This article first appeared in Digital Edge, The Edge Malaysia Weekly on March 24, 2025 - March 30, 2025

Festive seasons in 2025 have come one after another, but alongside the celebrations, online scams have been on the rise. With Hari Raya Aidilfitri just around the corner, the festivities may be far from over — but so is the activity of cybercriminals.

People often lower their guard amid the excitement and revelry of the season, creating opportunities for scammers to strike. For instance, during Chinese New Year, fraudsters exploited the tradition of red packet exchanges by impersonating familiar contacts to deceive victims into transferring money.

Compounded by advancements in artificial intelligence (AI), traditional scams are becoming more sophisticated. Cybercriminals are now leveraging deepfake technology to mimic the faces and voices of loved ones, making it even easier to deceive unsuspecting victims.

Now, with the holidays coming up, new and similar threats could be on the verge of springing up, in addition to the existing schemes.

Maintaining strong cyber-hygiene practices will be crucial, including being cautious about random links and securing sensitive information with multi-factor authentication. However, Subhalakshmi Ganapathy, senior IT security evangelist at ManageEngine, highlights another key concern that arises when more people shift to remote work in the lead-up to the holidays.

Those working in public spaces should be cautious of unsecured networks that could leave their devices vulnerable. Subhalakshmi warns that using public WiFi can expose sensitive data and significantly increase security risks.

“When you connect to a public WiFi, you have to be very cautious while shopping or making an online transaction. This is because public WiFis are very easy to crack and it may possibly result in credential or financial loss when you are not paying attention,” says Subhalakshmi.

In cases where public WiFi is the only option available, she advises that one should be vigilant by monitoring the activities in the background and spotting suspicious patterns in one’s access or checking if any additional applications have been installed onto one’s device.

Subhalakshmi adds that reporting scams are just as important as staying vigilant as reaching out to let the authorities know of such cases can help prevent the adversaries from propagating even more threats.

Moreover, enterprises should continue strengthening their cybersecurity measures to protect the data of both the organisation and its clients. Subhalakshmi stresses the importance of maintaining on-premises as well as cloud cybersecurity, with regular maintenance and updates scheduled and patched to reduce vulnerabilities.

Additionally, depending on the company’s security budget, needs and environment, the business can opt to install or deploy technologies such as cloud access security brokers and data loss prevention systems.

As technology continues to develop and AI becomes more sophisticated, Subhalakshmi reiterates that the evolution of technology will make it increasingly difficult to predict the scope of threats that will come up in the future.

Especially for the elderly population who are more susceptible to scams, extra vigilance will be required throughout the year to detect deepfake and AI scams on social media platforms as well as maintain a subconscious wariness to online scams.

“It will become harder to detect socially engineered threats. We are on social media all the time and deepfakes are rising. So, it will be very hard to detect a fake social media profile or a fake social engineering-based attack. It’s my opinion that these two will become even more sophisticated.”

Although AI will undoubtedly enhance the range of cyberthreats, the reverse can also become a reality. Businesses can seek to leverage AI advancements by looking into offensive AI in addition to defensive AI to combat the rising threats.

While AI is predominantly being employed in defence systems — such as automating threat responses, providing relevant data and reducing false positives — these deployments allow cybersecurity teams to spend more time on investigations and to look strategically at the volume of cyberthreats.

“We need to explore, employ and leverage the capabilities of AI to the fullest, especially in areas of detection,” says Subhalakshmi.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.