From January to March 2025, Kaspersky detected a total of 4,017,161 Internet-borne cyberthreats targeting Malaysian users, as recorded by the Kaspersky Security Network (KSN), averaging more than 44,000 cyberattacks every day. This rising trend coincides with a rise in phishing scams spreading through popular messaging platforms, particularly around the March-April period when the Sumbangan Tunai Rahmah (STR) government financial aid was distributed.
These phishing scams typically begin with a Whatsapp or Telegram message informing recipients that their government financial aid, such as STR, has been credited, urging users to check their payment status via a link. The messages are commonly crafted in Malay and Chinese, often accompanied by fake images that mimic official government portals. Once clicked, these links can steal personal data, compromise the user’s messaging app or even log the user out from the accounts. Cybercriminals deliberately time these attacks to coincide with periods when recipients are actively checking for financial aid updates, increasing the likelihood of users clicking without verifying the source.
The threat has become widespread enough that Deputy Communications Minister Teo Nie Ching issued a public warning via her official Facebook page urging Malaysians not to click on unfamiliar links or engage with unofficial websites, reminding the public that real government websites links always end in “.gov.my”.
“Cybercriminals today exploit trust, urgency, and everyday habits of users. The recent wave of phishing attacks demonstrates how quickly threat actors subtly adapt their tactics to local events and time-sensitive situations. A single tap on a malicious link can be enough to compromise personal data, often without the victim realising it. As cyber risks grow more personal and sophisticated, protection must be just as seamless. Malaysians’ digital life deserves complete protection, not just reactive defence,” Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
Essential Cybersecurity Tips for Malaysians:
- Avoid SMS messages with hyperlinks, personal data requests, or callback numbers: Starting 1 September 2024, the Malaysian Communications and Multimedia Commission (MCMC) has banned these elements in SMS to combat scams. Treat such messages as high-risk and potentially fraudulent.
- Verify links and domains: Always check where a link lead. Legitimate government sites in Malaysia end with “.gov.my”.
- Be cautious with embedded links: Never click on links in messages from unknown vendors or third parties. Instead, visit their official website by typing in the URL.
- Ignore alarming messages: Reputable companies won’t ask for personal info like passwords or banking details via email or messaging apps. If in doubt, delete the message and contact the company directly.
- Secure your apps: Enable two-factor authentication (2FA) on messaging apps like WhatsApp and Telegram to prevent account takeovers.
Install trusted security software – A reliable cyber security solution can help detect and block phishing attempts, malicious links and suspicious activity in real time. Kaspersky Premium includes features such as Identity Protection, Antivirus, Anti Hacking and Existing Threat Removal.
To help Malaysians better protect themselves against evolving cyber threats, Kaspersky is offering up to 17% off on Kaspersky Premium plans this Labour Day season. Every eligible purchase made before 27 May 2025 also comes with a free foodpanda gift. Find out more about this promo here: https://www.kaspersky.my/premium.