Wednesday, 30 July 2025

RM7.5 million lost to scams since 2023

Facebook
X
WhatsApp
Telegram
Email
Photo for illustration purposes only.

LET’S READ SUARA SARAWAK/ NEW SARAWAK TRIBUNE E-PAPER FOR FREE AS ​​EARLY AS 2 AM EVERY DAY. CLICK LINK

KUALA LUMPUR: Malaysia recorded over RM7.5 million in losses due to business email compromise (BEC) scams between 2023 and the first half of 2025, according to Kaspersky.

In a statement, the global cybersecurity and digital privacy company reported that Malaysia also recorded 64,778 phishing attempts targeting local companies, averaging more than 5,300 incidents per month in 2024 – the third-highest in Southeast Asia, behind Thailand (247,560) and Indonesia (85,908).

“While BEC attacks may start with phishing to compromise an email account, the follow-up attack takes a different form — it relies heavily on social engineering to bypass technical defences and exploit human trust.

“Cyber criminals often study their targets in advance, craft convincing emails that prompt recipients to transfer funds, send sensitive data or buy gift cards that contain no suspicious links or malware, making them easier to mistake as legitimate instructions from a chief executive officer, vendor or colleague,” it said.

Kaspersky also noted that local headlines in recent years have highlighted reported BEC cases that have proven financially devastating, with losses per incident ranging from RM250,000 to RM6.2 million, affecting victims from various sectors, including logistics, manufacturing, and kitchenware.

Its managing director for Asia Pacific, Adrian Hia, said the real danger of BEC scams lies in their simplicity – just well-timed emails designed to exploit trust, routine and a moment of human error.

“Cybersecurity today must go beyond detection; it is about anticipation, helping businesses to spot the unusual in what seems normal and helping their stakeholders build cybersecurity habits that hold up under pressure,” he said.

To avoid falling victim to BEC scams, Kaspersky advised using strong, unique passwords, enabling two-factor authentication, investing in security tools with anti-BEC features, training staff to spot social engineering, limiting the public exposure of company hierarchies and key staff contacts, and always verifying suspicious emails through a separate communication channel. – BERNAMA

Related News

Most Viewed Last 2 Days