Cybersecurity
Cyber Fraud, Scams & Phishing: Malaysia’s Response and the Legal Framework
In today’s digital age, convenience comes with growing risks, particularly cyber fraud, scams, and phishing. These threats are no longer rare or isolated but are now common, sophisticated, and target individuals across all age groups. In Malaysia, such cybercrimes are escalating, making legal and institutional responses critical.
Understanding the Threats
Cyber fraud involves deceitful acts conducted online, often for financial gain. Phishing scams manipulate victims into revealing sensitive data like passwords and banking details through fake websites or emails. Common tactics include spoofing legitimate accounts, such as fraudulent WhatsApp messages or fake social media pages like the Midvalley Shopping Mall scam.
Contrary to popular belief, millennials and Gen Z, despite their digital proficiency, are particularly vulnerable. Studies show that although Gen Z spends more time online, they have less awareness about cybersecurity.
Legal Framework in Malaysia
Malaysia has enacted several laws to address cybercrime. The Computer Crimes Act 1997 criminalizes unauthorized access and data breaches, while the Communications and Multimedia Act 1998 penalizes the transmission of false or offensive content online. Complementary laws such as the Digital Signature Act 1997, Electronic Commerce Act 2006, and Personal Data Protection Act 2010 further safeguard digital transactions and privacy.
Governmental Response: NSRC and NACSA
Recognizing the urgent need for coordinated action, Malaysia launched the National Scam Response Centre (NSRC). Operating in collaboration with the National Anti-Financial Crime Centre (NFCC), the Royal Malaysia Police, Bank Negara Malaysia, and telecommunications providers, the NSRC aims to swiftly act on fraud reports, trace stolen funds, and pursue legal action against perpetrators. Victims can report incidents via the emergency hotline 997 or contact their banks directly.
Additionally, the National Cyber Security Agency (NACSA), under the National Security Council, leads the country’s cybersecurity strategy. It has also spearheaded the drafting of the Cyber Security Act 2024, which came into force on 26 August 2024. This landmark legislation strengthens Malaysia’s national resilience against cyberattacks by establishing a comprehensive legal and regulatory framework for cybersecurity governance, particularly in relation to Critical National Information Infrastructure (CNII) sectors.
The Act introduces several key measures:
• Mandatory risk assessments and incident reporting for entities designated as Operators of Essential Services (OES).
• Licensing requirements for cybersecurity service providers, ensuring only qualified professionals manage sensitive national digital infrastructure.
• Criminal offences and penalties for non-compliance, cyber threats, and failure to report significant cyber incidents.
• Power of the Chief Executive of NACSA to issue binding directives and oversee compliance in real time.
• Audit and investigation powers to ensure the security, integrity, and continuity of essential digital systems.
By codifying national cybersecurity standards and responsibilities, the Act marks a critical step toward a coordinated, whole-of-nation approach to cyber risk mitigation. It also aligns Malaysia more closely with global best practices and regulatory developments in cybersecurity.
What Can You Do If You’re a Victim?
Immediate action is crucial. Victims should:
1. Contact their bank or the NSRC (997) immediately.
2. File a police report with full details of the incident.
3. Continue to monitor accounts and digital activity for suspicious behavior.
Even if the fraud occurred more than 24 hours ago, reporting to the bank and authorities remains essential for possible recovery and enforcement.
Conclusion
Cyber fraud is a growing menace, but with public awareness, strong legal frameworks, and coordinated national efforts, Malaysia is taking steps in the right direction. As individuals, cultivating cybersecurity awareness, being cautious of suspicious messages, verifying links before clicking, and safeguarding personal data can go a long way in staying safe online.
If you have any questions or require any additional information, please contact our lawyer that you usually deal with.