Phishing activity in the Philippines surged by more than 400 per cent in 2025, according to new threat intelligence published by Check Point Research, underscoring a shift toward large-scale, industrialised fraud targeting the country’s mobile-first population.
The Philippine Threat Landscape Report 2025, released in Manila, indicates that the number of detected phishing websites rose from 731 in 2024 to 3,824 in 2025 — a 423 per cent increase. SMS-based phishing, or “smishing”, has emerged as the dominant vector, reflecting the country’s high mobile penetration and widespread use of digital banking and e-wallet platforms.
Check Point’s researchers say cybercrime in the Philippines is increasingly characterised by automation, scale and identity-based deception rather than highly technical exploits. The report notes that attackers are leveraging telecom-level tactics and social engineering to bypass traditional trust mechanisms associated with mobile communications.
Ransomware incidents also increased, rising from nine recorded cases in 2024 to 17 in 2025. The Qilin ransomware group was identified as a prominent actor, using cross-platform ransomware and double extortion tactics. Affected sectors reportedly include finance, retail, healthcare, manufacturing and professional services.
Social media impersonation rose 37 per cent year-on-year, with fake executive and brand profiles increasing from 940 to 1,291 cases. Financial institutions were identified as primary targets, with attackers using AI-driven chatbots and fabricated investment schemes to scale fraud campaigns.
The report also highlights growing supply-chain and cloud-related exposure. Detected source code leaks more than doubled, while reported third-party breach incidents increased from eight to 29 cases. Researchers suggest that accelerating cloud adoption and reliance on external vendors are expanding the national attack surface faster than many organisations can manage.
Government agencies and public sector entities were cited as frequent targets of distributed denial-of-service (DDoS) attacks and website defacements, often linked to political events or hacktivist activity. Critical infrastructure operators reportedly faced reconnaissance and disruption attempts, particularly during periods of geopolitical tension.
Financial services firms continue to face credential harvesting, account takeover attempts and brand impersonation campaigns. Education platforms were identified as comparatively lower-maturity environments that are sometimes used by threat actors to test new techniques.
Looking ahead to 2026, Check Point Research predicts that artificial intelligence will amplify existing fraud tactics rather than replace them, making scams faster to generate and more convincing. The expansion of contactless payments and e-wallet adoption is expected to increase exposure to NFC-based fraud, while deeper integration of AI tools and cloud services may heighten supply-chain risk.
The report concludes that the Philippine threat environment is increasingly defined by high-volume, high-visibility attacks that exploit identity, trust and configuration weaknesses rather than zero-day vulnerabilities.
As the country continues to digitise financial services, government platforms and consumer applications, the data suggests that defensive strategies will need to prioritise identity protection, external exposure management and public awareness to counter fraud at scale.
