Phishing scams in Malaysia: What to know and how to stay protected

We use the Internet for just about everything — work, shopping, and staying connected. However, all that convenience comes with risk. Phishing, one of the most common online scams, tricks people into giving away sensitive details. The good news? Once you know how it works, you’ll be much better protected.

What is phishing?

Phishing is a cybercrime where scammers pose as trusted organisations or individuals to steal personal details like passwords, credit card numbers, or banking info. These scams usually appear as fake emails, texts, or websites that look convincing — all with one goal: to trick you into clicking a malicious link or giving away sensitive information.

Think of it as a bait-and-hook: the bait is the fake message, and the hook is the malicious site or request. Once you “bite,” your data may be compromised.

Common types of phishing scams

Phishing can take many forms, often disguised as everyday communication. Here are some common tactics used by scammers:

Email phishing: Scammers send emails that look like they’re from banks or service providers, warning of suspicious activity and urging you to “verify” your details. These emails often use urgent language to pressure quick action.
Example: “Your bank account has been restricted. Click here to update your information.”

SMS phishing (Smishing): Short text messages claiming you’ve won a prize or that a delivery has failed are common. These messages usually contain shortened URLs that lead to fake sites or install spyware.
Example: “Your package could not be delivered. Please click this link to reschedule.”

Phone call phishing (Vishing): Fraudsters impersonate banks, tax authorities, or even the police. They often scare victims by saying their identity is linked to crime and pressure them into handing over details.
Example: “Your IC is involved in money laundering. We need your banking details to investigate.”

Fake social media accounts: Scammers create profiles that mimic brands or influencers to promote giveaways, fake job offers, or loans. These schemes often request personal information or small “processing fees”.
Example: “Congratulations! You’ve won RM3,000. Just send us your IC and bank details to claim.”

Clone websites: These are lookalike sites of banks, telcos, or shopping portals with minor URL differences. When you log in, your credentials are harvested.
Example: Real site: www.celcomdigi.com. Fake site: www.celcomd1g1.com.

Psst… did you know? One famous phishing scam tactic in Malaysia involved fake listings for second-hand goods. Victims thought they were selling an item, but scammers tricked them into “refunding” non-existent payments. Here’s Maybank’s story on how it works.

‍

How to protect yourself against phishing scams

Phishing scams may look convincing, but a few smart habits can help you stay protected:

• Pause before clicking – If a message feels rushed (“Your account will be blocked in 24 hours”), stop and think. Scammers use pressure tactics to bypass your judgement.
• Double-check links and URLs – Hover over links before clicking, especially in emails. When in doubt, type the website address directly into your browser.
• Never share sensitive details – Legitimate organisations will never ask for your password, PIN, or banking information via SMS, email, or over the phone. Treat any such request as suspicious.
• Look for subtle errors – Phishing messages often contain awkward phrasing, poor grammar, or unusual formatting that official communications wouldn’t have.
• Strengthen your accounts – Use strong, unique passwords across accounts. Better yet, enable two-factor authentication (2FA) so even if your password is stolen, scammers can’t access your account easily.
• Keep software up to date – Regular updates to your phone, apps, and antivirus software patch known vulnerabilities that scammers exploit.
• Verify unexpected communications – Got a strange email or SMS from your bank or telco? Don’t reply directly. Instead, call their official hotline or check their official app.
• Know what to do if targeted – If you think you’ve clicked a malicious link or shared details, change your passwords immediately, enable 2FA, and report the incident to the respective authority to prevent further damage.

For more tips on staying safe online, visit CelcomDigi's S.A.F.E. Internet page.

Exclusively from CelcomDigi: Strengthen your online protection with WebSHIELD from just RM1/month!

Good habits are your first line of defence against phishing. However, even the most vigilant person can slip up — and scammers are constantly evolving their tactics. That’s why having a smart safety net matters.

WebSHIELD by CelcomDigi works quietly in the background to keep you protected every time you go online:

• Phishing protection: Blocks fraudulent sites before you can enter your details. ‍
• Malware and ransomware site blocking: Prevents access to sites carrying harmful software. ‍
• Intelligent threat defence: Powered by Cisco threat intelligence for real-time, proactive protection.

What makes WebSHIELD different is its simplicity. There’s nothing to install, no complicated setup, and no impact on your browsing experience. Just subscribe through the Celcom Life or MyDigi app, and protection activates instantly.

For only RM3/month, WebSHIELD gives you peace of mind that your browsing is safer. And if you subscribe before 20 November 2025, you’ll enjoy a special promo price of just RM1/month.

Phishing scams are on the rise, but a little awareness can go a long way in keeping you safe. By recognising warning signs, practising safe online habits, and using trusted solutions like WebSHIELD, you can enjoy a safer digital experience.