Background

Online scams in Malaysia have surged alarmingly in both complexity and frequency, creating serious challenges for individuals, businesses, and regulatory bodies. The financial impact is staggering – between 2021 and April 2024, more than US$708 million (RM3.18 billion) was lost to online scams, affecting over 95,800 victims. According to the State of Scam Report 2024, Malaysians lost an estimated US$12.8 billion (approximately RM53.88 billion) over the past year alone – a shocking figure equivalent to about 3% of the nation’s GDP.

Cybercriminals now leverage personal data obtained from data breaches and employ complex social engineering tactics to craft convincing scams, which further erode public trust in online transactions. Despite various public awareness campaigns, regulatory reforms, and financial security measures, significant gaps remain in enforcement capabilities, cross-border cooperation mechanisms, and digital literacy levels. These gaps leave victims vulnerable.

The impact of these scams in Malaysia extends well beyond immediate financial losse, significantly undermining confidence in digital transactions and threatening the growth of Malaysia’s digital economy. The rise of AI-driven scams, including deepfake videos featuring celebrities and politicians, has made it easier to lure victims into fraudulent investments or phishing traps. Moreover, underreporting remains a critical issue, with one report noting that 70% of victims in Malaysia do not report their cases to authorities.

As part of ongoing research on building resilience against scams and fraud, the Tech for Good Institute, in partnership with the Institute of Strategic and International Studies (ISIS) Malaysia, convened a roundtable discussion with key stakeholders from government agencies, consumer protection organisations, financial institutions, cybersecurity experts, and digital platforms. The discussion focused on the challenges Malaysia faces in combating online scams and explored potential solutions to strengthen resilience within the digital economy.

Participants:

1. Ts. Suraya Hani – Senior Threat Intelligence Architecture and Research, Cybersecurity Malaysia
2. Maryam Halim – Senior Executive, Malaysia Digital Economic Corporation (MDEC)
3. Ellina Roslan – Senior Director, MyDigital
4. Dr. Geshina Ayu – Executive Committee, Malaysia Crime Prevention Foundation
5. Adeline Wok – Senior Associate, Sustainability, CelcomDigi
6. Philip Ling – Head of Sustainability, CelcomDigi
7. Thiloththaman Kasinathan – Senior Manager, Fraud Investigation; Trainer for Cyber Crime & Scam, AEON Bank Malaysia
8. Dr. Gan Chin Lay – Associate Professor, Digital Business Management Programme, Multimedia University
9. Dr. Kuah Yoke Chin – Deputy Dean (Student Development and Industrial Training), Universiti Tunku Abdul Rahman
10. Dr. Sheila Devi Michael – Senior Lecturer, Faculty of Arts and Social Science, Universiti Malaya
11. Farlina Said – Fellow, Cyber and Technology Policy, Institute of Strategic and International Studies (ISIS)
12. Farah Nabilah – Analyst, Cyber and Technology Policy, Institute of Strategic and International Studies (ISIS)

Key Takeaways:

1. The Growing Threat of Online Scams Requires Advanced Countermeasures

Online scams in Malaysia have become increasingly sophisticated, leveraging emerging technologies such as artificial intelligence (AI), deepfakes, and highly personalised social engineering tactics to exploit specific vulnerabilities. The integration of AI and data analytics is central to Malaysia’s response to scams and fraud.

Participants from CyberSecurity Malaysia proposed the use of generative AI tools to scan websites, monitor dark web activity, and analyse transaction patterns to flag potential scams. These tools could alert users to suspicious links exhibiting scam characteristics, block robocalls, and identify spoofed numbers. Stakeholders also recommended AI-driven fraud prevention tools to screen calls and detect scam patterns in real time, particularly valuable in countering scams based on social engineering, such as love scams or so-called “Macau” scams.

However, the adoption of such technologies faces significant barriers, including high implementation costs and legal uncertainties under Malaysia’s Personal Data Protection Act. Proactive scam prevention requires digital tools that complement traditional enforcement efforts. The establishment of the National Scam Response Centre (NSRC), underpinned by digital investigative tools and inter-agency coordination,demonstrates Malaysia’s commitment to a tech-first approach to combatting online fraud. The NSRC, however, needs to operate 24/7, which is a room for improvement identified by stakeholders.

2. Public Awareness and Financial Security Measures Are Critical in Preventing Scams

Education and awareness campaigns are vital in empowering individuals to recognise and avoid scams. Malaysian banks and government agencies have launched a range of public awareness initiatives, including targeted campaigns addressing specific scam types such as tax fraud and investment scams.

As mandated by the Central Bank of Malaysia, commercial banks, such as Public Bank and Hong Leong, have introduced emergency “kill switches” that allow account holders to immediately freeze transactions upon detecting suspicious activity. Malaysian telecommunications providers are also being urged to monitor, block, and report spoofed or suspicious numbers, which often serve as entry points for scams. These efforts are particularly important in preventing cross-border spoofing.

Stakeholders have proposed the development of a collaborative ‘scam heatmap’ to be shared across messaging platforms such as WhatsApp and Telegram, in coordination with Malaysian law enforcement agencies. This initiative aims to identify and flag areas vulnerable to employment scams, monitor emerging scam trends, and establish a real-time watchdog mechanism.

3. Strengthening Law Enforcement Efforts through Regulatory Updates

Malaysia has introduced new regulatory measures such as the Cybersecurity Act 2024, yet law enforcement agencies continue to face significant challenges in effectively investigating and prosecuting cybercriminals. Other regulatory factors also play a role in preventing cyber scams.

When a scam is reported, administrators or enforcement bodies require time to verify that a user account or business is fraudulent. However, by the time an investigation begins, scammers often shut down their operations and move to a different location or platform. In many cases, the same individuals reappear years later under a different company name, making enforcement difficult. This legal loophole enables scammers to change their business identity and resume operations elsewhere.

The ease of company registration and the absence of restrictions on the number of companies a person can register contribute to this issue. This reveals a gap not only in legislation but also in the operations of regulatory bodies overseeing company registration. There is an urgent need to revise Malaysia’s company registration laws in order to disrupt the formation of scam networks.

In addition, Malaysia must update its human trafficking laws to address the growing prevalence of job opportunity scams, which frequently result in human trafficking. As of February 2025, 750 Malaysians involved in fraudulent job syndicates abroad have been successfully rescued and repatriated, highlighting the urgency of legislative reform. Strengthening these laws will offer greater protection to citizens and improve regional cooperation in combatting scam-related trafficking.

4. Malaysia’s ASEAN Chairmanship as an Opportunity to Strengthen Regional Collaboration

Malaysia has been working closely with international partners, including Interpol, to dismantle syndicates involved in human trafficking and scam operations. These partnerships are crucial for tracking digital footprints across jurisdictions, carrying out cross-border raids, and repatriating trafficked individuals.

With Malaysia assuming the ASEAN Chairmanship in 2025, there is a strategic opportunity to lead regional coordination on cybercrime and financial fraud. Building on the ASEAN Cybersecurity Cooperation Strategy 2021–2025, and strengthening its succeeding versions, is essential to align policy frameworks, facilitate intelligence sharing, and support joint enforcement operations. Such regional alignment is particularly important in addressing syndicates that exploit differences in national legal and regulatory systems to avoid detection.

Malaysia is prioritising efforts to dismantle job scam syndicates operating across Southeast Asia, underlining the need for robust legal frameworks, enhanced cross-border cooperation, and the use of technological innovations to counter scams effectively. The government is also committed to developing the third iteration of the ASEAN cybersecurity cooperation strategy, which will provide strategic direction for future regional efforts in cyberspace.

Additionally, Malaysia is set to host the ASEAN Cybercrime Conference in 2025, offering a platform to advance regional dialogue and collective action on these pressing issues. By focusing on these priorities, Malaysia aims to strengthen regional cooperation and implement more effective measures to combat cybercrime and financial fraud.