Online scam losses in Malaysia surge to RM2.97 billion in 2025, driven by investment fraud schemes

Malaysia's battle against online fraud has reached critical juncture, with scam losses nearly doubling to RM2.97 billion in 2025, according to Inspector-General of Police Tan Sri Mohd Khalid Ismail. The startling figure represents an increase of RM1.40 billion compared to RM1.57 billion in 2024, underscoring the rapid deterioration in the nation's cybercrime landscape and the growing sophistication of fraudulent operations targeting Malaysians.

Breaking down the composition of these staggering losses, non-existent investment scams emerged as the predominant threat, accounting for RM1.47 billion or roughly half of all recorded fraud losses. This category encompasses elaborate schemes promising unrealistic returns on cryptocurrency, forex, shares, and other investment vehicles—tactics that consistently exploit victims' aspirations for financial security and wealth accumulation. The prominence of investment fraud reflects a strategic shift by criminal syndicates toward targeting larger sums per victim, as opposed to dispersed schemes affecting numerous individuals in smaller amounts.

The volume of reported cases paints an even more alarming picture of the crisis. Police documented 66,204 online fraud cases throughout 2025, representing an 87 per cent surge from the 35,368 cases recorded in 2024. This explosive growth indicates not merely increasing criminal activity, but also greater awareness among victims and the general public about reporting such incidents to authorities. Nevertheless, many experts contend that reported figures represent only a fraction of actual fraud occurring, as numerous victims remain silent due to shame, confusion about reporting mechanisms, or distrust of law enforcement.

Within the broader fraud ecosystem, phone-based scams continue to represent the most prevalent attack vector. During 2025, authorities recorded 28,388 phone scam cases, making telephonic contact the preferred method through which perpetrators initiate contact with prospective victims. These schemes typically begin with unsolicited calls impersonating bank representatives, tax officials, or investment advisors, establishing false urgency and exploiting victims' instinctive trust in official-sounding callers. The effectiveness of this approach has motivated criminals to refine their tactics, employing caller ID spoofing technology and using victim personal information obtained through previous data breaches to enhance perceived legitimacy.

The Inspector-General emphasised that these statistics transcend mere numerical data, representing thousands of individuals who have experienced devastating financial and psychological consequences. For many victims, these fraudulent transactions have obliterated life savings, derailed retirement plans, and compromised their capacity to meet essential family obligations. The broader societal impact extends beyond individual victims to encompass diminished consumer confidence in digital financial systems and heightened anxiety surrounding online transactions among less technologically fluent demographics.

Criminal syndicates operating across Southeast Asia have capitalised on rapid digitalisation and sophisticated communication platforms to refine their methodologies continuously. By leveraging artificial intelligence for personalised phishing messages, deploying deepfake technology for video authentication, and establishing elaborate front companies with professional websites and social media presence, these organised groups have elevated fraud operations to an industrial scale. The transnational nature of these enterprises complicates enforcement efforts, as perpetrators often operate from jurisdictions beyond Malaysian law enforcement reach, utilising money mules and cryptocurrency exchanges to launder illicit proceeds.

Recognising the scale of the challenge, police leadership has identified prevention, public education, and digital security awareness cultivation as fundamental priorities requiring sustained investment and enhancement. The Inspector-General acknowledged that reactive law enforcement measures alone cannot adequately address an epidemic of this magnitude, necessitating proactive engagement with society at large. This represents a strategic acknowledgment that cybercrime prevention requires comprehensive approaches incorporating victim education, community resilience building, and technological safeguards alongside traditional investigative work.

A significant development in this preventive strategy involves the 'PB Scam Rangers Programme', representing a collaborative initiative between the Commercial Crime Investigation Department at Bukit Aman and Public Bank Berhad. This partnership reflects growing recognition that financial institutions possess substantial capacity to identify emerging fraud patterns, educate customers about risks, and implement technological barriers against fraudulent transactions. The programme aims to enhance public financial literacy while simultaneously strengthening cybersecurity awareness through targeted educational campaigns and community engagement initiatives.

The strategic alliance between law enforcement and banking sector partners addresses a critical realisation that government agencies alone cannot effectively combat fraud operating within private financial systems. Banks process millions of transactions daily and possess sophisticated analytical capabilities enabling detection of suspicious patterns and high-risk activities. By formalising collaboration through structured programmes, authorities can leverage banking sector expertise, reach, and technological infrastructure to amplify prevention messaging and intervention capacity among Malaysian consumers of all demographic backgrounds.

For Malaysian consumers, the escalating fraud crisis carries several practical implications. Digital literacy has transitioned from optional convenience to essential survival skill in contemporary society, requiring individuals to develop heightened scepticism regarding unsolicited financial opportunities and communication from purported authority figures. The prevalence of investment fraud particularly necessitates that Malaysians cultivate understanding of legitimate investment processes, regulatory safeguards, and red flags indicating fraudulent schemes. Financial institutions, meanwhile, must balance customer convenience against security measures, implementing additional verification steps for high-value transactions while maintaining user-friendly systems.

The regional dimension of Malaysia's fraud crisis merits consideration, as criminal networks operating throughout Southeast Asia exploit regulatory fragmentation and varying law enforcement capabilities across national borders. Scammers targeting Malaysian victims frequently operate from neighbouring countries or utilise cross-border money transfer mechanisms to obscure transaction origins. This reality underscores necessity for enhanced international cooperation, information sharing, and coordinated enforcement operations involving police forces, regulatory authorities, and financial intelligence units across the region.

Looking forward, authorities face the formidable challenge of maintaining public confidence in digital financial systems whilst combating increasingly sophisticated fraud operations. The rapid escalation in losses and case volumes suggests that current intervention strategies, whilst necessary, remain insufficient to stem the rising tide of cybercrime. Sustained investment in technological infrastructure enabling real-time fraud detection, enhanced coordination between government and private sector stakeholders, and comprehensive public education campaigns addressing fraud psychology will prove essential to reversing current trends and protecting Malaysians' financial security.