDINARY lunchtime until Saraswati felt a tickle on her feet....
Business + Finance + Economy + Tech + Environment + Nepal & South Asia + In-depth Analysis + News + Investigation + Research + Expert Opinion + Anatomy of Complex Issues.
