The country is currently grappling with the threat of cyber heists alongside the adoption of new technologies, largely due to a lack of adequate awareness regarding their secure usage.
Beyond the increasing incidents of financial fraud, data theft, and system disruption (such as ransomware), there is widespread activity involving defamation, bullying, and trolling through the spread of malicious content and character assassination. In some instances, these events are driven by motivations ranging from financial profit to achieving political disruption, impacting individuals, businesses, and governments globally. Cybercrime is defined by offences committed either using a computer, a networked device, or the network itself.
Nepal has also been the site of significant institutional-level frauds, notably the SWIFT hack of NIC Asia Bank in 2017, which involved the unauthorised transfer of approximately Rs. 460 million during the five-day Tihar festival holiday. The subsequent investigation report, jointly prepared by Nepal Rastra Bank (NRB) and KPMG, highlighted substantial IT security lapses and weaknesses in staff practices and IT management, such as permitting the use of personal email on secure systems. Despite this, the bank successfully recovered most of the funds by promptly alerting international banks.
Earlier, several Romanian nationals were apprehended in Nepal for their involvement in a sophisticated ATM card skimming fraud. They had stolen money from bank ATMs by illegally capturing customer data and PINs using skimming devices and hidden cameras.
Frauds may fool you
In recent years, there has been a rise in cases involving the hacking of digital platforms, including email, WhatsApp, Messenger, and other messaging applications, to request financial support from contact lists by fabricating urgent scenarios. In some incidents, individuals who carelessly click on links sent to their messaging apps and subsequently share sensitive information such as passwords, OTP (one-time pin), PINs, bank account details, or card information inevitably fall victim to fraud.
Fraudsters have also been circulating posts across social media platforms, including Facebook and Instagram, using the names and logos of various banks. These posts typically claim to offer survey rewards of lucrative amounts and contain suspicious links. If a person clicks on such links, tempted by the attractive prize offered for participating in the survey, they risk losing their sensitive information.
Hackers employ various fraudulent techniques to steal private data and sensitive information. Banks are now urging users to properly verify that these are the verified SNS (social networking sites) before engaging with such links, as a measure to protect themselves from phishing.
Are we alert?
Information and Communication Technology (ICT) has not only simplified life but has undeniably transformed the world. However, vulnerabilities are amplified by increased internet and mobile phone penetration coupled with insufficient literacy regarding data security and cyber threats. These threats include malware attacks (such as spyware, ransomware, Trojans, and adware), hacking, fake accounts, online banking fraud, digital blackmailing, and data breaches, among others.
According to Babu Ram Aryal, an advocate and cyber law expert in Nepal, children and women are highly vulnerable to these risks. He states, “Cyber-crimes are borderless, highly equipped with the latest technologies, including datawave technologies and artificial intelligence, and we are severely lacking in effective preparation and readiness to combat these cyber heists.”
Given the sensitive and complex nature of cybercrimes, Nepal needs to secure international support and cooperation to effectively combat them. However, as noted by Bhim Prasad Dhakal, Former AIG of Nepal Police, Nepal has not yet become a party to the United Nations Convention Against Cyber Crime.
The first UN convention against cybercrime was held in Budapest, Hungary, in 2001, and is popularly known as the Budapest Convention, with 60 countries initially becoming parties. The most recent convention took place in Hanoi, Vietnam, in 2024, and by late 2025, 81 countries had ratified and become a party to this convention.
Nepal is currently experiencing numerous incidents of fraud and scams targeting users of online and mobile banking. Consumer protection has thus become a significant challenge for financial sector regulators, security agencies, and service providers. Furthermore, while the theft of private data via malicious software is possible from anywhere in the world, taking decisive action against the culprits remains a herculean task.
Against this backdrop, experts have underlined several key immediate actions for stakeholders: securing extradition treaties with multiple countries, ratifying the relevant convention, enhancing the capacity of various agencies, including the Cyber Bureau, for effective investigation and prosecution, and conducting awareness campaigns through massive volunteer mobilisation nationwide.
Minimising such crimes can be approached from two main aspects. First, cracking down on the culprits through the rigorous enforcement of laws, which presents a significant challenge. Second, enhancing the literacy and knowledge of the public, which necessitates collaboration among government agencies, regulators, service providers, and other relevant stakeholders.
Digital violence
Considering the exponential surge of complaints to the Bureau, Cyber Bureau Desks have now been established in more than 72 districts. An analysis of the crime nature based on complaints revealed that 90% of cases involved abuse through social media which includes platforms like Facebook Messenger, Viber, IMO, YouTube, WhatsApp, WeChat, Twitter (X), Instagram, Telegram, website hacking, Google, TikTok, email, and phishing, among others.
According to the Cyber Bureau, in Fiscal Year 2024/25, the largest numbers of complaints, 20,570, concerned crime through the use of Facebook and Facebook Messenger; 5,000 through TikTok; 4,238 through WhatsApp; 2,758 through the messaging app Telegram; 2,049 through Instagram; 1,021 through payment solutions (e-Sewa, Khalti, etc.); and others through the use of Viber, IMO, YouTube, X (Twitter), email, Google, and server hacking.
A large number of victims are children and females, specifically 350 girl children along with 66 male children and 1,423 adult females. In the first quadrimester of 2025/26, a total of 6,000 complaints were lodged in the Cyber Bureau, and 44 of them were serious offences that required justice from the Court, with victims being female in 34 cases, according to the Cyber Bureau. In this context, the United Nations in Nepal marked 16-day activism against gender-based digital violence starting from November 25, calling for actions to ‘END DIGITAL VIOLENCE’.
The government has expressed its commitment to making digital spaces safer for women and girls. Minister for Communication and Information Technology, Jagdish Kharel, underscored the urgency of protecting young people in rapidly expanding digital spaces. “Digital safety is now central to civic participation, access to information and the full exercise of rights in Nepal’s evolving digital landscape,” Minister Kharel reiterated.
Enforcement of cyber law in Nepal
The fundamental legal basis for Cyber law in Nepal is the Electronic Transactions Act (ETA), 2006, which grants legal recognition and validity to electronic records and digital signatures in the same manner as paper-based documents. The comprehensive scope of this Cyber Act covers crucial areas such as data protection, intellectual property rights in the digital space, electronic commerce, online privacy, and various forms of cybercrime.
Cyber offences are addressed not only by the Electronic Transaction Act but also by other laws, including the Muluki Penal Code, 2074, the Copyright Act, 2002, and the Individual Privacy Act, 2018, which contain provisions related to online bullying/trolling and defamation, harassment, abuse, and data misuse.
The legal framework explicitly defines various cyber offences, such as unauthorised access to computer materials, damage to information systems, computer fraud, and the publication of illegal materials, prescribing specific penalties that include fines and imprisonment. The government has established specific bodies to manage and enforce these laws, including the Nepal Police Cyber Bureau (responsible for investigation and prosecution) and the Nepal Telecommunications Authority (NTA), which issues directives for service providers.
Considering the sensitivity and volume of complaints along with the expansion of digital platforms, the Cyber Bureau has established desks in 72 districts to address cyber offences and raise awareness regarding cyber threats. To create a robust legal foundation, Nepal introduced the Cyber Security Byelaw in 2020 in a bid to protect the nation’s ICT infrastructure and telecom systems from cyber threats, build user trust, and ensure service providers implement mandatory security standards.
As technology continues its rapid evolution, Nepal must frame a dynamic and exceptionally robust legal infrastructure, according to Aryal. Most importantly, there is a distinct lack of adequate knowledge regarding cybercrimes among prosecutors and judges within the court system, which leads to ineffective justice. Given this reality, capacity enhancement for judges and prosecutors is a fundamental stepping stone for ensuring victims receive justice.
