KUALA LUMPUR, April 15 — When a caller claims to be from Lembaga Hasil Dalam Negeri Malaysia (LHDN), the message is rarely ignored.
It often appears to be a routine spot check — a flagged tax record, an unpaid amount or a possible investigation — followed by instructions to transfer funds, verify details or click a link, leaving little time to question the request.
By the time doubt sets in, the damage is often irreversible.
Authorities have repeatedly warned that such messages are fraudulent, yet scams persist.
The reason lies in a deeper shift: what were once isolated attempts at deception have evolved into coordinated systems designed to feel real and immediate.
Transition into systems
Online scams have transformed from individual acts into structured operations.
Earlier schemes relied on impersonation and fear, with callers posing as police officers, bank staff or court officials while warning victims of investigations and pressing them to act quickly.
The formula was simple and effective: authority combined with urgency.
As enforcement improved, scammers adapted by building networks.
A key development was the use of mule accounts, which allow funds to be moved rapidly and make financial trails harder to trace. This turned isolated scams into repeatable processes capable of operating at scale.
From pressure to persuasion
Tactics have shifted over time.
Rather than relying solely on intimidation, scammers began operating within everyday digital spaces such as messaging apps, email threads and social media platforms. Interactions often start casually and only later involve requests for money or sensitive information.
Because these exchanges take place in familiar settings, they feel routine.
The risk is not always obvious, as the interaction blends into normal communication.
Precision, scale — and the role of AI
Scams today are more refined and targeted.
Messages are polished and increasingly personalised, often drawing on publicly available or leaked data.
Technology allows scammers to reach large numbers of people while tailoring each approach.
Artificial intelligence is accelerating this trend.
Voice cloning can replicate a person’s speech using short audio clips, enabling scammers to send convincing voice notes or make calls that sound like a colleague or family member.
Deepfake videos have also been used to impersonate public figures or company executives, sometimes to promote fraudulent investments or authorise payments.
At the same time, AI-generated phishing messages can mimic tone and context with minimal effort, removing many of the inconsistencies that once made scams easier to detect.
This is why impersonation scams — including those involving LHDN— can be difficult to dismiss.
Why scams still succeed
Scams continue to work not because people are careless, but because they are designed to influence behaviour.
They create urgency and limit the time available for verification.
A person who feels pressured is more likely to act quickly rather than question the situation.
At the same time, the environment plays a role.
Requests that appear in familiar chats or ongoing conversations carry an inherent sense of legitimacy.
What seems like a single interaction is often supported by coordinated roles behind the scenes, making the process more efficient and consistent.
Why the problem persists
In Malaysia, the persistence of scams is linked to high digital adoption, the availability of mule accounts and the involvement of cross-border networks.
These factors make enforcement more complex even as authorities intensify efforts.
The hidden layer: when hacking comes first
Another major shift is where scams begin.
Rather than relying solely on fabricated messages, scammers often gain access to real accounts — email inboxes, messaging apps or social media profiles — and operate from there.
In business email compromise cases, attackers monitor ongoing conversations and step in at key moments, inserting payment instructions that align with the context.
Because the request comes from a legitimate account, it is less likely to be questioned.
A similar pattern can occur in personal settings, where compromised accounts are used to contact friends or colleagues.
Hacking, in this sense, is no longer separate from scams; instead, it enables them by providing access to trusted communication channels.
In many cases today, scams begin with a compromised account rather than a suspicious message.
Reducing the risk of being compromised
Since many scams now depend on account access, basic digital habits are increasingly important.
Authorities such as Bank Negara Malaysia (BNM) and the police advise strengthening account security through measures such as using unique passwords and enabling two-factor authentication.
Caution with unexpected links or attachments also remains critical, as these are common entry points.
Periodically reviewing account activity for unfamiliar logins can help detect issues early.
The aim is to make it more difficult for attackers to gain initial access — a step that often determines whether a scam can proceed.
If this happens, do this
As many scams rely on urgency and leave little room for checks, BNM and the police urge consumers to pause and verify requests through official channels.
If money has already been transferred, immediate action — such as contacting the bank and the National Scam Response Centre (NSRC) at 997 — may help limit losses.
If a call claims to be from an official organisation, verify directly through official channels before taking any action.
If a message from a known contact requests money, confirm through a separate method such as a phone call.
Avoid clicking unexpected links, even if they appear legitimate. Access services by manually entering official website addresses instead.
In workplace situations, requests involving payments or changes to bank details should always be verified through another channel.
If funds have already been transferred, contact the bank and NSRC 997 immediately, as early reporting may prevent further movement of money.
