Online scams are various fraud methods that are facilitated by cybercriminals on the Internet. Frauds can happen in many ways using phone chat applications, fake websites, fake online shopping apps and many more.

On 14th March 2022, it was reported that Malaysians lost more than RM1.6 billion due to online scams between 2019 to 2021.

Based on the record between 2019 and 2021, a total of 51,631 cases were reported, a total of 18,857 cases of online purchase scams followed by 15,546 cases of non-exist loan scams.

Fraud Response Center

In 2021, the Royal Malaysian Police (PDRM) set up a one-stop section under the Commercial Crimes Investigation Department (CCID) called the CCID Fraud Response Center, where members of the public can call directly to get information and authenticate calls for suspicious transactions.

PDRM is currently undertaking a variety of efforts to combat fraudulent organizations, including strengthening law enforcement, operations, and prosecution of those involved. In addition, police are currently reviewing existing laws such as the Consumer Protection Act 2007 to make sure they are relevant to today’s problems and can tackle all types of crimes. 

On the other hand, the public can use the CCID website and app to check if a bank account or phone number has been flagged as fraudulent through the Android operating system.

Types of Online Scams

Many Malaysians are now more cautious than ever when it comes to online transactions.
There are many types of online scams, but some of the most common ones include:

  1. Phone chat application scam
  2. Fake websites scam
  3. Online shopping scam
  4. Investment scam
  5. Non-existent loan offers scam

How do these scams work?

1) Phone chat application scam

Scammers use the phone chat application to impersonate other people’s identities to defraud people. They do this by spoofing the called ID to make it like the call coming from a legitimate source.

2) Fake website scam

Websites that are designed to look like legitimate websites are called fake websites.
These scammers used look-alike websites to trick people into sending them money or personal information such as your bank details and your credit card information.

3) Online shopping scam

All it takes is just one click to legitimate-looking links to download a shopping application that infects your machine.

The most common type is fake offers for a free trial product, promotions of fraudulent product offer that use a link to a landing page that asks for credit card information.

4) Investment scam

An investment scam usually comes with some sort of guarantee. The scheme will take advantage of greedy, innocent people by fooling them into joining as investors and ultimately stealing their money. The people running this scheme promise a high rate of return with little risk.

5) Non-existence loan offers scam

Many people have fallen victim to this scam, thinking they were applying for a legitimate loan. Instead, the scammers use the online application process to collect as much personal information as possible, and once the victim is far enough in the application process to be suspicious, the scammer simply doesn’t show up again. When the victim tries to go online to check the status of their loan offer, they find that their account has been closed or that the company does not even exist.

If you’re a target, how to handle it?

These scams can be very convincing, but there are some things you can look out for to help you spot them. If someone you do not know offers you a large sum of money for no apparent reason, that is a red flag. And if you’re ever asked to make a payment by wire transfer, that is another warning sign.

If you think you might have been targeted by a scammer, the best thing to do is to report it to the authorities immediately. By doing so, you can help stop these criminals from conning other people out of their hard-earned cash.

Our advice

Humans are the weakest link in cybersecurity. Therefore, we encourage companies to conduct Social Engineering Testing for their employees to increase their awareness of cybersecurity. 

A trained employee would be able to recognize and prevent cyber-attacks.

Condition Zebra is a CREST certified and ISO 27001:2013 company that offers Professional Cybersecurity Solutions and Cybersecurity Training for Financial Services (Banks & Insurance), Government Ministries & Agencies, Government-linked companies (GLC) and SMEs in various other industries such as IT, Hospital & Healthcare, Construction, FMCG, Real Estate, Retail, Education Management, Accounting, Computer Software, Higher Education, Automotive, Transportation, Manufacturing and others.

Please reach out to us to protect and secure your company’s IT Infrastructures such as networks, servers, web  & mobile apps, Internet (WiFi) and others.

Learn about our online distance training:

Network Penetration Testing is suitable for participants that have prior experience in setting up, managing or securing an organization network.

Web Penetration Testing is suitable for participants that have basic programming language and prior experience in managing, developing or testing web applications.


  1. Lowyat: Malaysian Online Scam Loss

Share this: