With the holiday season just around the corner, Malaysians are gearing up for year-end mega-sales like 11.11 and 12.12, out to score great deals. And more of them are now shopping online than ever before, with the e-commerce market expected to grow by 12.8% in 2024, reaching over RM50 billion. But as online shopping frenzy kicks into high gear, so does the risk of scams and frauds.

Microsoft’s latest Digital Defence Report found that the cyber threat landscape continued to become more dangerous and complex in the last year, with scammers turning to increasingly sophisticated tactics, techniques, and tools. With over 14,490 cases of online fraud reported in Malaysia already this year, leading to half a billion ringgit in losses – it’s never been more important for shoppers to stay vigilant.

“As we head into the holidays, online shoppers must remain alert to avoid falling victim to elaborate scams that are getting even more complex,” says Laurence Si, Managing Director at Microsoft Malaysia. “New technologies like AI are making it easier for scammers to operate and ramp up their tactics, preying on the heightened vulnerability of deal-seeking customers,” he adds.

Whether it is through sophisticated video manipulations or enticing but deceptive online offers, scams can be incredibly convincing and easy to fall for. Microsoft’s Digital Defence report highlights some of the scams you should watch out for this holiday season, including:

1. Deepfakes

With AI-driven deepfake technology, scammers can create realistic fake videos and audio that impersonate trusted individuals. They might use fake video calls or voice messages from familiar sources like friends or family members, tricking users into sharing sensitive information or making unauthorized payments.

To protect yourself, always verify unusual requests by contacting the person directly, and be cautious with links and attachments from unknown sources. Look for signs of manipulation, like unnatural movements in videos, and consider using multi-factor authentication for added security.

2. Techscams

Techscams often involve fake tech support pop-ups or calls that appear after visiting certain shopping sites or clicking on ads, impersonating brands like Microsoft. They convince shoppers to share sensitive information or pay for fake services to “fix” non-existent issues.

Other techscams create fake shopping deals or impersonate well-known retailers, luring shoppers to fraudulent sites where they unknowingly enter payment details or make purchases that never arrive.

Microsoft’s report highlights that techscams have led to significant financial losses globally. In fact, techscams can impact wallets up to ten times more than traditional phishing attempts, making it crucial for holiday shoppers to stay vigilant and double-check the legitimacy of offers and websites.

3. QR code phishing

While QR codes are a convenient way to share and access information, they can also lead you to fake websites designed to steal personal information. These sites can direct you to a fake sign-in page where you could unknowingly enter your credentials, potentially bypassing security measures like multi-factor authentication. To avoid these, be cautious with QR codes from unknown sources and always verify requests for personal information.

Top tips to stay safe this peak shopping season

1. Avoid clicking links or attachments

During the holiday season, scammers capitalize on our search for good deals. If an email or text offers deep discounts, tight timeframes to take an offer up, or unusual availability for an item that is sold out everywhere else, it could be a scam. Play it safe: don’t click on links or open attachments in SMS or email. Instead, go to the retailer’s website directly and see if the offer checks out.

2. Be skeptical, even with familiar contacts

Phishing messages are more convincing and harder to identify than ever. Be cautious with unexpected texts from friends or family members asking for money. Or an email from your bank asking for your personal details. Always apply additional scrutiny and double check directly with the sender before doing what they requested, opening or downloading an attachment, or replying back to their message. Fake invoices are another common trick used to prompt unauthorized payments or downloads.

3. Use unique passwords and multi-factor authentication

Consider using a password manager to help store your strong, unique passwords securely for each site. Also, enable multi-factor authentication wherever possible. This simple step can be what will save you from a scam. This adds a second layer of security, which Microsoft reports can block 99% of password-based attacks. However, be wary of unexpected multi-factor authentication alerts, as these could indicate an attempt to breach your account.

4. Report suspected scams to authorities

If you think you’ve been scammed, act quickly. Call the National Scam Response Center (NSRC) hotline at 997. This line is available between 8:00am and 8:00pm every day, including public holidays.