PETALING JAYA: Scammers aren’t casting wide nets – they are zeroing in.
Individuals with substantial savings are often in the crosshairs, as scammers increasingly “weed out” potential victims through careful profiling rather than random selection.
IT professional in the cybersecurity field, Tun Kamalul Zaman, said scammers typically conduct background research and build a profile of their target before executing a ruse.
He added that there are many scams existing today but the most common ones that involve millions of ringgit in losses are investment scams, phishing scams and data breaches.
“They always study their targets first. They do what we call their own research. These type of scammers don’t just go for anybody.
“They are very selective on who they want to prey on,” Tun Kamalul told theSun.
He said apart from business owners, scammers would also target pensioners and women.
“They will run background checks to find out how much their victims have in their savings and EPF (Employees Provident Fund) accounts.
He said scammers typically begin by buying leaked personal data, with the victims’ phone numbers ending up in the hands of syndicates.
“So when people claim scammers randomly pick victims – I’d disagree. In fact, they don’t,” said Tun Kamalul, adding that data breaches often trace back to telecommunication companies.
“These phone numbers usually come attached with names and identification card numbers. From there, scammers can cross reference with other databases for other details such as vehicle registration numbers and home addresses.
“They can estimate a person’s worth based on the car they drive and where they live.”
Tun Kamalul urged scam victims to contact police immediately, stressing that swift action can reduce losses.
Meanwhile, Universiti Malaya Computer Science and Technology Department professor Dr Nor Badrul Anuar Juma’at raised the alarm over a worrying rise in cyberstalking through fake utility apps such as flashlight or QR code scanner apps.
“These apps often abuse permissions to harvest contacts, keystrokes or media files,” he said in an email to theSun.
“Some are distributed via sideloaded APKs on WhatsApp or third-party sites, bypassing Google Play’s security.”
He also cited malware hidden in customised Android ROMs, targeting niche communities.
Despite Malaysia’s growing pool of cybersecurity professionals, including those in CyberSecurity Malaysia, Malaysian Communications and Multimedia Commission and local universities, Nor Badrul said challenges remain in tracking cyberstalking cases.
“Real-time threat intelligence sharing, the legal admissibility of digital evidence and resource limitations in enforcement are still major hurdles.
“Stalkerware often uses encryption and remote command-and-control servers hosted abroad, making attribution nearly impossible without international cooperation.”
He called for clearer legal definitions and regulations around digital stalking and spyware, alongside stronger public education efforts.
“Cybersecurity is still widely seen as a technical issue rather than a personal responsibility.”
While efforts by CyberSecurity Malaysia and NGOs have helped, he said more targeted campaigns are needed, particularly for women, teenagers and vulnerable groups.
Universiti Malaya runs its own public awareness initiative at https://cybersafe.um.edu.my,
he added.
