Skip to main content
Article

You Cannot Trust What You See Anymore: Malaysia’s Deepfake Crisis and the Technology Fighting Back

1.  Seeing Is No Longer Believing

There is a moment that millions of Malaysians have now experienced: a video appears on your screen. The face is familiar, a minister, a senior bank official, a member of the royal family, or a well-known businessman. The voice is convincing. The message is urgent. And for a few seconds before your critical thinking intervenes, you almost believe it.

That two- to three-second window of involuntary belief is the entire business model of modern deepfake fraud.

We have crossed a threshold. A human face can now be replicated with precision. A voice can be cloned from a three-second audio sample. A convincing video can be generated from a single photograph. The foundational assumption of digital communication that what you see reflects something that actually happened no longer holds. In Malaysia, the consequences are not theoretical. They are measured in billions of ringgit, tens of thousands of cases, and countless lives disrupted.

WHAT IS DEEPFAKE

 

Deepfake is a term that combines ‘deep learning’ (the AI technique) and ‘fake’ (the intent). Using large datasets of images, video, and audio, deep learning algorithms can fabricate a video of a person saying something they never said, clone a voice from a three-second recording, generate a realistic face that does not belong to anyone who exists, or synthesise entirely fictional video sequences. The technology itself is neutral; it has legitimate applications in film, education, and accessibility. Its weaponisation against ordinary Malaysians is what makes it a national security issue.

2. The Numbers Malaysia Cannot Ignore

The deepfake and AI-driven fraud crisis in Malaysia has a clear, verified, and worsening data trail. These are not projections. They are official figures from Malaysian law enforcement and government ministries.

3. When Deepfakes Target Malaysia’s Institutions (Real Cases)

The following are documented incidents, not hypothetical scenarios, that have occurred in Malaysia. Each one illustrates a distinct dimension of the deepfake threat.

1.    Bank Negara Malaysia (BNM) – The Governor’s Face, Fabricated

Bank Negara Malaysia was compelled to issue a formal public warning after scammers deployed deepfake videos fabricating the appearance and voice of the BNM Governor and senior officials to promote fraudulent financial products. BNM published an official advisory reel on their Instagram account specifically to address the impersonation of a central bank using social media to combat synthetic fraud, which is itself a measure of how urgent this threat has become.

Source: Bank Negara Malaysia Official Bank Negara Youtube

2.    Yang di-Pertuan Agong – The Crown Under AI Attack

On 10 July 2025, the Johor Royal Press Office issued a public warning after an AI-generated deepfake video of His Majesty Sultan Ismail, Yang di-Pertuan Agong, appeared on Facebook, falsely promoting an investment scheme. The palace reminded Malaysians that impersonating the King is a serious criminal offence under Malaysian law. When the country’s highest constitutional office requires a public statement about synthetic media fraud, the systemic scale of the problem is unmistakable.

Source: New Straits Times Johor police probe AI-generated fake video of Sultan Ibrahim

3.    The Pahang Sultan, the Prime Minister, and Malaysia’s Public Figures

Scammers have systematically fabricated deepfake endorsement videos featuring Prime Minister Datuk Seri Anwar Ibrahim, former Chief Justice Tun Tengku Maimun Tuan Mat, Capital A CEO Tan Sri Tony Fernandes, tycoon Tan Sri Robert Kuok, and members of the royal family, all promoting fake investment schemes across Facebook, WhatsApp, and Telegram. The Securities Commission, in coordination with MCMC, has been removing these videos in real time. The volume is such that removal is reactive, not preventive.

Source: Focus Malaysia ‘Disturbing fake AI video of Pahang Sultan raises concern on identity theft.’ focusmalaysia.my

4.    Corporate Malaysia – RM122 Million Lost in a Single Video Call

In February 2024, a multinational firm’s employee transferred the equivalent of approximately USD26 million (approximately RM122 million) after receiving a deepfake video conference call in which scammers impersonated multiple senior executives of the company. The attackers had trained their AI models on publicly available footage of LinkedIn profiles, company videos, and public appearances to replicate the executives’ faces and voices with sufficient fidelity to bypass the employee’s verification instincts in a live call setting.

Source: Bank of China Malaysia Corporate Banking Security Advisory: Deepfake/AI Scam. bankofchina.com.my

THE EVERYDAY SCENARIOS

These high-profile cases represent the visible edge of a much broader pattern. The same technology is deployed in everyday scenarios that Malaysians encounter constantly:

  • A video in your family WhatsApp group: an authoritative figure endorsing a guaranteed investment with ‘limited slots’.
  • An urgent message appearing to come from your CEO: demanding an immediate fund transfer before the end of the business day.
  • A phone call from what sounds exactly like your child or sibling: asking for emergency money because they are in trouble.

Our instinct in emergencies is to act. The new discipline of the digital age must override that instinct. Pause. Verify through a separate channel. Think twice.

4. How Deepfake Fraud Actually Works – The Attack Anatomy

Deepfake investment fraud does not happen randomly. It follows a reproducible, four-stage attack sequence that exploits the intersection of technology and human psychology. Understanding it is the first step toward defending against it.

⚠ Transferred funds are difficult or impossible to recover. The financial and emotional impact on victims is devastating, with 62% of victims reporting severe mental distress (Global Anti-Scam Alliance, 2024)

5. Why Malaysia Must Build Its Own Deepfake Detection Technology

There is both a principled and a practical case for Malaysia developing a homegrown deepfake detection capability. MIMOS, as the national applied R&D centre under MOSTI, is building both the argument and the technology.

The Technical Case – Malaysian Context Requires Malaysian Training Data

Deepfake detection AI performs only as well as the data used to train it. A detection system trained predominantly on Western faces, English speech patterns, and Latin-script documents will have documented performance gaps when applied to deepfakes featuring Malaysian faces, Bahasa Malaysia voice synthesis, or Malay-language fabricated documents. Detection systems require localised training on Malaysian faces, Malaysian voices, Malaysian accents, and Malaysian content contexts. This is not a policy preference. It is an engineering requirement.

The Sovereignty Case – Dependency Creates Structural Vulnerability

Relying on foreign technology to protect Malaysian citizens’ digital identities creates a dependency that exposes the country to three distinct risks: data sovereignty (Malaysian biometric data faces, voices processed on foreign servers subject to foreign jurisdiction); geopolitical risk (service disruption or access restrictions during diplomatic tensions); and alignment gaps (detection systems optimised for foreign threat actors rather than Malaysian scam syndicates operating through WhatsApp in Bahasa Malaysia).

6. Building MIMOS’ Trusted Intelligence Platform

MIMOS has developed a multi-vector deepfake detection capability integrated into the Trusted Intelligence Platform (TIP), a five-year national digital trust infrastructure programme under the 13th Malaysia Plan.

7. The National Dialogue on Trusted Intelligence 2026

To confront the deepfake and AI fraud crisis, MIMOS is spearheading the National Dialogue on Trusted Intelligence 2026. This invitation-only event serves as Malaysia’s structured governance response, bringing together the specific decision-makers and technical experts who hold the levers of our digital trust infrastructure.

IMPORTANT TO UNDERSTAND

 

This dialogue is a closed-door event with targeted participants, but that does not mean its discussions are limited to a small circle. The agreed outcomes and direction will shape how MIMOS and its partner agencies build the digital trust infrastructure used by every Malaysian who owns a smartphone

6. Frequently Asked Questions

Q: What is a deepfake, and how is it used in fraud in Malaysia?

A deepfake is synthetic media video, audio, or images generated by AI using deep learning algorithms to make someone appear to say or do something that never occurred. In Malaysia, deepfakes are primarily used for investment scams: scammers create convincing videos impersonating public figures, including the Yang di-Pertuan Agong, Bank Negara Malaysia officials, the Prime Minister, and renowned business leaders, to promote fraudulent investment schemes. These videos are typically circulated through family WhatsApp groups, Facebook, and Telegram. Malaysia recorded over 450 deepfake-related fraud cases and RM2.72 million in losses during the first half of 2024 alone (JSJK Bukit Aman).

Q: How much has Malaysia lost to cybercrime and deepfakes?

Malaysia recorded 35,368 cybercrime cases in 2024 with losses of RM1.58 billion, an 84.46% increase compared to 2022 (PDRM / Ministry of Digital). In the first half of 2025, losses exceeded RM1.12 billion (Ministry of Home Affairs). By the end of 2025, online scam cases had more than doubled to 74,744, with losses exceeding RM2.9 billion (PDRM CCID). The overall estimate, including unreported cases, reached RM54.02 billion or 3% of Malaysia’s GDP (State of Scam Report 2024). Only 2% of victims successfully recover their money.

Q: How can I detect a deepfake video?

The human eye can no longer be trusted; 85% of fraud victims in Malaysia believed fake deepfake investment videos (Ministry of Economy). However, some warning signs include: unnatural eye movements; inconsistent lighting between the face and background; slightly delayed lip-syncing; overly smooth skin texture; and audio that does not precisely match facial movements.

The most reliable rule is if you receive an investment video from any source, no matter how trusted, verify the claim directly through the organisation’s official channels before taking any action. MIMOS’ deepfake detection technology is designed to identify these forgeries at a technical level far beyond what human perception can detect.

Q: What is MIMOS’ role in addressing deepfake fraud in Malaysia?

MIMOS, the national applied R&D centre under the Ministry of Science, Technology and Innovation (MOSTI), has developed multi-vector deepfake detection technology encompassing text verification, voice clone detection, frame-by-frame deepfake video analysis, and facial biometric identity verification. These capabilities are integrated into the Trusted Intelligence Platform (TIP), a five-year 13th Malaysia Plan programme building Malaysia’s national digital trust infrastructure. MIMOS is also organising the National Dialogue on Trusted Intelligence 2026 to shape Malaysia’s governance response to AI-driven fraud.

Q: What is the difference between MIMOS and the National AI Office (NAIO) of Malaysia?

The National AI Office of Malaysia (NAIO), operating under a separate ministry, leads the national AI policy agenda, including risk management frameworks, hazard mitigation guidelines, and upcoming AI legislation. MIMOS builds the technical infrastructure that makes AI policy enforceable in practice. These are complementary roles: NAIO defines the regulations, while MIMOS builds the tools to implement and enforce them. Malaysia requires both to operate at full capacity simultaneously.

Digital Trust is Not Optional, It Is Infrastructure

There is a direct link between the robustness of Malaysia’s digital trust infrastructure and the safety of every Malaysian who uses a smartphone to manage their savings, communicate with family, or interact with the government. That infrastructure is not yet fully in place, but MIMOS is currently building it.

The National Dialogue on Trusted Intelligence 2026 serves as the governance pillar that unites those responsible for building this infrastructure. It is a closed and targeted discussion, but its outcomes are for everyone.

Because in Malaysia, where a leader’s face can be forged, a governor’s voice can be cloned, and 35,368 families lost RM1.58 billion in a single year alone, digital trust is not an optional feature. It is a critical national infrastructure.

References

All data used in this article is sourced from verified public records.

  • Bank Negara Malaysia Official Instagram Deepfake Advisory Reel. instagram.com/reel/DYEssuzjz5b (2025)
  • Focus Malaysia ‘Disturbing fake AI video of Pahang Sultan raises concern on identity theft.’ focusmalaysia.my
  • Malay Mail ‘AI scams are getting real: Here are the cases happening in Malaysia.’ 4 August 2025.
  • Ministry of Digital Malaysia AI Guidelines and Scam Statistics Press Release. digital.gov.my (August 2025)
  • PDRM / JSJK Bukit Aman Cybercrime Statistics 2022–2024.
  • Kementerian Dalam Negeri Dewan Negara statement on online fraud losses. September 2025.
  • BERNAMA ‘Malaysia Must Strengthen AI Policies to Curb Deepfake Scams.’ March 2026.
  • DayakDaily ‘Online scam cases more than double from 35,470 in 2024 to 74,744 in 2025.’ May 2026.
  • Penang Institute ‘Combating Scam Syndicates in Malaysia and Southeast Asia.’ March 2025.
  • Global Anti-Scam Alliance (GASA) State of Scam Report Malaysia 2024.
  • Bank of China Malaysia Corporate Banking Security Advisory: Deepfake/AI Scam. bankofchina.com.my
  • Kementerian Ekonomi Program: Platform Trusted Intelligence (TIP). [RAHSIA financial projections require declassification before public use]