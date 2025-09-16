KUALA LUMPUR: Artificial intelligence-generated scams are fast emerging as a significant cybersecurity threat in Malaysia, with financial institutions, government agencies, SMEs and retail sectors among the most exposed, according to cybersecurity firm Fortinet.

Fortinet Malaysia country manager Kevin Wong warned that financial institutions and public sector agencies are prime targets due to their sensitive data, while SMEs face heightened risks as many continue to rely on traditional tools such as antivirus software and manual verification processes.

“SMEs form the backbone of Malaysia’s economy but are disproportionately exposed to AI-driven cyberattacks. Unlike larger enterprises, many of them operate with very lean information technology (IT) teams, sometimes with a single individual managing both IT and cybersecurity.

“This limited capacity makes it difficult to monitor systems continuously, respond quickly to alerts, or keep up with evolving attack methods,“ he told Bernama in an email interview.

He also emphasised that cybercriminals are leveraging AI to localise scams with unprecedented accuracy, using tools such as FraudGPT and ElevenLabs, which enable voice cloning, speech pattern replication, and deepfake generation.

“In Malaysia’s multilingual context, generative AI can mimic Bahasa Malaysia, Mandarin, Tamil, and local dialects, even capturing accents, idioms, and slang.

“This localisation makes scams feel familiar and trustworthy, dramatically increasing success rates,“ he added.

According to Wong, small businesses, including those in retail and consumer sectors, are also increasingly targeted by AI-powered threats, particularly during festive seasons when online spending surges.

“AI tools enable scammers to personalise phishing attempts such as fake delivery notifications, promotions, or donation requests, making them harder to detect,“ he added.

Citing a recent International Data Corporation (IDC) survey, Wong said nearly 50% of organisations in Malaysia reported encountering AI-powered threats in the past year, with a threefold surge experienced by most affected companies.

Looking ahead, Wong said ransomware, supply chain attacks, and zero-day exploits would remain pressing concerns, while hybrid cyber-physical attacks, misinformation campaigns, and deepfake-enabled impersonation are expected to intensify over the next three years.

He noted that misinformation and impersonation are also set to escalate as deepfake technologies become mainstream.

“The ability to create fake identities, automate targeting, and instantly generate convincing voice or video content poses not just a security risk but a serious challenge to public trust and brand reputation.

“We expect the convergence of cyber and physical risks to accelerate – AI will increasingly be used to orchestrate hybrid attacks, where social engineering campaigns translate into physical fraud, extortion, or even infrastructure sabotage,“ Wong said.

Therefore, he stressed that businesses in Malaysia must broaden their focus beyond AI scams to the wider risks that come with rapid digitisation.

“Investments in operational technology, security operations, and cloud protection are still lagging, leaving gaps that sophisticated attackers can exploit,” Wong noted. – Bernama