Check Point Software Technologies revealed in a report that the Philippines encountered a huge surge in Phishing attacks in 2025. In their Philippine Threat Landscape Report 2025, cybercriminals have moved from isolated technical attacks to industrialized cybercrime operations aimed to the country’s mobile-first population.
“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” said Ritchelle Santos, Senior Cyber Threat Intelligence Analyst, Check Point Exposure Management Research. “In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything—every message, every transaction, and every identity—every time.”
Table of Contents
Check Point Report: The Numbers Tell the Story
The report shows that the Philippines experienced a Phishing and Smishing Explosion. Phishing websites surged from 731 in 2024 to 3,824 in 2025, a staggering 423% increase. Smishing or SMS phishing has become the dominant threat, with attackers now using telecom-level manipulation to bypass mobile trust barriers. This has been reported multiple times in 2025 were mobile users received text messages from banks and other institutions in certain areas that looked legitimate but they were actually “smished” by the perpetrators.
Ransomware has also nearly doubled. Recorded attacks grew from 9 in 2024 to 17 in 2025. The Qilin ransomware group emerged as the most aggressive actor, using cross-platform ransomware and double extortion tactics to prey on industries ranging from finance and retail to healthcare, manufacturing, food, business services, media and real estate.
Social Media Impersonation up by 37%. Fake executive and brand profiles jumped from 940 cases to 1,291 cases. Banks are the hardest hit, as attackers leverage AI chatbots to push investment scams and scale financial deception.
ALSO READ: Kaspersky reveals the journey of stolen data after phishing attacks
Industrialized Fraud and High-Value Targets
The research highlights that financial fraud and e-gaming schemes are no longer amateur operations. Powered by underground SIM card markets and celebrity deepfakes, these fraud ecosystems now function as full-scale cross-border operations rather than isolated scams.
The Government and the Public Sector are still facing high-visibility DDoS attacks and defacements tied to political events and hacktivism, while Critical Infrastructure are targeted by disruption-focused reconnaissance and DDoS attempts, particularly during periods of geopolitical tension.
Financial Institutions are suffering massive fraud exposure through account takeovers, brand impersonation and credential harvesting while Education Platforms are being frequently used as “test beds” for emerging threat actors due to lower cyber maturity.
Outlook for 2026: AI and NFC Payment Fraud
Check Point predicts that 2026 will see AI amplify existing fraud vectors, rather than replacing them, making scams faster, more believable and more widespread. Additionally, NFC payment fraud is expected to rise alongside Google Pay, and the expansion of local e-wallets. Supply-chain breaches are also projected to escalate as more Philippine organizations integrate AI tools and cloud-based services into their workflows. Deepfakes and misinformation will increasingly target brands, executives and political institutions.
The report concludes that the Philippine threat landscape has shifted towards high-impact, high-visibility, low-complexity vectors, focusing on phishing, identity abuse, external misconfigurations and cloud-based exposures. These systemic changes require a fundamental shift in national defensive strategies to protect the country’s digital economy.
