Malaysia scam losses rise to RM2.7 billion in 2025, spike during festive seasons

KUALA LUMPUR - Malaysia’s scam-related losses reached approximately RM2.7 billion in 2025, representing a 76 per cent increase from 2024, with a noticeable spike during festive seasons such as Hari Raya, according to cybersecurity firm Fortinet Malaysia.

Its country manager, Kevin Wong, said phishing campaigns, fake e-commerce platforms and fraudulent payment links largely drive these incidents.

He said that with the growing adoption of digital payments, including e-duit raya, attackers are also exploiting QR codes and payment channels to redirect transactions.

"Festive periods are not just high-risk for consumers; they also expand the threat landscape for businesses and critical infrastructure.

"Higher transaction volumes and increased digital activity create a larger attack surface. At the same time, reduced staffing or operational shifts during holiday periods can slow response times, making organisations more vulnerable," Wong told Bernama.

He highlighted that the Cyber999 Incident Response Centre recorded 2,020 incidents in the third quarter of 2025, a more than 20 per cent year-on-year increase, with phishing and online fraud accounting for approximately 75 per cent of cases.

Wong said the situation highlights an important reality: festive periods should not be treated as downtime for cybersecurity.

Therefore, continuous monitoring, employee awareness, and strong identity controls, such as multi-factor authentication, are vital to maintaining resilience.

"Consumers should only shop on verified websites with secure connections (HTTPS), they should avoid clicking on links from unsolicited messages or deals that seem too good to be true, and use secure payment methods, such as credit cards with fraud protection.

"They should also enable multi-factor authentication and never share one-time passwords (OTP) or banking credentials and avoid public Wi-Fi for financial transactions," he said.

Wong emphasised that organisations must adopt artificial intelligence (AI)-driven security capabilities that can detect and respond to threats at machine speed, as attackers scale their operations using automation and AI.

He also said that, as security architectures grow more complex, a unified platform approach that converges networking and security enables better visibility, faster response, and reduced complexity across hybrid environments.

"Addressing the cybersecurity skills gap remains critical, where Fortinet’s research shows that 98 per cent of Malaysian organisations have experienced breaches linked to talent shortages, underscoring the need for continuous training, certification, and workforce development," said Wong. - BERNAMA