Cybersecurity threats in the Philippines intensified sharply in 2025, with phishing activity surging more than fourfold as criminal groups shift toward large-scale, organized fraud operations, according to a new threat landscape report released by Check Point Research.
The study found that phishing websites linked to Philippine targets rose from 731 in 2024 to 3,824 in 2025 — a 423% increase — reflecting what researchers described as a move away from isolated hacking incidents to “industrialized” cybercrime campaigns aimed at the country’s mobile-first population.
Smishing, or SMS-based phishing, has emerged as a dominant tactic, with attackers exploiting mobile channels and telecommunications infrastructure to bypass traditional trust safeguards.
The report noted that rapid cloud adoption and growing reliance on third-party vendors are expanding the country’s digital attack surface faster than many organizations can secure it.
Ransomware incidents also increased, climbing from nine recorded cases in 2024 to 17 in 2025.
The Qilin ransomware group was identified as one of the most aggressive actors, deploying cross-platform attacks and double-extortion schemes against sectors including finance, retail, healthcare, manufacturing, and media.
Cases of social media impersonation rose 37%, from 940 to 1,291, as scammers used fake executive and brand profiles — often powered by AI-driven chatbots — to promote investment fraud and other financial scams. Banks were among the most heavily targeted institutions.
The report also pointed to signs of widening supply-chain vulnerabilities. Source-code leaks more than doubled, from 38 to 81 cases, while breaches involving third-party providers increased from eight to 29 incidents.
Researchers said cyber-enabled financial fraud and illegal online gaming schemes are evolving into coordinated, cross-border operations supported by underground SIM card markets and deepfake technology.
Government agencies, financial institutions, and critical infrastructure were identified as high-value targets for distributed denial-of-service (DDoS) attacks, credential harvesting, and disruption-focused probing, while education platforms were frequently used by threat actors to test new techniques due to relatively lower cybersecurity maturity.
Looking ahead to 2026, the report warned that artificial intelligence will likely accelerate existing scams by making them faster, more convincing, and easier to scale.
It also projected increased risks tied to digital payments, e-wallet expansion, and deeper integration of AI and cloud services across Philippine organizations.
The findings suggest that cyber threats are increasingly characterized not by technical complexity but by scale and automation, requiring organizations to strengthen identity verification, cloud security, and supply-chain defenses.
“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” said Ritchelle Santos, senior cyber threat intelligence analyst at Check Point Exposure Management Research.
“In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything — every message, every transaction, and every identity — every time.”
