The Ministry of Digital has revealed that phishing remains the most prevalent form of cyber fraud and a major threat to Malaysia’s cybersecurity.
Minister Gobind Singh Deo stated that the CyberSecurity Malaysia (CSM) recorded 3,258 phishing incidents in 2024, representing around 77% of the total 4,219 fraud cases reported that year. Up to July 2025, 2,227 phishing cases were reported, accounting for 66% of the total 3,356 fraud incidents.
“Phishing is a threat that must be contained. To enhance protection against cyber threats, including phishing, the ministry has implemented various strategic initiatives,” he said. These include public education programs on identifying suspicious activity and best cybersecurity practices through CyberSecurity Awareness for Everyone (CyberSAFE).
CSM also operates the Cyber999 Incident Response Centre, which allows the public to report cybersecurity incidents, including phishing attacks, and provides guidance on prompt response measures.
The minister was responding to Senator Norhasmimi Abdul Ghani regarding the government’s strategy to combat the rise of phishing attacks and AI-driven scams impersonating online travel agencies (OTAs) and hotels in the tourism sector.
Gobind added that CSM has developed guidelines and regulations for organizations to address cyber threats, including the Computer Security Guidelines and the “10 Simple Steps to Cybersecurity Awareness.” The ministry is open to collaboration with industries and organizations to share expertise, develop innovative solutions, and strengthen Malaysia’s cybersecurity ecosystem.
“This collaboration also includes specific cybersecurity services, such as audits of organizational security, to assess and enhance security levels via the Information Security Management System (ISO27001) and Security Posture Assessment (SPA),” he said.
Regarding AI-driven scams in the tourism sector, Gobind noted that the ministry has no specific data and has not received reports related to such incidents involving OTAs or hotels.
The government established the National Scam Response Centre (NSRC) in 2022 to combat online fraud and enforce anti-scam laws. NSRC operates as a cross-ministerial hub coordinating rapid responses to online fraud reports through the emergency 997 hotline, including tracking “money trails,” freezing funds to minimize losses, and taking enforcement action against scammers.
