Phishing sites in PH surge 423 percent as cybercriminals industrialize fraud

Phishing websites targeting Filipinos skyrocketed from 731 in 2024 to 3,824 in 2025, a 423 percent increase, according to the Philippine Threat Landscape Report 2025 released by Check Point Software Technologies Ltd., a global leader in cybersecurity solutions.

The report, first presented during the inaugural CXO Elite Club Philippines dinner, a private, invitation-only gathering of senior industry leaders and decision-makers, paints a picture of a cyber threat environment that has grown not just more frequent, but more systematic.

Cybercriminals have shifted from isolated technical attacks to what the report describes as industrialized, large-scale operations specifically targeting the country’s mobile-first population.

Smishing, or SMS-based phishing, has emerged as the dominant threat vector, with attackers exploiting telecom-level manipulation techniques to circumvent the inherent trust Filipinos place in text messages.

Ransomware incidents nearly doubled as well, rising from nine recorded attacks in 2024 to 17 in 2025.

The Qilin ransomware group was identified as the most aggressive actor, deploying cross-platform ransomware and double extortion tactics across industries including finance, retail, healthcare, manufacturing, food, business services, media, and real estate.

Social media impersonation also climbed sharply, with fake executive and brand profiles jumping 37 percent, from 940 cases to 1,291 cases.

Banks bore the brunt of this trend, as attackers increasingly used AI-powered chatbots to push investment scams and amplify financial deception at scale.

Data exposure incidents compounded the picture.

Source code leaks more than doubled, from 38 to 81 cases, while third-party breach incidents rose from 8 to 29, underscoring the Philippines’ deepening vulnerability to supply-chain attacks.

Data from Check Point Exposure Management Research indicates that rapid cloud adoption and growing vendor reliance are expanding the national attack surface faster than many organizations can secure it.

The report identifies the government and public sector as facing high-visibility distributed denial-of-service (DDoS) attacks and website defacements tied to political events and hacktivism.

Financial services institutions are suffering widespread fraud exposure through account takeovers, brand impersonation, and credential harvesting.

Critical infrastructure is being targeted by disruption-focused reconnaissance and DDoS attempts, particularly during periods of geopolitical tension.

Education platforms, meanwhile, are frequently used as testing grounds by emerging threat actors owing to their comparatively lower cyber maturity.

Financial fraud and e-gaming schemes are no longer amateur operations, the report further warns.

Powered by underground SIM card markets and celebrity deepfakes, these fraud ecosystems now function as full-scale cross-border criminal enterprises rather than isolated scams.

Looking ahead to 2026, Check Point predicts that artificial intelligence (AI) will amplify existing fraud vectors rather than replace them, making scams faster, more convincing, and more widespread.

Near-field communication (NFC) payment fraud is expected to rise alongside the continued growth of Google Pay and local e-wallets.

Supply-chain breaches are also projected to escalate as more Philippine organizations integrate AI tools and cloud-based services into their workflows.

Deepfakes and misinformation are expected to increasingly target brands, executives, and political institutions.

The report concludes that the Philippine threat landscape has shifted decisively toward high-impact, high-visibility, low-complexity vectors, centered on phishing, identity abuse, external misconfigurations, and cloud-based exposures, and that these systemic changes demand a fundamental rethinking of national cybersecurity strategies.

“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” said Ritchelle Santos, Senior Cyber Threat Intelligence Analyst at Check Point Exposure Management Research.

“In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything, every message, every transaction, and every identity, every time.”