Cyberkiz
Get Started
CRITICAL THREAT

Agrobank Confirms RM203 Million Online Fraud Loss in Malaysia

other· cases·RM203.8 million losses·Updated 15 May 2026

Bank Pertanian Malaysia Bhd (Agrobank) has confirmed a loss of RM203.8 million due to online fraud. The figure was disclosed by Home Minister Datuk Seri Saifuddin Nasution Ismail in a written parliamentary reply on 4 February 2026. The fraud was first reported in November 2025, when Agrobank initially acknowledged an "internal system issue" while reviewing the situation.

The fraud involved the use of mule accounts — bank accounts used by criminals for illegal fund transfers. A total of 47 individuals have been arrested in connection with the case, with three formally charged under Section 424C(1) of the Penal Code for using bank accounts for illegal activities. The remaining 44 suspects are still under investigation. Agrobank has assured customers that no customer accounts were compromised during the incident.

The RM203.8 million loss involved criminals exploiting mule accounts within the banking system to move illicit funds. Mule accounts are legitimate bank accounts — sometimes opened using stolen identities, sometimes belonging to willing participants recruited as money mules — that are used as conduits for fraud proceeds.

The investigation is being conducted by the Royal Malaysia Police with support from CyberSecurity Malaysia and Bank Negara Malaysia (BNM). Agriculture and Food Security Minister Datuk Seri Mohamad Sabu, whose ministry oversees Agrobank, stated that the investigation has been left entirely to the authorities.

Those charged under Section 424C(1) face imprisonment of 3 to 10 years, a fine of RM10,000 to RM150,000, or both. The case underscores the critical need for stronger fraud detection systems and mule account monitoring across Malaysian financial institutions, particularly as BNM has been tightening requirements under its Risk Management in Technology (RMiT) framework.

Is my money safe in Malaysian banks after the Agrobank fraud?

Malaysian banks are required to maintain fraud prevention controls under BNM's RMiT framework. While no system is immune to fraud, regulators are actively enforcing compliance. Monitor your accounts regularly and report any suspicious activity immediately.

How do I report online banking fraud in Malaysia?

Call 997 (NSRC), lodge a police report, report via SemakMule at semakmule.rmp.gov.my. Also contact your bank's fraud hotline immediately to freeze affected accounts.

Red Flags

  • !Unexpected SMS or emails asking you to verify your account — Banks do not send links asking for login credentials via SMS or email
  • !Calls from people claiming to be bank staff requesting your OTP or TAC — No legitimate bank employee will ever ask for these codes
  • !Unfamiliar transactions on your account — Even small unauthorised debits can indicate that your credentials have been compromised
  • !Login notifications from unrecognised devices or locations — These suggest someone else may have access to your account
  • !Fake banking apps or websites — Always access your bank through the official app or by typing the URL directly, never through links in messages

📞 How to Report

  1. 1Contact your bank immediately to freeze your account if you suspect unauthorised access
  2. 2Change your online banking password and enable all available security features
  3. 3Call 997 (National Scam Response Centre) immediately
  4. 4Lodge a police report at your nearest station
  5. 5Report via SemakMule (semakmule.rmp.gov.my)

Want to learn more?

Book a scam awareness workshop for your family, community group, or organisation.

View Anti-Scam Programme