Malaysia’s Scam Losses Hit RM2.7 Billion as Cybercrime Accelerates

Malaysias losses from scam-related activity have reportedly risen to about RM2.7 billion in 2025, marking a 76 per cent increase from a year earlier.

The rise has been most pronounced during festive periods such as Hari Raya, when higher consumer spending and transaction volumes coincide with increased malicious online activity. Cybersecurity threats during these periods are no longer confined to individuals, extending to businesses and critical infrastructure.

Phishing campaigns, fraudulent e-commerce platforms and fake payment links remain the main attack vectors. The growing use of digital payments, including QR-based transfers and services such as e-duit raya, has introduced new vulnerabilities that attackers are exploiting to redirect transactions and harvest sensitive data.

Higher transaction volumes during holiday periods expand the potential attack surface, while reduced staffing or altered operating hours can delay incident response. Together, these factors have made festive seasons a peak period for cybercriminal activity rather than a lull.

Data from the Cyber999 Incident Response Centre shows 2,020 incidents were recorded in the third quarter of 2025, up more than 20 per cent from a year earlier. Phishing and online fraud accounted for about 75 per cent of cases, highlighting the persistence of these methods.

The figures point to a shift in how organisations approach cybersecurity. Periods of heightened digital activity now require continuous monitoring rather than scaled-back operations. Measures such as multi-factor authentication, network oversight and employee awareness programmes are increasingly seen as baseline safeguards.

For consumers, risks are often tied to routine online behaviour. Transactions on unverified websites or through unsolicited links remain common entry points for fraud. Using secure payment methods, such as credit cards with fraud protection, can limit exposure, while avoiding public Wi-Fi for financial transactions remains a standard precaution.

Protecting personal credentials is equally critical. One-time passwords and banking details remain key targets, particularly during periods of increased online activity.

On the corporate side, the threat landscape is evolving alongside advances in technology. Attackers are using automation and artificial intelligence to scale operations, enabling more frequent and targeted campaigns. This is pushing organisations to strengthen their defences.

It was reported that AI-driven security systems are becoming increasingly important, particularly those capable of detecting and responding to threats in real time. As networks grow more complex, companies are also adopting integrated platforms that combine networking and security functions to improve visibility and response times.

A shortage of skilled cybersecurity professionals continues to weigh on response efforts. Research shows 98 per cent of Malaysian organisations have experienced breaches linked to talent gaps, highlighting a structural weakness in maintaining effective defences.

The combination of rising digital adoption, evolving attack methods and workforce constraints is reshaping Malaysias risk profile. While digital services continue to support economic growth, they are also increasing exposure to financial crime.

Without sustained investment in technology and talent, the pace of losses is unlikely to ease.