PAO Bank Limited (PAObank) places the highest priority on safeguarding customers’ funds. In alignment with the Hong Kong Monetary Authority’s (HKMA) latest anti-fraud measures, PAObank is proud to announce a comprehensive upgrade to its “Money Safe” feature. Effective immediately, all customers can now proactively lock part or all of their deposits directly through the PAObank Mobile Banking APP, based on their individual needs, adding an extra layer of security to their funds.
Photo for illustration purposes only. | Photo by freepik / NHA File Photo
Mr. Ronald Iu, Chief Executive of PAObank, said, “With fraud cases continuing to rise in recent years, protecting customers’ funds remain a bank’s primary responsibility. PAObank fully endorses the HKMA’s anti-fraud efforts and is actively enhancing our protection measures, enabling customers to manage and safeguard their funds with greater autonomy and flexibility. With this latest upgrade to the ‘Money Safe’ service, we have further strengthened the protective measures available to all our customers. We remain committed to integrating innovative technology to deliver a safer and more reliable financial services experience.”
PAObank customers can now activate Money Safe protection at any time via the PAObank Mobile Banking APP. This feature enables customers to isolate or lock part or all of their bank deposits, preventing any outward transfers of the protected funds through any channel. To access locked funds, customers are required to visit PAObank office in person for identity verification, after which the funds will be released within three working days. This process ensures robust protection while maintaining accessibility when needed.
A new chapter of the Kaspersky Security Bulletin looks at what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026. APT activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk.
Kaspersky Warns Telecom Cyber Threats Seen in 2025 Will Persist into 2026 | Photo by Kaspersky / NHA File Photo
In 2025, telecom operators faced four broad threat categories. Targeted intrusions (APT) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning. Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely used software and services can provide a path into operator networks. Finally, DDoS remained a practical availability and capacity problem.
Between November 2024 and October 2025, Kaspersky Security Network shows 12.79% of users in the telecommunications sector encountered web threats and 20.76% faced on-device threats. Over the same period, 9.86 per cent of telecom organisations worldwide experienced ransomware.
At the same time, the telecommunications sector is moving from rapid technological development to broad implementation — and the report argues that this shift creates new opportunities and new operational risks for 2026. Kaspersky highlights three areas where technology transitions could introduce disruption if rolled out unevenly or without strong controls: AI-assisted network management, where automation can amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed deployment of hybrid and post-quantum approaches could cause interoperability and performance issues across IT, management and interconnect environments; and 5G-to-satellite integration (NTN), where expanding service footprints and partner dependencies introduce new integration points and potential failure modes.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” — said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
To reduce risk and strengthen resilience, Kaspersky experts recommend:
Track the APT landscape and telecom-relevant infrastructure continuously. Kaspersky Threat Intelligence Portal helps to monitor actor and campaign context, and pair that intelligence with regular security awareness training so employees can recognise suspicious activity and apply security policies consistently.
Treat AI-driven network automation as a change-management program. Keep a human override for high-impact actions, roll out in stages with clear rollback paths, and continuously validate the data feeding AI systems so noisy or manipulated inputs cannot trigger “confidently wrong” changes at scale.
Increase DDoS readiness as a capacity-management problem. Validate upstream mitigation, protect edge routing, and monitor for congestion signals that precede customer impact. Use threat intelligence to enrich indicators and spot botnet infrastructure early.
Deploy an EDR capability such as Kaspersky Next EDR Expert to detect advanced threats early, support rapid investigation, and enable effective incident containment and remediation.
To safeguard their banking accounts against cyber threats, member banks of The Association of Banks in Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) today call for customers to ensure that their web browsers and mobile devices are running on the latest version to defend against cyber vulnerabilities and stay safe from scams.
Photo for illustration purposes only | Photo by freepik / NHA File Photo
By updating their web browsers and mobile devices to the latest versions, customers will receive the latest security patches, strengthening protection against cyber threats and malware.
The banking industry urges all customers to update to the latest web browser versions and mobile operating systems (OS). Devices running on older or unsupported versions are more exposed to threats and may no longer receive important security updates from developers such as Apple, Google and Mozilla.
In efforts to mitigate malware risks, banks may introduce additional verification measures, reduce transaction limits or impose other forms of restriction for customers using unsupported versions. Banks may also proactively block transactions originating from these versions, to protect customers. This added layer of protection helps enhance security for customers, ultimately safeguarding their funds and ensuring their financial peace of mind.
To update to the latest versions, customers are advised to follow these simple steps:
On web browsers
Open the web browser and navigate to ‘Settings’ or ‘Help’
Check for available updates. If found, download or install the latest version
Restart the web browser to complete the installation
On mobile devices
Open the Settings app and navigate to System or Software Update (for Android) or General (for iOS)
Check for available updates. If found, download or install the latest version
Follow the on-screen instructions to complete the installation
The steps could differ depending on the manufacturer’s settings.
To protect themselves, banks urge customers to only download apps from official mobile app stores. Customers with vintage or obsolete devices are encouraged to update to a newer model, in order to receive regular security patches.
Current mobile operating systems supported by Google and Apple respectively are for Android versions 13 and above, and iOS versions 18 and above. To find out the latest supported OS, customers may visit endoflife.date/android and endoflife.date/ios.
For web browsers, the following versions and below are considered insecure by the browsers’ developers – Google Chrome Version 140, Firefox Version 141 and Safari Version 18.5. Customers may visit browser-update.org to keep updated on the latest browser versions.
The banking industry remains committed to a safer and more secure banking. During the transition, customers will be provided with guidance outlining browser and mobile OS requirements and timelines. In addition, some banks, working with selected device partners, will offer discounted prices or bundled packages for eligible customers upgrading their mobile devices.
For assistance, customers can contact their banks via branches, call centres, or official social channels. For full details on each bank’s specific browser and mobile OS version requirements, customers are encouraged to reach out to their banks directly.
Customers who suspect they have fallen victim to scams are urged to activate ‘Kill Switch’ immediately to halt any or further losses. They are also encouraged to contact the National Scam Response Centre (NSRC) at 997 or their respective banks’ 24/7 fraud hotlines for assistance.
Source: The Association of Banks in Malaysia (Press Release)
The Asia School of Business (ASB) today reaffirmed its position as a leading institution for AI-driven leadership in Asia by hosting the AI-Powered Leadership Conference, which convened global AI pioneers, CEOs, regional innovators, and policymakers to explore the future of leadership in an AI-powered world. The event was supported by the conference’s Strategic Partner, TRX City Sdn Bhd, the organisation driving the growth of Tun Razak Exchange (TRX), Malaysia’s International Financial Centre.
[L-R] Tan Sri Dr Zeti Akhtar Azi, former Bank Negara Malaysia governor; Professor De Kai, author of “Raising AI” and pioneer of AI and language technologies; YB Gobind Singh Deo, Minister of Digital Malaysia, Brian A. Wong, former Alibaba executive and entrepreneur; Prof. Joe Cherian, CEO, President, Dean and Distinguished Professor of the Asia School of Business. | Photo by ASB/NHA File Photo
In his welcome address, YB Gobind Singh Deo, Minister of Digital, Malaysia, welcomed the gathering of leaders who recognise the importance of Artificial Intelligence (AI) which will drive the next phase of Malaysia’s and the region’s economic growth.
“Leadership in the new age of intelligence demands trust and transparency to drive growth and return on investment. Beyond managing teams, leaders must understand AI’s ethical implications for jobs and equity, proactively anticipating risks like algorithmic bias and cybersecurity. Corporate leaders must adopt human-centred AI principles, ensuring technology serves people first by augmenting human judgment and enhancing the human touch, rather than dictating or eroding it,” he said, adding that leaders must invest in people as seriously as they invest in technology.
The opening keynote was delivered by Professor De Kai, a globally recognised AI pioneer and author of critically-acclaimed MIT Press book, Raising AI, appearing for the first time in Malaysia. Renowned for building the web’s first language translator and developing the language models that later powered Microsoft, Yahoo, and Google Translate, he is one of only seventeen Founding Fellows of the Association for Computational Linguistics. With appointments at HKUST and Berkeley’s International Computer Science Institute and experience on Google’s AI ethics council, De Kai brings deep expertise at the intersection of AI, ethics, and society.
Professor De Kai shared, “Artificial Intelligence are not gods or slaves. They’re attention seeking children who want your approval. We are not parenting them but they are already influencing us unconsciously, and it will continue to influence us even more if we keep thinking of them as mechanical tools.”
His session set the stage for a series of sessions and interactive discussions around the theme of Leadership and Cybersecurity, that examined how AI is reshaping industries, workforce structures and organisational strategy. Other notable keynote speakers included Brian Wong, former Alibaba executive, entrepreneur, investor, and author known for his work on globalisation strategy and AI-enabled organisational design and Professor Hiroshi Ishiguro, globally renowned for his groundbreaking research in interactive robotics, avatar science, and human–AI interaction.
The conference also featured ASB faculty experts Professor Ong Shien Jin and Professor David Asirvatham, who provided insights into AI-driven decision-making, leadership dynamics, and organisational transformation. Participants explored next generation AI models, leadership, cybersecurity, responsible adoption, human-centred leadership and long-term competitiveness.
“As intelligent systems become central to national strategy, corporate competitiveness, and cross-border collaboration, leaders today must pair technical literacy with sound judgement and ethical clarity. This is why ASB is proud to host this conference: to ensure our region’s decision-makers are equipped to navigate AI’s sweeping impact across economies and societies. ASB has invested deeply in these capabilities through our Micro
Credential in AI for Business Leaders, our Certified AI Leader and Certified AI Practitioner executive education programs, and an expanding suite of AI-integrated offerings across our learning pathways. Our goal is straightforward ‒ to help organisations lead AI-driven transformation with confidence, accountability, and long-term competitiveness.” said Joe Cherian, CEO, President, Dean and Distinguished Professor of the Asia School of Business.
TRX City Sdn Bhd, the strategic partner of the conference, highlighted the importance of AI-ready leadership as a critical foundation for a thriving financial ecosystem. Dato’ Sr Azmar Talib, CEO of TRX City said, “AI is reshaping global finance and Malaysia must stay ahead of the curve. At TRX, we see AI-ready leadership as a fundamental driver of competitiveness. Our partnership with ASB reflects our commitment to building an international financial centre that attracts top talent, accelerates innovation and strengthens Malaysia’s position in the region. TRX is proud to support that momentum.”
The conference also included exhibitors, including ThakralOne, iFLYTEK, Biline, Beyond Insights, Symprio, and Galactic Network and Vetece Holdings. PIKOM, the National Tech Association of Malaysia, also participated as a supporting partner as part of broader efforts to strengthen Malaysia’s digital economy and innovation landscape.
Tenable, the exposure management company, discovered seven vulnerabilities and attack techniques during testing of OpenAI’s ChatGPT-4o, several of which were later found to persist in ChatGPT-5. Collectively known as HackedGPT, these flaws expose users to privacy risks by bypassing built-in safety mechanisms. While OpenAI has remediated some of the issues identified, others had not been addressed at the time of publication, leaving certain exposure paths open. If exploited, they could allow attackers to secretly steal personal data, including stored chats and memories.
The vulnerabilities reveal a new class of AI attack called indirect prompt injection, where hidden instructions in external websites or comments can trick the model into performing unauthorised actions. These flaws affect ChatGPT’s web browsing and memory features, which process live internet data and store user information, creating opportunities for manipulation and data exposure.
Photo for illustration purposes only. | Photo by Boitumelo/Unsplash/NHA File Photo
Tenable researchers show that these attacks can occur silently in two ways: “0-click” attacks, where simply asking ChatGPT a question triggers the compromise, and “1-click” attacks, where clicking a malicious link activates hidden commands. Even more concerning is a technique called Persistent Memory Injection, where harmful instructions are saved in ChatGPT’s long-term memory and remain active after the user closes the app. This lets attackers plant lasting threats that can expose private information across future sessions until removed. Together, these flaws show how attackers could bypass OpenAI’s safeguards and access users’ private histories.
“HackedGPT exposes a fundamental weakness in how large language models judge what information to trust,” said Moshe Bernstein, Senior Research Engineer at Tenable. “Individually, these flaws seem small — but together they form a complete attack chain, from injection and evasion to data theft and persistence. It shows that AI systems aren’t just potential targets; they can be turned into attack tools that silently harvest information from everyday chats or browsing.”
HackedGPT: the seven vulnerabilities and attack techniques identified by Tenable research
Indirect prompt injection via trusted sites
Attackers hide commands inside legitimate-looking online content such as blog comments or public posts. When ChatGPT browses that content, it unknowingly follows those hidden instructions. In short, ChatGPT can be tricked into doing what an attacker tells it to, just by reading a compromised page.
0-click indirect prompt injection in search context
A user doesn’t have to click or do anything special to be exposed. When ChatGPT searches the web for answers, it can encounter a page with hidden malicious code. Simply asking a question could cause the model to follow those instructions and leak private data — what researchers call a single-prompt compromise.
Prompt injection via 1-click
A single click can trigger an attack. Hidden commands embedded in seemingly harmless links, like https://chatgpt.com/?q={Prompt}, can make ChatGPT execute malicious actions without realising it. One click is enough to let an attacker take control of your chat.
Safety mechanism bypass
ChatGPT normally validates links and blocks unsafe sites. Attackers bypass that by using trusted wrapper URLs (for example, Bing’s bing.com/ck/a?…) which hide the real destination. ChatGPT trusts the wrapper, displays the apparently safe link, and can be led to a malicious site.
Conversation injection
ChatGPT uses two systems — SearchGPT for browsing and ChatGPT for conversation. Attackers can use SearchGPT to insert hidden instructions that ChatGPT later reads as part of the conversation. In effect, the AI ends up “prompt-injecting itself,” following commands the user never wrote.
Malicious content hiding
A formatting bug allows attackers to conceal malicious instructions inside code or markdown text. The user sees a clean message, but ChatGPT still reads and executes the hidden content.
Persistent memory injection
ChatGPT’s memory feature stores past interactions. Attackers can plant malicious instructions in that long-term memory, causing the model to repeat those commands across sessions and continuously leak private data until the memory is cleared.
Potential impact of exploiting HackedGPT
Hundreds of millions of people use ChatGPT daily for business, research, and personal communication. If exploited, these flaws could:
Insert hidden commands into conversations or long-term memories.
Steal sensitive data from chat histories or connected services such as Google Drive or Gmail.
Exfiltrate information through browsing and web integrations.
Manipulate responses to spread misinformation or influence users.
Tenable Research conducted its investigation under responsible disclosure practices. OpenAI has remediated some of the vulnerabilities identified, but several remain active in ChatGPT-5 or had not been addressed at the time of publication, leaving certain exposure paths open.
Tenable advises AI vendors to harden defences against prompt injection by verifying that safety mechanisms such as url_safe work as intended and by isolating browsing, search, and memory features to prevent cross-context attacks.
Recommendations for security teams
Tenable advises security professionals to:
Treat AI tools as live attack surfaces, not passive assistants.
Audit and monitor AI integrations for manipulation or data leakage.
Investigate unusual requests or outputs that could signal prompt injection.
Test and reinforce defences against injection and exfiltration paths.
Establish governance and data-classification controls for AI use.
“This research isn’t just about exposing flaws, it’s about changing how we secure AI,” Bernstein added. “People and organisations alike need to assume that AI tools can be manipulated and design controls accordingly. That means governance, data safeguards, and continuous testing to make sure these systems work for us, not against us.”
Unmasking Exaggerated Claims in Property Development – (a report from Gunaprasath Bupalan of Emjay Communications)
The public’s appetite for aspirational living has made property development a sphere rife with seductive, yet often misleading, narratives. From glossy brochures to virtual reality tours, the marketing of a new project is less about the brick-and-mortar reality and more about selling a dream.
For the serious investor and the hopeful homeowner, the ability to discern genuine value from the illusion is their most potent defence against the disappointment of their decision, which is sadly often the case. This endemic issue is rooted in what property strategists term the “short-term way” to business success. This philosophy is fundamentally one of expediency, of the developer focusing on securing immediate capital and achieving quick sales with less regard for the project’s long-term utility, sustainability and value.
In his talk to REHDA Institute, Peter Chan elaborated that “short-term way” depended on the leveraging of “Connections,” embracing “Use of short cuts,” and, most detrimentally, relying on “Exaggerated marketing” and deliberate “Misrepresentations”. The immediate success generated by this approach—rapid sell-outs and high initial returns—can easily influence the developer and blind the trusting purchaser in his decision.
Peter Chan
The exaggeration used in the short-term approach is rarely crude; it is creative and often a nuanced manipulation of facts. Developers may utilise selective images or photography to eliminate views of encroaching developments, overstate the future impact of planned infrastructure, or promise luxurious facilities that are either scaled back or never fully delivered due to cost constraints. The buyer commits to a multi-year investment based on a fleeting vision, only to find the reality compromised by delays, downgrades, or outright omissions.
A perpetual point of contention lies in the delivery of common amenities. When a development faces hopeful expectations or unreasonable demands, the developer is often placed in a defensive position. Although frequently misled into complicated situations, the decisive and conclusive determinant must be what is detailed in the Sales and Purchase Agreement (SPA). What is provided in the SPA is the indisputable requirement of what has been contractually accepted, agreed and binding on both the developer and the purchaser. We would highlight that Peter Chan and The Haven had bequeathed to the development way beyond what was contractual and listed in the SPA. When the development was completed, he revealed to the purchasers in an AGM the list of additional facilities—which were not contractually stipulated in the original Sale and Purchase Agreement (SPA) amounting to RM 36 million.
Every promise made to the parcel owners was not only met but exceeded.
The condition of this world is indeed exposed when one of the purchasers chose to find fault and claimed at a Tribunal that a tennis court had been promised and not provided for. This was indeed untenable and shocking as the decision and approval to build and pay for the tennis court was proposed by the participants themselves in the AGM and was voted on and approved. Appallingly, 8 of her collaborators took up their case in the High Court on the same claim. As the burden of proof and substantiation borne by the consumers is illogical, heavy and onerous, their intention of initiating the claim must be suspicious.
As the talk delivered, Peter Chan presented the viable counter to this endemic practice as the “long term way” to development, a strategy based on “Effort, Commitment, Creativity, Perseverance and Truth.” He emphasized that truth is not a negotiable ethical addendum; it is a foundation to life and to real success – success in proper business. When a project is built on transparent, verifiable facts, the marketing naturally becomes a sincere reflection of its quality, design, and assured durability. This consistency ensures that buyer expectations are not just met at the point of handover, but maintained over the property’s lifecycle. Such was the delivery of The Haven to its purchasers. Every promise made to the parcel owners was not only met but exceeded. It is little wonder for one renowned publication to have pronounced Peter, the legatee, “Developer Extraordinaire”.
Palo Alto Networks, the global cybersecurity leader, and Cyberlite, a specialised cyber safety and AI education provider, today announced the launch of the AI Safety in the Classroom Toolkit. This groundbreaking resource is a crucial extension of Palo Alto Networks’ mission to protect our digital way of life and sets a new standard for corporate commitment to community digital safety.
Photo by Palo Alto Networks/NHA File Photo
The speed and scale at which AI is accelerating threats necessitates a fundamental shift in education. Research from Palo Alto Networks’ Unit 42 underscores this urgency, revealing how AI is rapidly transforming the threat landscape. For example, the Unit 42 Global Incident Response Report consistently identifies social engineering as a top initial access vector, and threat actors are increasingly using generative AI to create highly sophisticated, personalised attacks like convincing deepfakes. Equipping students to recognise and resist these advanced, AI-driven manipulations is critical to protecting the “human factor” in security.
This toolkit directly addresses that urgent need. Palo Alto Networks is deeply committed to driving social impact through cybersecurity education, supporting students with the skills they need to protect their digital future and become good digital citizens. The AI Safety in the Classroom Toolkit, now available in English and Bahasa Indonesia, builds on the successful, long-standing partnership between Palo Alto Networks and Cyberlite, which has already distributed over 100,000 “Ready, Get Set, Connect!” cybersafety workbooks to schools across the Asia Pacific region.
“Our partnership with Palo Alto Networks represents a significant leap forward in our shared mission to empower the next generation with the skills to navigate the complexities of the digital world,” said Michelle Yao, Co-Founder of Cyberlite. “The AI Safety in the Classroom Toolkit is a direct response to the urgent need for practical, accessible resources that empower educators in the classroom, teaching students the critical thinking skills needed to be safe and ethical AI users. This collaboration reinforces our belief that cyber safety is a shared responsibility, and by working together, we can build a more secure digital future for all.”
“The AI Safety in the Classroom Toolkit is designed to empower educators, parents, and community instructors who are not cybersecurity or AI experts,” said Lisa Sim, Vice President, Marketing, Asia-Pacific and Japan and, Director, CyberFit Nation at Palo Alto Networks. “The materials are intentionally easy to use, making it simple for them to become ‘rock stars’ in lesson delivery and integrate these vital learning resources into the education curriculum.”
The toolkit’s 30-minute modular lessons are engineered to build critical thinking skills, helping students become informed, ethical, and safe AI users. The hands-on, practical lessons cover real-world risks, including:
The foundations of generative AI and prompt engineering.
Recognising bias.
Detecting deepfakes and digital clones.
Exploring how recommendation engines impact privacy and personalisation.
Mastercard announced the launch of Mastercard Threat Intelligence, the first threat intelligence offering applied to payments at scale. The solution combines Mastercard’s global fraud insights with cyber threat intelligence from Recorded Future, empowering financial institutions across Asia-Pacific (APAC) to detect, prevent and respond to cyber-enabled fraud with greater speed and accuracy.
Photo for illustration purposes only | Photo by Vitaly Gariev/Unsplash/NHA File Photo
The intelligence gap between cyber and fraud teams remains critical. Sixty percent of global fraud and risk executives are notified of cyber data breaches only after fraud losses begin, a figure that rises to 67 per cent across APAC. Similarly, 83 per cent of APAC financial institution leaders report frustration with the lack of real-time cyber threat intelligence (CTI) integration.
“Payment fraud is no longer just a payment system issue — it’s a cybersecurity challenge that directly impacts an organisation’s bottom line,” Matthew Driver, executive vice president of Services, Asia Pacific at Mastercard said. “Mastercard Threat Intelligence bridges communication gaps, enabling fraud and security teams to work together seamlessly to stop fraud before it happens.”
“Asia Pacific is seeing a surge in cyber-enabled fraud, and the need for integrated intelligence has never been more urgent,” said Aditi Sawhney, senior vice president of Security Solutions, Asia Pacific at Mastercard. “We’re helping our customers move from fragmented responses to unified, intelligence-led defense strategies that strengthen resilience across the payments ecosystem.”
Mastercard Threat Intelligence offers customers the following key features:
• Card testing detection: Real-time alerts and proactive declines of fraudulent test transactions, reducing downstream fraud and protecting cardholders.
• Digital skimming intelligence: Quantitative data to assess skimmer impacts and disrupt card-related malware, leveraging Mastercard’s industry partnerships.
• Merchant threat intelligence: Targeted insights to assess merchant risk and enable faster incident response.
• Payment ecosystem threat intelligence: Weekly reports on emerging threats and vulnerabilities across the global payments landscape.
• Payment intelligence reports: Actionable case studies and fraud trend analysis to inform strategy and strengthen defenses.
Operational silos continue to challenge risk resilience. Two in three fraud and risk leaders worldwide highlighted silos as a top concern, with 72 per cent of APAC leaders citing this entrenched issue as their highest priority.
“Operational silos within the fraud and cyber teams continue to plague risk leaders as a high concern,” said Driver. “With Mastercard Threat Intelligence, we’re giving our customers the global visibility, threat intelligence and tools to prevent fraud and operate securely in a connected world.”
Despite the challenges, APAC leaders are also seeing the benefits of improved integration. Most (89 per cent) institutions in the region report faster fraud defense responses following integration efforts, leading all global regions in speed gains.
The launch of Mastercard Threat Intelligence comes less than a year after Mastercard finalised its acquisition of Recorded Future, and demonstrates the companies’ commitment to delivering a unified, intelligence-led approach to securing the digital economy.
During market testing over the course of six months, Mastercard’s intelligence data helped ecosystem partners identify and take down malicious domains tied to the theft of payment card data, which had impacted nearly 9,500 ecommerce sites and were linked to an estimated USD 120 million in fraud losses.
A new cohort of 35 young changemakers and content creators is being equipped to lead online safety advocacy through the Online Safety IRL: Scam Edition fellowship programme. As trusted voices in their communities, these fellows have the potential to collectively reach over five million users online to raise scam awareness and shape safer digital behaviours.
35 content creators and youth leaders will be trained to amplify scam awareness and digital safety under the Online Safety IRL:Scam Edition programme jointly driven by Ministry of Communications, CelcomDigi Berhad, Meta Platfrom Inc, Ration:Cause and Tonton. | Photo by Ministry of Communications/NHA File Photo
The programme is jointly driven by the Ministry of Communications, CelcomDigi Berhad, Meta Platforms, Inc. and Ratio:Cause, alongside media partner – Tonton, to grow a strong network of digital safety advocates and maximise impact through a multi-stakeholder approach.
Building on the success of its first edition which impacted over 2.8 million Malaysians through digital safety awareness content, the second edition returns with a focus to address the growing threat of financial scams, particularly those driven by AI technologies. The fellows will undergo an immersive fellowship involving expert-led masterclasses, field immersions, mentorship and community outreach, to build on their scam-spotting skills and understanding of AI’s dual role in scams and safety.
Minister of Communications, YB Datuk Fahmi Fadzil said, “Scams affect everyone, and protecting Malaysians requires us all to work together. This programme shows what’s possible when government, industry, and communities unite to build awareness and strengthen online safety for all.”
CelcomDigi’s Head of Sustainability, Philip Ling said, “Content creators and youth leaders are powerful changemakers with their ability to reach and influence communities both online and offline. We have seen the impact driven by peer-led advocacy in shaping how Malaysians navigate the digital world. Through Online Safety IRL, we are helping to grow a dynamic network of advocates who can continue to spark conversations, shift behaviours, and make the internet safer for everyone. CelcomDigi remains committed to fostering a safer and more secure digital environment for all. We will continue to develop strategic partnerships to build a trusted digital society.”
Meta’s Head of Public Policy for Malaysia and Brunei, Daniel Lim said, “Protecting people online is a collective effort, and we strive to equip the next generation with the skills and awareness they need to navigate online spaces confidently. Through the Online Safety IRL programme, we’re proud to support young leaders and creators as they champion scam awareness and inspire safer online behaviour in their communities. Together with our partners, we’re building a more secure and informed digital future for all Malaysians.”
Executive Director at Ratio: Cause, New Su Shern said, “The success of our first edition proved to us how powerful collaboration can be when different stakeholders come together with purpose. This programme has never been just about awareness, it’s about changing how Malaysians think, act and look out for one another online. This year, we’re expanding that impact even further, reaching more people across the country through a more diverse group of creators and youth fellows. Together with the Ministry of Communications, Meta, CelcomDigi and Tonton, we’re making scam resilience not just a campaign, but a nationwide movement powered by voices of our own communities.”
The programme comprises two separate fellowship tracks, designed respectively for content creators and youths across Malaysia. Content creators will go through a 3-month fellowship which consists of:
MYR 8,000 grant to support content creation on scam awareness
Expert masterclasses on topics such as scam psychology, AI-generated fraud, and ethical content creation
Exclusive networking opportunities with corporate partners, government agencies, and like-minded creators
The youths will undergo a 6-month fellowship which includes:
Expert masterclasses focusing on community outreach and advocacy, in addition to topics on scam psychology, AI-generated fraud and more
Mentorship from programme partners and industry experts
Hands-on opportunity to design a community project on scam awareness
Featuring ‘Is This Legit?’, a scam awareness game by Meta.
Along with the launch of Online Safety IRL: Scam Edition, Meta also proudly presented their latest scam awareness game called ‘Is This Legit?’, now available in Bahasa Malaysia for the local audience. This is an interactive experience designed to equip online communities with skills to identify and avoid common scams. By engaging players through art and creativity, Meta aims to embed critical scam-spotting knowledge in their long-term memory, leading to lasting behavioural change.
Today, Sumsub, a global verification and anti-fraud leader, released the second edition of its Global Fraud Index, revealing that Asia-Pacific has dropped from third to fourth place globally in fraud protection amid rising exposure to fraudulent activities. The region now ranks just above Africa and trails Europe, the Middle East, and the Americas. The report, produced in collaboration with Statista and the Digital Assets Association (DAA) Singapore, examines fraud risk across 112 countries to help regulatory bodies, governments, and businesses better understand and prevent fraud.
There’s been an explosion of fraud worldwide – are business leaders ready to lead the fight against it? Sumsub’s What The Fraud summit is Asia-Pacific’s first event for fraud fighters, fintech innovators, crypto leaders, AI experts, regulators, and compliance professionals.
While some markets like New Zealand and Thailand have strengthened their fraud protection, several of the region’s leading digital economies, including Singapore, Japan, Indonesia, and Malaysia have experienced significant declines in their rankings, highlighting the widening gap between rapid digital growth and the implementation of robust fraud prevention measures to safeguard users against increasingly sophisticated fraud.
“This year’s Global Fraud Index shows that fraud protection isn’t about geography, it’s about governance. At the same time, fraudsters are getting their hands on increasingly powerful AI tools. What was once a niche threat has become commonplace”, said Timothy Owens, Tech and AI Industry Expert, and Senior Research Lead Technology and TeleCommunications at Statista. “For technology leaders, the message is clear: treat fraud exposure like system uptime. It requires constant monitoring. Verification systems, information sharing between organisations, and robust incident response aren’t optional anymore; they’re fundamental components of operating in today’s digital environment.”
Despite its decline in overall ranking, Singapore leads globally in the Government Intervention pillar, surpassing countries such as Luxembourg, Denmark, Finland, Norway, and the Netherlands. This underscores the city-state’s commitment to building a robust anti-fraud infrastructure, strengthening regulatory frameworks, and fostering public-private collaboration to safeguard its digital economy against increasingly sophisticated threats.
Key highlights of the 2025 Global Fraud Index study include:
Top APAC countries most protected against fraud are: New Zealand (#7), Singapore (#10), Australia (#15), South Korea (#27), Japan (#28)
Top APAC countries least protected against fraud are: Sri Lanka (#103), Bangladesh (#106), India (#109), Indonesia (#111), and Pakistan (#112)
New Zealand rose significantly from #12 in 2024 to #7 in 2025, Thailand climbed 25 positions (from #58 to #33) year-over-year
Singapore dropped from #1 in 2024 to #10 in 2025
Japan fell 15 positions (from #13 to #28), Indonesia declined 11 places (from #100 to #111)
Malaysia experienced the most drastic decline, falling from #34 to #86
Pakistan holds the last position in the Index for the second consecutive year
Europe has the largest concentration of countries in the list of 15 most protected ones
The U.S. has the highest government AI readiness index across the globe.
“The findings of the 2025 Global Fraud Index are a stark reminder of the escalating challenges we face in the digital economy. The marked decline in rankings for key APAC hubs like Singapore, Malaysia, and Indonesia highlights a pressing need for a unified response to the growing threat of sophisticated fraud. This isn’t just about statistics; it’s about protecting businesses and building the trust necessary for the digital asset ecosystem to thrive,” said Chia Hock Lai, Co-Chairman, Digital Assets Association. “As an association committed to fostering a secure digital environment, these results reinforce our mission. We are proud to collaborate with Sumsub on this critical initiative, which generates awareness and provides actionable insights for both industry stakeholders and regulators. The DAA will intensify its efforts to collaborate with government bodies and technology providers to champion robust anti-fraud infrastructure and enhance the accessibility of essential KYC/AML services throughout the region.”
“The 2025 Global Fraud Index provides a comprehensive view of fraud risks worldwide, highlighting both emerging threats and the effectiveness of preventative measures. By benchmarking markets globally, it offers businesses and regulators actionable insights to strengthen anti-fraud strategies, protect consumers, and maintain trust in the rapidly evolving digital economy,” said Penny Chai, Vice President, APAC, Sumsub. “The findings also underscore the unique challenges faced by APAC’s fast-growing digital economies, where rapid innovation is increasing exposure to sophisticated fraud. Effective government intervention, combined with public-private collaboration, is critical to ensuring these markets remain secure and resilient.”
Building on last year’s well-received edition, the 2025 Global Fraud Index expands its scope to include nine new countries, including the Philippines, Vietnam, Kenya, Uganda, and Nigeria. The research integrates Sumsub’s internal verification data with insights from external sources including the World Bank, Transparency International, and Oxford Insights, providing a comprehensive view of global fraud exposure and government response capabilities.
You can find additional data-driven insights, explore interactive maps and infographics as well as build country-specific comparisons here: https://sumsub.com/global-fraud-index-2025.
In addition, Sumsub’s inauguralWhat The Fraud Summit that will facilitate the public-private partnerships and knowledge sharing critical to strengthening fraud prevention, will be taking place in Singapore from November 19 to 20, 2025. Learn more about the WTF Summit and ticket details: https://sumsub.com/wtf-summit/.
Methodology of 2025 Global Fraud Index study
The Global Fraud Index uses both internal and external data. Sumsub’s internal data is based on volumes of over 1 million checks conducted daily on the platform. The majority of data is from 2024-2025, with one indicator from 2023. External sources include The World Bank, The Heritage Foundation, Oxford Insights, Transparency International, Numbeo and other databases.
The Index consists of 4 main pillars of analysis for each country. Those include not only the country’s fraud rate itself, but also incorporate ‘The Fraud Triangle’ hypothesis. This widely-used model reflects how certain factors – namely, pressure, opportunity, and rationalization – contribute to higher fraud rates and corruption. In digital fraud, this triangle manifests through lower digital resources accessibility, less efficient government intervention, and higher economic instability scores.
