Tech

Malaysia suffers RM7.5 million losses from business email compromise since 2023 – Kaspersky

Cybersecurity firm highlights Malaysia as third-most targeted country in Southeast Asia for phishing attempts, with over 64,000 cases reported

Updated 1 year ago · Published on 07 Jul 2025 4:02PM

Malaysia suffers RM7.5 million losses from business email compromise since 2023 – Kaspersky
Malaysian companies faced 64,778 phishing attempts during the period, averaging over 5,300 incidents a month in 2024 - July 7, 2025

MALAYSIA has suffered losses exceeding RM7.5 million to business email compromise (BEC) scams between 2023 and the first half of 2025, according to global cybersecurity and digital privacy firm Kaspersky.

In its latest update, Kaspersky also reported that Malaysian companies faced 64,778 phishing attempts during the period, averaging over 5,300 incidents a month in 2024. This places the country third in Southeast Asia for such attacks, behind Thailand (247,560) and Indonesia (85,908).

“While BEC attacks may begin with phishing to compromise email accounts, follow-up tactics often take different forms,” the firm said. “They rely heavily on social engineering to bypass technical defences and exploit human trust.”

Cybercriminals, it added, often conduct detailed research on their targets and craft highly convincing emails. These messages frequently contain no suspicious links or malware, instead masquerading as legitimate instructions from CEOs, vendors or colleagues — making them harder to detect and easier to fall for.

Local media in recent years have reported BEC scams involving significant financial losses, with individual incidents ranging between RM250,000 and RM6.2 million. Victims have spanned sectors such as logistics, manufacturing and home appliance production.

Kaspersky Asia Pacific managing director Adrian Hia said the real danger of BEC scams lies in their simplicity and timing. “All it takes is one well-timed email to exploit someone’s trust, routine or momentary lapse in judgement,” he said.

“Cybersecurity today must go beyond detection. It’s about anticipation — helping businesses identify the unusual in what appears ordinary, and supporting stakeholders in building strong, lasting cyber habits even under pressure,” Hia added.

To protect against BEC fraud, Kaspersky recommends using strong, unique passwords, enabling two-factor authentication, investing in security tools with anti-BEC features, and training staff to recognise social engineering tactics. It also advises companies to limit the public visibility of corporate hierarchies and key personnel relationships, and to verify suspicious emails through alternate communication channels. - July 7, 2025

Spotlight

Malaysia

Johor state election: MACC receives three reports of alleged corruption

Malaysia

Banks need to do more to help counter rising costs of living – Guan Eng

By Ian McIntyre

Business

BNM holds OPR at 2.75 per cent

Malaysia

MACC: No one off limits in probe into US$13 million luxury property deal

Malaysia

Govt rejects claims Jho Low secretly returned to Malaysia for 1MDB asset talks

Malaysia

School stabbing incident: Suspect claimed she was dissatisfied, allegedly bullied

Places

Four premier hotels in Penang to be restored, open doors soon

By Ian McIntyre

Malaysia

Rosmah demands action against Nga over alleged misleading election poster in Johor polls

Malaysia

Malaysia faces RM51.4b 1MDB burden after recovering RM31.3b in funds and assets

You may be interested

Living

Matrix Concepts' home ownership campaign offers over RM30m rewards and prizes

Places

Four premier hotels in Penang to be restored, open doors soon

By Ian McIntyre