Cover image via Follow us on Instagram, TikTok, and WhatsApp for the latest stories and breaking news.
This Spotlight is sponsored by The Association of Banks in Malaysia (ABM) and The Association of Islamic Banking & Financial Institutions Malaysia AIBIM).
Think you're too smart to get scammed?
That's what many Malaysians believe, until one small click turns into something much bigger than expected.
Today's scams are no longer just suspicious phone calls or obvious fake links. Some of them happen quietly in the background, without you realising anything is wrong.
One example is malware scams, and they often start in the most ordinary way.
According to Siti, it all started with a Harumanis mango promotion that seemed too good to ignore
*All names have been changed to protect anonymity.
While scrolling through social media, she came across a seller promoting Harumanis mangoes at a surprisingly attractive price. Knowing that Harumanis mangoes are highly sought after, she quickly reached out to ask for more details and secure the promo.
The conversation quickly moved to WhatsApp, which made it feel more personal and legitimate. The "seller" then explained that orders and payments were handled through their own app, and sent over a file to download.
It wasn't from her phone's app store. It was an APK file.
At the time, nothing seemed suspicious. The explanation sounded reasonable, everything looked normal, and she went ahead to download and install the app without much thought.
While the mango order didn't go through in the end, Siti left the app on her phone without much thought. But behind the scenes, the app had already installed malware on her phone. As she was installing it, the app requested access to parts of her device. It didn't feel unusual, since many apps ask for permissions, so she just allowed it.
What she didn't realise was that the malware was now quietly running in the background
It began monitoring her activity and capturing sensitive information like keyboard strokes and banking alerts.
Not long after, money started disappearing from her bank account, and by the time she realised something was wrong, the scammers had already used the information collected from her device to access her accounts.
Cases like this are becoming increasingly common, and they tend to follow a similar pattern
There are a few red flags to watch out for:
- Being asked to download an app through an APK file instead of official app stores like Apple App Store or Google Play Store
- Sellers or agents insisting that transactions must be done through their own app
- Apps requesting unusual permissions, like being able to control your screen, perform actions on your behalf, or send and read SMS messages
- Deals or offers that feel unusually urgent or too good to be true
To help Malaysians better understand how scams work today, banks in Malaysia have introduced a new concept under the #JanganKenaScam campaign
With the theme "Percaya Dulu, Menyesal Kemudian" (React First, Regret Later), the campaign flips the usual messaging approach by challenging Malaysians to think about the choices they make online.
The campaign highlights several types of scams affecting Malaysians today, including malware scams, phone scams, phishing, mule accounts, and investment scams. This means that every click, every download, and every decision can either protect you or put you at risk.
If you want to avoid falling into the same trap, these simple steps can help:
STEP 1: Verify before clicking anything and always check links, sellers, and websites carefully
STEP 2: Never download apps from unknown sources and stick to official app stores
STEP 3: Contact your bank immediately if something feels suspicious
STEP 4: If you spot suspicious activity, report it by calling 997 (NSRC) or get the relevant contact details at jangankenascam.com
Fighting scams does not only involve banks or authorities. It also depends on everyday decisions made online.
