Phishing calls, often termed ‘vishing’ (voice phishing), are fraudulent phone calls aiming to deceive recipients into disclosing personal or financial information. In Malaysia, these malicious calls are a part of the broader challenge of online scams and phishing attacks, with a particular focus on Internet banking users. The attackers aim to obtain victims’ financial information through these deceptive practices. In 2022, Malaysia experienced a substantial number of cyber threats, including phishing attacks, with 4,741 reported cyber threats and 456 fraud cases recorded as of February 2023.
Recognising phishing calls is crucial to prevent financial loss and protect personal information. These calls may present false scenarios to lure individuals into sharing sensitive information. For instance, callers may pressure individuals to make immediate decisions, request personal data, falsely claim the recipient has been specially selected for an offer, or assert a problem with the recipient’s computer that requires remote access to fix. If unsuspecting individuals fall for these tactics, they may suffer financial loss or identity theft. Phishing calls, alongside other scam calls, can have devastating economic and emotional impacts, particularly for older individuals or those on fixed incomes. Therefore, awareness and vigilance are crucial in identifying and responding to deceptive calls, such as by hanging up immediately or avoiding sharing personal or financial information.
Legislation and Regulation
Personal Data Protection Act (PDPA)
The Personal Data Protection Act (PDPA) in Malaysia is a legislative framework that governs the processing of personal data in commercial transactions. It’s a crucial line of defense against phishing as it mandates the protection of personal data, thereby making phishing a punishable offense.
Malaysian Communications and Multimedia Commission (MCMC)
The Malaysian Communications and Multimedia Commission (MCMC) is a regulatory authority that oversees the communications and multimedia industry in Malaysia. Its role is pivotal in monitoring and regulating telecommunication services to prevent and address phishing calls.
Anti-Phishing Laws in Malaysia criminalize phishing activities, thereby providing a legal basis for prosecuting individuals involved in phishing calls.
Regulatory Compliance refers to how well companies adhere to laws and regulations governing telecommunication services, which in turn affects the prevalence of phishing calls.
Enforcement Agencies investigate and prosecute phishing call culprits, thus contributing to the mitigation of phishing activities.
Caller ID Spoofing Detection
Caller ID Spoofing Detection technology helps in identifying manipulated caller IDs often used in phishing calls to impersonate legitimate entities.
Anti-Phishing Software detects and prevents phishing attempts, providing an essential technological barrier against phishing calls.
Secure Telephone Identity Revisited (STIR)
STIR is a protocol designed to ensure the security of caller identities, thus preventing caller ID spoofing, a common tactic used in phishing calls.
Signature-based Detection is a technique used to identify known phishing threats based on predefined patterns or signatures.
Anomaly-based Detection identifies phishing activities by detecting unusual or suspicious patterns in data or network behavior.
Public Awareness and Education
Awareness Campaigns educate the public about the dangers of phishing calls and how to avoid falling victim to these scams.
Phishing Call Reporting Platforms
These platforms allow individuals to report phishing calls, which in turn aids in identifying and tracking phishing activities.
Educational Workshops provide hands-on training and information to individuals on how to recognize and respond to phishing calls.
Online Safety Guidelines
Online Safety Guidelines offer practical advice on how to stay safe from phishing calls and other online threats.
Public Service Announcements
Public Service Announcements disseminate crucial information regarding phishing calls and the steps one can take to avoid them.
Vishing (Voice Phishing)
Vishing, or voice phishing, is a technique where scammers use phone calls to impersonate legitimate organizations and obtain sensitive information.
Impersonation in phishing calls involves scammers pretending to be someone they’re not to gain trust and retrieve personal information.
Pretexting is a phishing technique where scammers fabricate a scenario to obtain personal information from individuals.
Social engineering in phishing exploits human psychology to deceive individuals into divulging sensitive information.
Elicitation is a subtle technique used in phishing to gather information through conversation without the individual realizing they are being scammed.
Impact of Phishing Calls
Financial losses from phishing calls can be substantial, affecting individuals and businesses. Phishing calls often lead to significant financial losses for individuals and businesses. The scammers trick individuals into giving sensitive financial information, which is then exploited for unauthorised transactions or sold on the dark web.
Identity theft is a consequence of phishing calls, where personal information obtained is used for fraudulent activities. Once scammers get personal information, they can impersonate the victim, commit fraud, apply for credit, or conduct illicit activities under the victim’s name. The impact of identity theft are long-lasting and can severely tarnish a victim’s credit and personal reputation.
Case statistics shed light on the extent and impact of phishing calls within Malaysia.
Between 2020 and 2022, Malaysia saw a 100% increase in fraud-related complaints, rising from 548 complaints in 2020 to 1,124 in 2022. In 2022, nearly 60% of complaints were related to fraud and the year 2022 witnessed many email phishing attacks, with Kaspersky’s Anti-Phishing System blocking over 8 million such attacks in Malaysia. By February 2023, Malaysia recorded 456 fraud cases, reflecting a continued trend of cyber threats.
Financially, phishing calls and other online scams led to significant losses, with one report indicating a loss of RM27 million due to scams.
Depending on factors like digital literacy, awareness, and access to protective measures, various demographic groups may have different levels of vulnerability to phishing scams. Therefore, understanding Victim Demographics helps in tailoring preventive measures and awareness campaigns.
Reporting rates reflect the frequency at which phishing calls are reported, an essential metric for evaluating the extent of the issue and the effectiveness of current mitigation strategies.
Reporting rates can indicate public awareness and the effectiveness of reporting mechanisms in place. The significant number of reported fraud cases and phishing attacks over the years hints at a level of engagement by the public and organisations in reporting such incidents.
This data reveals a significant challenge posed by phishing calls and other related cyber threats in Malaysia. The substantial increase in reported fraud cases and the financial losses incurred underscore the importance of continued efforts in public education, regulatory measures, and technological advancements to curb this menace.
With legislative, technological, educational, and enforcement measures, Malaysia can fight against phishing calls. However, the evolving nature of phishing techniques necessitates continually adapting these measures to safeguard individual’s personal information and financial assets.
Phishing calls are one of the telemarketing frauds. It is not a standalone issue but a broader cybersecurity challenge. The battle against it needs the cooperation of legislative bodies, technological innovators, the public, and enforcement agencies. We can create a safer telecommunication landscape in Malaysia by fostering a collaborative environment and staying ahead in technical and educational frontiers.