Online Fraud Losses Nearly Double to RM2.97 Billion in 2025, Home Ministry Warns

The scale of online fraud in Malaysia has reached alarming proportions, with the Home Ministry revealing that losses from cybercriminal activities have nearly doubled in just one year. The figure climbed from RM1.57 billion in 2024 to RM2.97 billion in 2025, representing an 89 per cent increase that underscores the accelerating threat posed by digital scams across the nation. For the first five months of 2026 alone, the ministry has already recorded RM830 million in losses, suggesting the troubling trajectory shows no sign of abating as the year progresses.

The composition of these losses reveals a clear pattern in how cybercriminals are targeting Malaysians. Non-existent investment schemes have consistently proven the most lucrative fraud category for perpetrators, with victims losing RM848.62 million in 2024, surging to RM1.46 billion in 2025. By May 2026, this category had already claimed RM361.63 million from unsuspecting victims. These schemes typically exploit investment aspirations and financial anxieties, offering promises of unrealistic returns on virtual assets, cryptocurrency, forex trading platforms, or stock market opportunities that exist only in sophisticated digital facades.

Telecommunications fraud emerged as the second-most damaging crime vector, though the scale of losses remains substantially lower than investment scams. Telecommunications-related crimes, which typically involve SIM-swapping, phishing for banking credentials, or impersonation of financial institutions via phone and digital channels, accounted for RM497.12 million in losses during 2024. This figure escalated to RM802.47 million in 2025, and had reached RM235.63 million by May 2026. The growth trajectory in this category suggests criminals are refining their social engineering techniques and exploiting the trust people place in communication channels.

Romance scams, while generating substantially lower losses compared to investment and telecommunications fraud, remain a persistent social engineering threat. Victims lost RM45.87 million to romance schemes in 2024, increasing marginally to RM47.44 million in 2025, with RM17.76 million recorded for the first five months of 2026. These emotionally-driven frauds often evolve into requests for financial assistance, investment participation, or money transfer schemes once a fabricated romantic relationship has been established online. The relative stability in these figures suggests both awareness campaigns and the inherent difficulty in scaling romance fraud may be keeping growth in check.

Geographically, the urban and economically developed regions of Malaysia bear the heaviest burden of online fraud losses, reflecting both population density and digital connectivity levels. Selangor has emerged as the epicentre of scam losses, with figures escalating from RM446.16 million in 2024 to RM986.79 million in 2025, more than doubling in a single year. Kuala Lumpur, the nation's capital and financial hub, recorded RM293.30 million in losses during 2024, climbing to RM782.86 million in 2025. This concentration in Malaysia's most economically active region suggests that scammers deliberately target areas with higher income levels and greater digital engagement.

Beyond the Klang Valley, other economic centres have demonstrated similarly troubling trends. Johor, Penang, and Perak all reported significant year-on-year increases in online fraud losses between 2024 and 2025, indicating that scam networks are expanding their geographic reach across the peninsula. East Malaysia, typically considered less vulnerable due to lower digital penetration in some areas, has not remained immune. Both Sabah and Sarawak recorded losses exceeding RM110 million in 2025, a substantial escalation that suggests criminal networks are increasingly targeting these markets as awareness and detection capabilities improve in more established financial hubs.

The government's response has centred on strengthening institutional capacity through the National Scam Response Centre, established in 2022 to coordinate rapid interventions in fraud cases. Operating around the clock, the NSRC focuses on swift action including the freezing of suspect bank accounts and imposing transaction restrictions to prevent funds from flowing further into criminal networks. Since its inception, the centre has successfully seized RM32.49 million in victim funds and returned RM10.9 million to affected parties. These figures, while representing a meaningful recovery effort, represent only a fraction of annual losses, highlighting the scale of the challenge.

The effectiveness of the NSRC appears to be improving gradually, as evidenced by evolving recovery rates. Between 2022 and 2025, authorities seized RM25.2 million, recovering and returning RM7.3 million or 29 per cent to victims. However, data from January through May 2026 shows a marked improvement, with RM7.25 million seized and RM3.57 million, representing 49 per cent, successfully restored to victims. This near-doubling of recovery efficiency within a recent timeframe suggests that procedural refinements and potentially increased inter-agency coordination are yielding tangible results in asset tracing and victim compensation.

The acceleration in both fraud losses and recovery rates raises important questions about prevention infrastructure. While freezing accounts and returning recovered funds represent critical damage mitigation, the underlying prevention framework appears insufficient to stem the initial flow of victim money into scam networks. Malaysian authorities must address not only the technical sophistication of fraud schemes but also the psychological vulnerabilities that make citizens susceptible to elaborate deception. The disproportionate losses from investment fraud suggest that many Malaysians remain inadequately informed about legitimate investment risk profiles and red flags indicating fraudulent schemes.

For Malaysian financial institutions and telecommunications companies, the data presents both an operational and reputational imperative. Banks must strengthen their real-time fraud detection systems and improve customer authentication protocols to prevent unauthorized account access, while telcos must enhance SIM security and implement stronger verification procedures before account transfers. The scale of losses in telecommunications fraud points to potential vulnerabilities in how these critical infrastructure providers authenticate customer identity and authorize sensitive account modifications.

The implications for ordinary Malaysians are profound. The near-doubling of losses year-on-year suggests that scammers are successfully adapting to existing countermeasures, refining their targeting techniques, and possibly expanding their operational capacity. The geographic spread across all Malaysian states indicates no demographic or location-based immunity. Individuals must recognize that sophisticated investment offers arriving via social media, messaging applications, or financial websites warrant extreme scepticism, particularly those promising returns substantially above market averages or requiring cryptocurrency payments.

Looking forward, the Home Ministry's commitment to enhancing NSRC effectiveness must be matched by broader public education initiatives and private sector collaboration. Consumer protection frameworks may require strengthening to impose liability on financial institutions and communications providers for fraud that exploits gaps in their security architecture. Additionally, cross-border law enforcement cooperation remains essential, as evidence suggests many scam operations are coordinated internationally with infrastructure spanning multiple jurisdictions. The doubling of losses within a single year demands an equally aggressive escalation in detection, prevention, and prosecution capabilities across all relevant agencies.