Online financial scam victimisation in Malaysia persists despite stronger enforcement, expanded regulatory frameworks and growing public awareness. Individuals with financial knowledge, digital competence and prior scam awareness continue to authorise fraudulent transfers, demonstrating that knowledge-gap explanations alone are inadequate. Drawing on Protection Motivation Theory, this study explores the cognitive and behavioural processes through which victimisation unfolds. An interpretivist qualitative design incorporated in-depth interviews with fifteen scam victims and fourteen Commercial Crime Investigation Department officers, supplemented by thirty publicly available police case reports. Thematic analysis identified three sequential stages. Threat appraisal was disrupted by reward salience, social validation and situational financial pressure. Coping appraisal was suppressed through emotional overload, authority impersonation and convenience framing. Post-victimisation experience produced either adaptive vigilance or excessive trust withdrawal. Together, these stages show that Protection Motivation Theory can explain scam victimisation as a time-based process rather than as a static predictor model, revealing that its constructs shift dynamically across the scam encounter. This explains why knowledge and competence alone do not guarantee protection. The findings advance scam victimisation research and offer practical insights for Malaysian financial regulation, consumer protection and behavioural intervention design, consumer protection policy and behavioural intervention systems that target the moment protective judgement breaks down.
Bernama. (2025, August 12). Police: Online scams cost Malaysians over RM2.7 billion as of November. https://www.bernama.com/en/news.php/general/crime_courts/news.php?id=2500014
Bowen, G. A. (2009). Document analysis as a qualitative research method. Qualitative Research Journal, 9(2), 27-40. https://doi.org/10.3316/QRJ0902027
Braun, V. and Clarke, V. (2013). Successful qualitative research: A practical guide for beginners. Sage.
Clubb, A. C. and Hinkle, J. C. (2015). Protection motivation theory as a theoretical framework for understanding the use of protective measures. Criminal Justice Studies, 28(3), 336-355. https://doi.org/10.1080/1478601X.2015.1050590
Cohen, L. E. and Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588-608. https://doi.org/10.2307/2094589
Cressey, D. R. (1953). Other people’s money: A study in the social psychology of embezzlement. Free Press.
Creswell, J. W. and Miller, D. L. (2000). Determining validity in qualitative inquiry. Theory Into Practice, 39(3), 124-130. https://doi.org/10.1207/s15430421tip3903_2
Creswell, J. W. and Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches (4th ed.). Sage.
Crossler, R. E. and Belanger, F. (2014). An extended perspective on individual security behaviours: Protection motivation theory and a unified security practices instrument. The DATA BASE for Advances in Information Systems, 45(4), 51-71. https://doi.org/10.1145/2691517.2691521
Cuadra, J. M., Mandras, Y. S., Raya, M. R., Belardo, H. B., Lopez, R. P., and Rodriguez, J. G. E. (2025). Experiencing investment scams in the Philippines: An interpretative phenomenological analysis of victims’ financial decision-making. Review of Behavioral Finance, 17(5), 769-784. https://doi.org/10.1108/RBF-03-2025-0116
CyberSecurity Malaysia. (2025). MyCERT incident statistics. https://www.mycert.org.my/portal/statistics-content
De Kimpe, L., Walrave, M., Verdegem, P., and Ponnet, K. (2022). What we think we know about cybersecurity: An investigation of the relationship between perceived knowledge, internet trust, and protection motivation in a cybercrime context. Behaviour and Information Technology, 41(8), 1796-1808. https://doi.org/10.1080/0144929X.2021.1905066
Denzin, N. K. and Lincoln, Y. S. (2011). The SAGE handbook of qualitative research (4th ed.). Sage.
Department of Statistics Malaysia. (2025). ICT use and access by individuals and households survey report 2024. https://www.dosm.gov.my
Du, W. and Chen, M. (2023). Too much or less? The effect of financial literacy on resident fraud victimization. Computers in Human Behavior, 148, 107914. https://doi.org/10.1016/j.chb.2023.107914
Elueze, I. and Quan-Haase, A. (2018). Privacy attitudes and concerns in the digital lives of older adults: Westin’s privacy attitude typology revisited. American Behavioral Scientist, 62(10), 1372-1391. https://doi.org/10.1177/0002764218787026
Eshet, Y. (2004). Digital literacy: A conceptual framework for survival skills in the digital era. Journal of Educational Multimedia and Hypermedia, 13(1), 93-106.
Ferrari, A. (2012). Digital competence in practice: An analysis of frameworks. Publications Office of the European Union.
Floyd, D. L., Prentice-Dunn, S., and Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407-429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
Gilster, P. (1997). Digital literacy. Wiley.
Haag, S., Siponen, M., and Liu, F. (2021). Protection motivation theory in information systems security research. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 52(2), 25-67. https://doi.org/10.1145/3462766.3462770
Holtfreter, K., Reisig, M. D., and Pratt, T. C. (2008). Low self-control, routine activities, and fraud victimization. Criminology, 46(1), 189-220. https://doi.org/10.1111/j.1745-9125.2008.00101.x
Huston, S. J. (2010). Measuring financial literacy. Journal of Consumer Affairs, 44(2), 296-316. https://doi.org/10.1111/j.1745-6606.2010.01170.x
Jenkins, J. L., Grimes, M., Proudfoot, J. G., and Lowry, P. B. (2014). Improving password cybersecurity through inexpensive and minimally invasive means: Detecting and deterring password reuse through keystroke-dynamics monitoring and just-in-time fear appeals. Information Technology for Development, 20(2), 196-213. https://doi.org/10.1080/02681102.2013.814040
Kvale, S. and Brinkmann, S. (2009). Interviews: Learning the craft of qualitative research interviewing (2nd ed.). Sage.
Lincoln, Y. S. and Guba, E. G. (1985). Naturalistic inquiry. Sage.
Lusardi, A. and Mitchell, O. S. (2007). Baby boomer retirement security: The roles of planning, financial literacy, and housing wealth. Journal of Monetary Economics, 54(1), 205-224. https://doi.org/10.1016/j.jmoneco.2006.12.001
Lusardi, A. and Mitchell, O. S. (2014). The economic importance of financial literacy: Theory and evidence. Journal of Economic Literature, 52(1), 5-44. https://doi.org/10.1257/jel.52.1.5
Martens, M., De Wolf, R., and De Marez, L. (2019). Investigating and comparing the predictors of the intention towards taking security measures against malware, scams, and cybercrime in general. Computers in Human Behavior, 92, 139-150. https://doi.org/10.1016/j.chb.2018.11.002
Milne, S., Orbell, S., and Sheeran, P. (2002). Combining motivational and volitional interventions to promote exercise participation: Protection motivation theory and implementation intentions. British Journal of Health Psychology, 7(2), 163-184. https://doi.org/10.1348/135910702169420
OECD. (2018). OECD/INFE toolkit for measuring financial literacy and financial inclusion. OECD.
OECD. (2020). OECD/INFE 2020 international survey of adult financial literacy. OECD.
Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. T. Cacioppo and R. E. Petty (Eds.), Social psychophysiology: A sourcebook (pp. 153-176). Guilford Press.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., and Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers and Security, 53, 65-78. https://doi.org/10.1016/j.cose.2015.05.012
Savin-Baden, M. and Major, C. H. (2013). Qualitative research: The essential guide to theory and practice. Routledge.
Schreier, M. (2012). Qualitative content analysis in practice. Sage.
Schwartz, S. H. (1992). Universals in the content and structure of values: Theoretical advances and empirical tests in 20 countries. In M. P. Zanna (Ed.), Advances in experimental social psychology (Vol. 25, pp. 1-65). Academic Press. https://doi.org/10.1016/S0065-2601(08)60281-6
Schwartz, S. H., Cieciuch, J., Vecchione, M., Davidov, E., Fischer, R., Beierlein, C., Ramos, A., Verkasalo, M., Lonnqvist, J. E., Demirutku, K., Dirilen-Gumus, O., and Konty, M. (2012). Refining the theory of basic individual values. Journal of Personality and Social Psychology, 103(4), 663-688. https://doi.org/10.1037/a0029393
Statista. (2024). Mobile banking transaction value in Malaysia. https://www.statista.com
Tsai, H.-Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., and Cotten, S. R. (2016). Understanding online safety behaviours: A protection motivation theory perspective. Computers and Security, 59, 138-150. https://doi.org/10.1016/j.cose.2016.02.009
Van Wilsem, J. (2013). Bought it, but never got it: Assessing risk factors for online consumer fraud victimization. European Sociological Review, 29(2), 168-178. https://doi.org/10.1093/esr/jcr053
Vousinas, G. L. (2019). Advancing theory of fraud: The S.C.O.R.E. model. Journal of Financial Crime, 26(1), 372-381. https://doi.org/10.1108/JFC-12-2017-0128
Wilkinson, D. and Knijnenburg, B. P. (2022). Many islands, many problems: An empirical examination of online safety behaviors in the Caribbean. Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, Article 87, 1–15. https://doi.org/10.1145/3491102.3517643
Witte, K. (1994). Fear control and danger control: A test of the extended parallel process model. Communication Monographs, 61(2), 113-134. https://doi.org/10.1080/03637759409376328
Wolfe, D. T. and Hermanson, D. R. (2004). The fraud diamond: Considering the four elements of fraud. The CPA Journal, 74(12), 38-42.
World Bank. (2025). Individuals using the Internet (% of population): Malaysia. https://data.worldbank.org/indicator/IT.NET.USER.ZS?locations=MY
Basir, M. A. Q. A., Yahya, M. H. D. H., Mustafa, H., & Soh, W. N. (2026). Capable Yet Deceived: A Qualitative Exploration of Cognitive and Behavioural Processes in Online Financial SCAM Victimisation in Malaysia. International Journal of Academic Research in Business and Social Sciences, 16(5), 1028–1045.
Copyright: © 2026 The Author(s)
Published by Knowledge Words Publications (www.kwpublications.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode
