Types of Cyber Attacks in Nepal: Threats, Examples & How to Stay Safe (2026)

Every day, someone in Nepal loses money from their eSewa wallet because of a fake SMS. A small business in Kathmandu finds its website taken down overnight. A government portal gets flooded with traffic until it stops responding entirely. These are not rare incidents, they are happening across the country, and they are happening more frequently than most people realize.

Cyber threats have quietly become one of the most serious risks facing Nepal's growing digital economy. As online banking, digital payments, e-commerce, and cloud-based government services become part of everyday life, the attack surfaces available to cybercriminals have multiplied. Understanding the types of cyber attacks is no longer just for IT professionals, it is essential knowledge for every Nepali internet user.

This blog covers the major cyber threats in Nepal, how they work, real local examples, and what can be done to stay protected. If you are also thinking about a career in this field, the SkillShiksya Cybersecurity Course will give you the practical skills Nepal's job market is actively looking for.

What Is Cyber Security? Definition and Why It Matters

Before diving into specific threats, the basics deserve a clear answer.

Cyber security definition: Cyber security is the practice of protecting computers, networks, systems, software, and data from digital attacks, unauthorized access, theft, and damage. It includes the tools, processes, and practices that keep digital systems safe.

If you have ever asked "cyber security what is it exactly?", think of it as a digital lock on everything you do online. It protects your mobile wallet, your email, your business data, and even Nepal's government systems from being exploited.

Nepal's internet user base crossed 20 million in 2024. Mobile banking is mainstream. Digital wallets handle billions of rupees in daily transactions. Government services are migrating online. Each of these developments is genuinely positive and each one creates new opportunities for attackers.

The Nepal Police Cyber Bureau reports a sharp year-on-year increase in cybercrime cases. Financial fraud, account takeovers, phishing scams, and website attacks are among the most commonly filed complaints. Understanding what cyber threats are and how they are carried out is the most accessible form of defense available.

What Are Cyber Threats?

Cyber threats are potential dangers that could exploit vulnerabilities in your digital systems, causing data theft, financial loss, service disruption, or reputational damage. A cyber threat does not have to be an active attack, it includes any condition, actor, or circumstance that has the potential to cause harm to your digital life.

Cyber threats are commonly directed at:

• Individual users of mobile banking and digital wallets
• Small and medium-sized businesses operating online
• Financial institutions, banks, and cooperative societies
• Government databases, portals, and infrastructure
• Educational institutions, hospitals, and NGOs
• Social media accounts and online identities

The attackers behind these cybersecurity threats range from individual scammers running low-effort SMS fraud to organized criminal groups conducting coordinated attacks on critical infrastructure.

Why Cyber Threats Are Rising in Nepal

Nepal's rapid digital transformation has brought genuine benefits but the same infrastructure enabling those benefits is also being exploited.

Some of the most commonly reported cyber threats in cyber security cases in Nepal include:

• Facebook and Instagram account takeovers
• Unauthorized transactions through eSewa and Khalti
• Phishing messages impersonating banks and telecom companies
• Fake job and internship offers targeting fresh graduates
• Website defacement of local businesses and institutions
• Data leaks from poorly secured web applications
• Social media impersonation and identity fraud

These incidents are not just technical failures. Real financial losses are suffered by real people. This is precisely why cyber security courses and structured cyber security roadmaps are gaining serious traction among students and IT professionals across Nepal.

What Cyber Attack Means: And How It Differs from a Cyber Threat

These two terms are often used interchangeably, but the distinction matters:

• A cyber threat is the potential for harm, a vulnerability, a malicious actor, or a risky condition that exists
• A cyber attack is when that threat is actively executed, an actual attempt is made to breach, steal, or disrupt

In practical terms: when a fake eSewa link is created and distributed, that is a cyber threat. When that link is clicked, credentials are stolen, and an account is accessed, that is a cyber attack in progress.

Major Types of Cyber Attack

1. Phishing Attacks: Nepal's Most Common Cyber Threat

Phishing meaning: A phishing attack is a type of cyber threat in which fraudulent messages are sent; through email, SMS, or social media to trick users into revealing passwords, OTPs, or financial credentials. It is consistently among the most reported cyber attacks in Nepal.

In a phishing attack, a fake message is crafted to appear as though it came from a trusted source, your bank, Ncell, NTC, or eSewa. The message is designed to create urgency:

"Your eSewa account has been flagged for suspicious activity. Verify your identity within 24 hours to avoid suspension: [fake link]"

The link leads to a counterfeit website that looks identical to the real one. Whatever is entered goes directly to the attacker.

How a phishing attack is recognized:

• Unexpected messages asking for personal information or OTPs
• Links with slightly altered URLs (e.g., "esewa-verify.com" instead of "esewa.com.np")
• Unusual urgency or threats of account suspension
• Poor grammar or phrasing that feels slightly off

How phishing is prevented:

• Links in unexpected messages should never be clicked
• Website URLs should be verified carefully before credentials are entered
• Two-factor authentication should be enabled on all accounts
• OTPs should never be shared, regardless of who is asking

Thousands of Nepalis lose money from digital wallets to phishing each year. It is the entry point for a large proportion of fraud cases filed with Nepal Police Cyber Bureau annually.

2. Malware Attacks: Hidden Threats on Your Device

Malware, short for malicious software, is a broad category covering viruses, trojans, worms, spyware, and ransomware. Once installed on a device, malware can operate silently for weeks, stealing data, monitoring activity, recording keystrokes, or providing an attacker with full remote access.

In Nepal, malware is most commonly spread through:

• Pirated software and cracked applications downloaded from unofficial sources
• Infected USB drives shared between offices, cyber cafes, and colleagues
• Email attachments from unknown senders
• Fake app downloads circulated through WhatsApp groups and Facebook

A significant share of computers in Nepal still run unlicensed operating systems that no longer receive security updates, leaving them permanently exposed to malware variants that have long since been patched on updated systems.

How malware is prevented:

• Software should be downloaded only from official or verified sources
• Antivirus protection should be installed and kept updated
• Operating systems and applications should be updated regularly
• USB drives from unknown sources should not be connected to work machines

3. DDoS and DoS Attacks: Bringing Down Nepal's Digital Services

DDoS full form: Distributed Denial of Service.

A DDoS attack and its simpler predecessor, the DoS (Denial of Service) attack are types of cyber threats designed to overwhelm a website or server with so much traffic that it crashes and becomes inaccessible to legitimate users.

The difference between DDoS and DoS attack is scale and source:

• A DoS attack originates from a single machine
• A DDoS attack is launched from thousands of infected devices simultaneously, making it far harder to stop

Nepali government websites have faced DDoS attacks during politically sensitive periods. E-commerce platforms have been targeted during Dashain and Tihar, precisely when the financial impact on businesses is greatest.

How DDoS risk is reduced:

• For businesses, a CDN like Cloudflare which offers a functional free tier absorbs most DDoS traffic before it reaches the server
• Server capacity monitoring should be reviewed regularly alongside traffic anomaly detection

4. Ransomware Attacks: When Your Files Are Held Hostage

Ransomware is among the most destructive cyber threats an organization can face. Files on an infected system are encrypted by malicious software, access is denied, and payment typically demanded in cryptocurrency is required before decryption is offered. There is no guarantee that paying results in files being restored.

Ransomware typically arrives through phishing emails with malicious attachments, fake software downloads, or compromised remote access connections. It can spread silently across a network before activating and locking everything at once.

In Nepal, hospitals, schools, and government offices have been among the reported victims. The absence of regular data backups in many Nepali organizations means the damage is frequently irreversible. Without a cyber insurance culture which has not yet taken hold in Nepal most victims face a difficult choice.

How ransomware is prevented:

• Regular offline data backups are the single most effective protection
• Suspicious email attachments should never be opened
• Operating systems should be patched consistently
• Antivirus and endpoint protection should be kept current

5. Password and Brute Force Attacks: Your Birthdate Is Not a Password

Weak passwords remain one of the most exploited vulnerabilities in Nepal's digital landscape. In a brute force attack, automated tools try thousands of combinations per second. In a dictionary attack, common words and predictable phrases are tested systematically. In credential stuffing, login details leaked from previous data breaches are tried across multiple platforms simultaneously.

Passwords built from a phone number, a family member's name, or a birth year, information often shared publicly on Facebook are compromised in seconds by these methods.

Strong password practices:

• Passwords should be long and include a mix of uppercase letters, lowercase letters, numbers, and symbols
• A unique password should be used for every account
• A password manager removes the burden of remembering multiple complex strings
• Two-factor authentication should be enabled on all accounts, especially eSewa, Khalti, Gmail, and social media

6. Man-in-the-Middle (MITM) Attacks: When Someone Is Listening

In a man-in-the-middle attack, communication between two parties; a user and their bank, for example is secretly intercepted by a third party. The data exchanged is read, and in some cases altered, without either side knowing.

This type of attack most commonly takes place over public or unsecured WiFi networks. Attackers set up rogue hotspots in locations like Thamel cafes, Lakeside Pokhara restaurants, hospital waiting rooms, and university canteens with names that look trustworthy. When a device connects, all internet traffic passes through the attacker's system.

How MITM attacks are avoided:

• Banking and financial transactions should be conducted over mobile data, not public WiFi
• HTTPS websites should be used wherever possible, the padlock icon in the browser address bar is the indicator
• A trusted VPN service provides additional protection on public networks

7. Social Engineering Attacks: Hacking the Human

Social engineering is among the most effective cyber threats because it exploits human psychology rather than technical weaknesses. Through impersonation, manufactured urgency, or false trust, people are manipulated into handing over sensitive information or transferring money voluntarily.

This is effective precisely because it does not require sophisticated hacking, it requires only a convincing story.

In Nepal, common social engineering tactics include:

• Phone calls from people claiming to be Nepal Police or NTC officers, demanding an OTP to "prevent account suspension"
• Fake foreign job recruitment offers circulated through Facebook and WhatsApp, targeting families of migrant workers
• Impersonation of senior company executives in emails instructing employees to make urgent wire transfers
• Fake technical support calls claiming your device has a virus

How social engineering is defended against:

• OTPs and PINs should never be shared over the phone, regardless of who is calling
• Job offers from unknown sources should be verified independently before money changes hands
• Employees should be trained regularly to recognize manipulation tactics

8. SQL Injection Attacks: Targeting Nepal's Websites and Databases

SQL injection is a web-based attack that targets applications connected to databases. Malicious code is inserted into an input field; a login form, a search bar, a contact page and the underlying database is tricked into executing it. Through this, confidential data can be accessed, records modified, and in extreme cases entire databases deleted.

This is a significant concern in Nepal. Many locally developed websites and government portals lack proper input validation. Security researchers have identified multiple instances of Nepali websites exposing citizen data; names, phone numbers, addresses through this vulnerability.

How SQL injection is prevented:

• Parameterized queries should be used in all database interactions
• User input should never be inserted directly into database queries
• Web applications should be scanned regularly using tools like OWASP ZAP
• A web application firewall adds an additional layer of defense

Cyber Threats Map: A Quick Overview for Nepal

Biggest Cyber Threats Specific to Nepal Right Now

Beyond general categories, these threats have become particularly prominent in the Nepali context:

• Online banking fraud: unauthorized transactions through compromised credentials
• Fake eSewa and Khalti payment pages: users are directed to cloned sites and tricked into entering credentials
• Social media account takeovers: pages are hijacked and used to run scams against followers
• Fake job and internship offers: graduates and migrant workers are defrauded through Facebook and WhatsApp
• Data leaks from poorly secured applications: citizen data exposed through vulnerable government and business portals
• Website defacement: local business and institutional websites are vandalized for reputational damage

As digital adoption deepens, these threats are evolving, not disappearing.

How to Stay Protected from Cyber Attacks

Most successful cyber attacks in Nepal exploit simple oversights that are entirely preventable. These habits address the majority of risks:

• Use strong, unique passwords: Every account should have a different password. A free password manager like Bitwarden makes this manageable without the burden of memorization.
• Enable multi-factor authentication everywhere: An OTP or authentication app adds a second layer that stops most account takeover attempts, even when a password has been compromised.
• Keep all software updated: Security patches are released specifically to close vulnerabilities that attackers exploit. Delaying updates leaves those doors open. This applies to phones, laptops, apps, and browsers.
• Be skeptical of any urgent request: Any message; SMS, email, or phone call that demands immediate action and asks for sensitive information should be treated as suspicious until verified through official channels.
• Back up data regularly: A reliable backup means ransomware loses its primary leverage. Data should be backed up to a location that is not permanently connected to the main network, an external drive or a separate cloud account.
• Use mobile data for banking: Financial transactions should not be conducted over public WiFi. Mobile 4G or 5G data is far more secure for anything involving money, passwords, or personal information.
• Learn the basics of cyber security: Awareness is a genuine form of protection. A structured cyber security course gives you the knowledge to recognize threats before they reach you and the skills to build a career protecting others.

Reporting Cyber Crimes in Nepal

If you have been the victim of a cyber attack or online financial fraud, report it immediately through these official channels:

Nepal Police Cyber Bureau:

• Hotline: 01-5319044
• 24/7 Duty Officer: +977 9851286770
• For online fraud follow-up dial: 01-5319044, Extension 108
• For hacked accounts/pages: Extension 112
• Email: cyberbureau@nepalpolice.gov.np
• Address: Bhotahiti, Kathmandu

Online complaint portal: 

• cyberbureau.nepalpolice.gov.np/report-cyber-crime

Nepal Telecommunications Authority (NTA):

• For SIM-related fraud and telecom scams

Your bank's fraud hotline

• For unauthorized financial transactions

Final Thoughts

The cyber threats facing Nepal are not abstract or distant. They are being experienced right now by ordinary people; wallet users, small business owners, students, government employees, who may not realize what has happened until the damage is done.

Understanding how these attacks work is genuinely useful. It changes how a suspicious message is read, how a public WiFi network is used, how passwords are chosen, and how a business thinks about its data. Awareness is a form of protection that costs nothing and is available to everyone.

Nepal's digital infrastructure will keep growing. The question is whether the awareness and preparedness of its users grow alongside it.

Ready to build a career in cybersecurity? Explore our complete guide on how to get Into Cybersecurity in Nepal