Online Scam Losses Surge to RM2.97 Billion in 2025 as Cybercrime Tactics Evolve

The magnitude of financial devastation wrought by online fraud in Malaysia has reached alarming proportions, with losses climbing to RM2.97 billion in 2025 according to figures released by Inspector-General of Police Tan Sri Mohd Khalid Ismail. The increase of RM1.40 billion from the previous year's RM1.57 billion represents a particularly troubling trajectory, signalling that despite heightened public awareness and law enforcement efforts, scammers continue to find new ways to exploit increasingly digitally connected populations across the country.

The volume of incidents has grown at an even faster pace than the financial losses themselves, with 66,204 cases registered in 2025 compared to 35,368 the year before—an 87 per cent jump that underscores the scale of the problem. This discrepancy between case numbers and monetary losses suggests that while fraud is becoming more widespread, perpetrators are simultaneously becoming more sophisticated in extracting larger sums from individual victims. The data reveals a cybercriminal ecosystem that is both expanding in scope and becoming increasingly specialised in targeting high-value victims.

Investment scams have emerged as the most damaging category, responsible for RM1.47 billion of the total losses. These schemes exploit the aspirations of ordinary Malaysians seeking financial security and retirement income, often using fabricated opportunities in cryptocurrency, stock markets, or foreign investment vehicles. The appeal of such schemes lies partly in their apparent legitimacy—perpetrators invest considerable effort into creating professional-looking websites, obtaining legitimate-sounding company registrations, and building trust through social media interactions before orchestrating the theft.

Phoneone-based fraud continues to dominate in terms of sheer incident count, with 28,388 cases reported during 2025. These attacks range from impersonation of government agencies and banking institutions to elaborate social engineering schemes where callers build relationships over weeks before requesting funds. The telephone remains a remarkably effective vector for fraud despite being one of the oldest communication technologies, partly because it creates a sense of immediacy and personal connection that text-based scams struggle to replicate.

Mohd Khalid characterised the situation with particular urgency during his address at the launch of the 'Combat Scam: Two Teams, One Goal' campaign, emphasising that these are not abstract statistics but represent tangible human suffering. Victims face not only immediate financial loss but often the psychological trauma of betrayal and the long-term consequences of depleted savings, damaged credit histories, and disrupted retirement planning. Many affected individuals have reported severe depression and trust issues following victimisation, extending the impact well beyond the initial monetary loss.

The evolution of scamming tactics reflects the broader sophistication of digital technology and communication platforms. Fraud syndicates now employ advanced artificial intelligence and deepfake technology to create convincing impersonations of trusted figures, whether government officials, bank representatives, or investment advisers. They leverage data harvested from previous breaches and public information to personalise their approaches, making victims feel uniquely identified and trustworthy. The intersection of technological capability and organised criminal networks has created an environment where prevention through detection alone is increasingly insufficient.

Recognising these challenges, authorities have begun shifting emphasis toward prevention and public education rather than reactive investigation. Mohd Khalid stressed that continuous strengthening of digital security awareness has become an urgent priority in the face of an adversary that constantly adapts its methodology. This represents an implicit acknowledgment that enforcement alone cannot stem the tide when criminal networks operate across borders and exploit the anonymity afforded by digital infrastructure.

A notable development has been the collaboration between law enforcement and the private financial sector, exemplified by the partnership between the Bukit Aman Commercial Crime Investigation Department and Public Bank Berhad through the PB Scam Rangers Programme. This initiative represents a strategic recognition that banks, as primary conduits for fraudulent transfers and repositories of financial data, have both the capability and incentive to contribute to public protection. The programme focuses on enhancing financial literacy and cybersecurity awareness, building institutional knowledge about emerging threats, and creating community-level resilience against manipulation tactics.

For Malaysian readers and those across Southeast Asia observing similar crime trends, the data carries several implications. First, online fraud is sufficiently prevalent that most individuals will likely encounter scam attempts at some point in their digital lives. Second, the sophistication of modern schemes means that vulnerability is not primarily a function of individual intelligence but rather a consequence of social engineering techniques and technological deception that can fool even cautious people. Third, recovery of stolen funds through law enforcement channels remains exceptionally difficult, particularly when criminals operate from jurisdictions with weak governance or inadequate bilateral cooperation agreements.

The scale of losses also raises questions about broader economic consequences. When nearly RM3 billion annually is diverted to criminal networks rather than productive economic activity, the cumulative effect on domestic consumption, investment, and social stability warrants serious consideration. For businesses operating in Malaysia, the prevalence of fraud creates additional compliance costs and consumer trust issues that ultimately affect competitiveness and growth.

Moving forward, a comprehensive response to online fraud will likely require sustained cooperation across multiple stakeholders—government agencies, financial institutions, technology platforms, civil society organisations, and individual citizens themselves. The 'Combat Scam' campaign represents one component of this multi-layered approach, but its success will ultimately depend on whether public education translates into behavioural change and whether enforcement agencies can develop capacity to investigate and prosecute increasingly transnational criminal networks with adequate speed and effectiveness.