Online Fraud Losses Nearly Double in Malaysia: RM2.97 Billion Lost in 2025 Amid Rising Investment and Telecoms Scams

The scale of financial devastation inflicted by online fraud across Malaysia has accelerated sharply over the past three years, with reported losses nearly doubling to RM2.97 billion in 2025 compared to RM1.57 billion just twelve months earlier. These alarming figures, disclosed by the Home Ministry in a parliamentary response, underscore a deepening crisis in cybercrime that shows no signs of abating. The initial five months of 2026 have already registered RM830 million in losses, suggesting the trajectory will remain steep unless enforcement and prevention strategies shift dramatically.

The most insidious threat comes from fraudsters peddling non-existent investment schemes, a category that has consistently dominated the fraud landscape. Investment scams exploded from RM848.62 million in 2024 to RM1.46 billion in 2025, representing a 72 percent increase in a single year. This category accounts for roughly half of all online fraud losses nationally and reflects a sophisticated approach by criminal syndicates who leverage the aspirations of ordinary Malaysians seeking financial returns. The persistence and growth of this modus operandi suggests that victims continue to fall for carefully crafted deception despite widespread public warnings, highlighting the psychological sophistication of modern fraud operations that exploit trust and the human desire for wealth creation.

Telecommunications fraud ranks as the second major threat vector, with losses climbing from RM497.12 million in 2024 to RM802.47 million in 2025—a 61 percent spike. This category encompasses SIM jacking, credential theft targeting mobile banking platforms, and impersonation of telecommunications company representatives to harvest personal and financial information. The rapid escalation of telecoms-based fraud reflects the vulnerability of Malaysia's digital infrastructure and the ease with which criminals can exploit weaknesses in telecommunication providers' security protocols. With most Malaysians dependent on mobile banking and digital payment systems, this vector remains particularly dangerous and difficult to combat without stronger coordination between telecoms operators and financial institutions.

Romantic scams, while recording substantially lower absolute losses at RM47.44 million in 2025, nevertheless represent an emotionally damaging category that deserves continued scrutiny. These schemes prey on vulnerability, loneliness, and the desire for human connection, trapping victims across all demographic groups. The relative stability in romantic scam losses compared to investment and telecoms fraud suggests that awareness campaigns and police warnings may be achieving modest success in this particular area, though complacency would be misplaced given the psychological toll on victims.

Geographically, the menace is concentrated in Malaysia's most economically vibrant regions. Selangor, home to the Klang Valley corridor and the country's densest commercial activity, recorded an alarming jump from RM446.16 million in 2024 to RM986.79 million in 2025—more than doubling losses in a single year. Kuala Lumpur similarly witnessed escalation from RM293.30 million to RM782.86 million over the same period. This concentration reflects both the higher density of affluent potential victims and the likelihood that cybercriminals target these areas preferentially. Beyond the federal territories, economically developed states including Johor, Penang, and Perak have experienced significant year-on-year increases, indicating that online fraud is spreading beyond traditional wealth centres. Even East Malaysia is not immune, with Sabah and Sarawak combined exceeding RM110 million in losses during 2025, suggesting that digital criminality respects no geographical boundaries within the nation.

In response to this escalating threat, the Home Ministry has positioned the National Scam Response Centre (NSRC), established in 2022, as the primary institutional weapon against online fraud. Operating round-the-clock, the NSRC focuses on rapid account freezing and transaction restrictions to halt fraudulent money flows before funds are laundered across borders or dissipated. Since its inception, the centre has sequestered RM32.49 million in suspected fraud proceeds, a substantial sum that represents genuine interdiction of criminal activity. However, the recovery rate of seized funds tells a more nuanced story. Between 2022 and 2025, authorities recovered RM7.3 million from RM25.2 million in seized funds—a 29 percent success rate. This modest recovery percentage reflects the difficulties inherent in tracing funds once they have been transferred through multiple accounts and banking jurisdictions, often involving cryptocurrency conversions that obscure provenance.

The trajectory of recovery performance in 2026 suggests incremental improvement and emerging technical competence at the NSRC. For the January to May period alone, authorities seized RM7.25 million and successfully returned RM3.57 million to victims, representing a 49 percent recovery rate. This near-doubling of the recovery percentage year-on-year indicates that the centre is learning to move faster in the critical early hours after a fraud report, before criminal networks can move money beyond the domestic banking system. The ministry's assertion that improving recovery rates demonstrate increasing institutional effectiveness is partially supported by the data, though absolute recovery volumes remain small relative to overall losses. The fact that nearly half of seized funds are now recoverable suggests that with continued investment in technical expertise and stronger inter-agency coordination, the recovery rate could be pushed higher.

However, the data reveals a fundamental asymmetry that demands urgent strategic reassessment. While losses are accelerating exponentially—roughly doubling annually—recovery operations remain constrained in both speed and scale. The RM830 million in losses recorded in merely five months of 2026 vastly exceeds the total recovery achievements of the past four years combined. This imbalance suggests that Malaysian law enforcement and financial regulators are playing perpetual catch-up, always reacting to fraud after the fact rather than implementing prevention mechanisms at the source. The volume of cases, combined with the technical sophistication required to trace modern cryptocurrency-based transfers, appears to have overwhelmed current institutional capacity.

The concentration of losses among investment and telecommunications fraud categories points to specific vulnerabilities that demand targeted intervention. Investment fraud thrives because legitimate-looking websites and social media presence can be constructed cheaply, and because the promised returns align with Malaysian aspirations during periods of economic uncertainty. Breaking this cycle requires not only public education but also mandatory vetting protocols for financial service advertisements on digital platforms, stronger Know-Your-Customer requirements at financial institutions, and explicit penalties for banks that fail to detect and freeze suspicious incoming transfers. Telecommunications fraud similarly demands that telecoms operators implement mandatory multi-factor authentication for SIM changes and establish rapid response protocols when customers report suspicious account activity.

The regional dimension of this crisis extends beyond Malaysia's borders, as online fraud invariably involves transnational money flows and coordination with criminal networks across Southeast Asia and beyond. Malaysian victims' losses are captured not only by international organised crime groups operating in the region but also by networks based in countries with weaker law enforcement cooperation agreements. Addressing online fraud effectively will require not only domestic institutional strengthening but also deeper integration with law enforcement agencies across ASEAN and beyond, shared intelligence protocols, and mutual legal assistance treaties that facilitate rapid asset recovery across borders.

As Malaysia's digital economy continues to expand and more citizens embrace online banking, investment platforms, and e-commerce, the attack surface for cybercriminals continues to grow. The Home Ministry's institutional responses through the NSRC represent a necessary first step, but the exponential growth in losses indicates that incremental improvements to existing frameworks are insufficient. Strategic prevention through regulatory reform, technology investment, and public education must accompany reactive law enforcement if Malaysia is to reverse the trajectory of online fraud losses that currently show no sign of stabilising.