简体中文
繁體中文
English
Pусский
日本語
ภาษาไทย
Tiếng Việt
Bahasa Indonesia
Español
हिन्दी
Filippiiniläinen
Français
Deutsch
Português
Türkçe
한국어
العربية
اردو
Fake Boss, Real Losses: Business Lost Nearly RM1 Million in WhatsApp Impersonation Scam
Abstract:A Malaysian food distribution company has lost RM970,000 after a staff member was deceived by fraudsters posing as the company's manager through a compromised WhatsApp account.

A Malaysian food distribution company has lost RM970,000 after a staff member was deceived by fraudsters posing as the company's manager through a compromised WhatsApp account.
Unlike traditional investment scams that rely on promises of high returns, executive impersonation fraud exploits trust within an organisation. Criminals impersonate senior executives or managers and pressure employees into making urgent financial transfers, often before internal verification procedures can take place.
According to Muallim District Police Chief Superintendent Khalid Mohamad, the victim was a 31-year-old company clerk who lodged a police report at around 11am following the incident.
Preliminary investigations indicate that the employee received a WhatsApp message from someone she believed to be her company manager. Police believe the manager's WhatsApp account had been compromised, allowing the suspect to communicate with employees while appearing to be a legitimate company representative.
Believing the instructions were genuine, the clerk carried out a series of fund transfers on behalf of the company. Acting on directions received through the messaging application, she transferred a total of RM970,000 in three separate transactions into two different bank accounts.
The fraud only came to light when the individual behind the messages requested additional transfers. The repeated demands raised the employee's suspicions, prompting her to verify the instructions directly with her manager.
It was only then that she discovered the manager had never authorised the payments. Realising that the company had been targeted by scammers, she immediately reported the incident to the police.
The case is currently being investigated under Section 420 of the Penal Code, which covers offences involving cheating and dishonestly inducing the delivery of property.
The latest incident reflects a growing trend in cyber-enabled business fraud, where criminals exploit communication platforms such as WhatsApp to impersonate company executives. Unlike phishing attacks that target login credentials, these scams rely on social engineering, manipulating victims into voluntarily transferring funds by creating a sense of urgency and authority.
Cybercriminals often spend time gathering information about a company's structure through publicly available sources, social media platforms or previous data breaches. This enables them to identify employees responsible for handling payments and to mimic the communication style of senior management, making fraudulent instructions appear convincing.
Messaging applications have become a preferred tool for these attacks because many businesses now rely on them for day-to-day communication. Employees who regularly receive payment instructions through mobile messaging may be less likely to question requests that appear to come from a trusted superior.
The financial impact of such scams can be severe. While investment fraud continues to generate some of the highest losses among Malaysian scam victims, business email compromise and executive impersonation scams are increasingly affecting companies of all sizes. In many cases, funds are transferred through multiple bank accounts shortly after payment, making recovery significantly more difficult.
For businesses, relying solely on a message received through WhatsApp or another messaging platform may expose the organisation to unnecessary risk. Verifying payment instructions through a direct telephone call or face-to-face confirmation can help prevent substantial financial losses.
Following the incident, police urged victims of scams to act immediately by contacting the National Scam Response Centre (NSRC) via its 997 hotline. Early reporting allows financial institutions and enforcement agencies to begin tracing transactions and, where possible, freeze suspicious bank accounts before funds are withdrawn or transferred elsewhere.
For Malaysian businesses, the lesson is clear. Every unexpected payment request, regardless of who appears to have sent it, should be independently verified before funds are transferred. In an era where messaging accounts can be compromised and identities easily impersonated, a simple verification call may be the difference between protecting company assets and losing hundreds of thousands of ringgit within minutes.

Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
