4 days ago
Cyber fraud cases continue to surge in 2Q
PETALING JAYA: Fraud incidents continue to increase in the second quarter of this year, accounting for 80% of all reported cases to the Malaysia Computer Emergency Response Team (MyCert).
The report by MyCert also found that in 2Q 2025, the most frequently reported incidents were also intrusion and data breach.
With a total of 2,058 incidents reported, fraud accounted for 80% or 1,633 cases, followed by intrusion at 6% and data breach at 5%.
'Looking at the current trends, fraud incidents will most likely continue to grow in Malaysia in 2025.
'Spam incidents have tremendously increased for this quarter, while data breach incidents decreased to almost half compared to 1Q 2025,' said MyCert.
1Q 2025 saw 1,657 total incidents reported to MyCert.
MyCert report said that fraud incidents referred to phishing, impersonation and spoofing, bogus email, fraudulent website, job scam, compromised email and parcel or love scam.
It also revealed that the fraud tactics included impersonating government aid through phishing emails or SMS, offering financial aid but requiring victims to provide personal details or click on malicious links.
Through phone calls, attackers impersonate government agencies such as the police, the Inland Revenue Board, Malaysian Communications and Multimedia Commission (MCMC), banks, companies or even CyberSecurity Malaysia.
The scammers would pressure victims to disclose sensitive information, where common tactics include threats of legal action, account suspension or overdue payments.
Operating under CyberSecurity Malaysia, MyCert serves as a critical resource for addressing computer security incidents, providing guidance on handling intrusions, identity theft and malware, while collaborating with law enforcement, internet service providers and international security initiatives.
Meanwhile, experts are saying that the country's current anti-scam measures, including blocking suspicious numbers, SMS filtering, rapid phishing-site takedowns and bank 'kill switches' have shown significant improvements.
However, Assoc Prof Datuk Dr Husin Jazri of Taylor's University said that as scams evolve, continuous improvement is necessary to stay ahead of these threats.
He highlighted the cross-border syndicate involving scams, which must be thoroughly addressed.
Husin said that such syndicates could potentially be operated overseas, where a group of scammers coordinate themselves operating from multiple countries to trick potential victims.
'Thus, the focus of anti-scam efforts should go beyond Malaysia's border, and coordination with the police and Interpol are critical in this effort to combat borderless threats that are coming in a big way with heavy investments backing them with dark money available in the marketplace,' he said.
Husin also pointed out that the government's plan to introduce the Cybercrime Bill to replace the outdated Cybercrime Act 1997 is long overdue and most welcome.
He added that the new law would help address major gaps and put Malaysia at the same pace with Singapore, the UK and EU countries in this regard.
'Hopefully the new Bill will cover cross-border evidence exchange, Incident Response and Digital Forensics standards as well to enable fast action among law enforcement agencies in Malaysia and overseas,' he added.
Husin also advocated for CyberSecurity Malaysia to be empowered as a technical agency to provide enforcement assistance under the proposed law.
'At this moment, even though Cybersecurity Malaysia has the technical expertise in digital forensics, incident response, it is yet to be provided with a legal mandate to be given a focus area on what they can do best to assist and complete the anti-cyber crimes ecosystem.
'Making it go deeper into digital forensics analysis and play the role of expert witness is helping law enforcement agencies to speed up many technical analysis backlogs,' he added.
Cybersecurity specialist Fong Choong Fook agreed that the proposed law would be able to close current gaps, highlighting that it could mandate rapid cross-agency data sharing between telcos, banks and enforcement for real-time action.
'The proposed law should also empower enforcement agencies to issue immediate blocking orders for malicious domains, accounts or infrastructure without lengthy bureaucratic delay.
'It should also assign clear lead agency responsibility – ideally MCMC for telecom/digital platform issues and police cybercrime units for criminal investigation – so there's no confusion about jurisdiction,' he added.
As precautionary measures among the public, Fong said that people should avoid doing sensitive transactions using public wifi, such as online banking activities, to reduce risks of data or information breach.
He also advised the public to only download mobile applications from the official application store and refrain from clicking on links or messages from unknown sources.
Deputy Dean of Academics and Technology at the Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Dr Shafiza Mohd Shariff, said even a single careless click could lure users into more sophisticated scams, including deepfake video fraud and voice phishing that employ spoofing techniques.
In spoofing-related scams, criminals who obtain a victim's phone number can alter the caller ID to mimic a familiar contact, complete with voice cloning to imitate the real voice, and use it in personal or corporate fraud, she was quoted in a Bernama report.
Therefore, Shafiza advised users to remain vigilant and avoid scanning or clicking on any received links without verification.
'Users can also install phishing detection plugins on browsers and check links at or
'They should also avoid clicking on links from unverified messages or emails, search to verify the legitimacy of messages, check for website security features like the padlock icon and HTTPS, and install antivirus software on mobile devices if possible,' she said.
