Phishing attacks surge 423% as scammers target mobile-first Filipinos

If you’ve received a suspicious text about a package delivery, a bank alert, or an investment opportunity, you’re not alone.

Cybersecurity firm Check Point Software Technologies Ltd. reported a 423-percent spike in phishing websites targeting Filipinos in 2025, reflecting what experts describe as the “industrialization” of online fraud in a country where daily life increasingly runs on mobile phones.

According to the firm’s Philippine Threat Landscape Report 2025, phishing sites surged from 731 in 2024 to 3,824 in 2025. Even more alarming is the rise of “smishing,” SMS-based phishing, where scammers send deceptive text messages designed to look like they come from banks, delivery services or government agencies.

As digital payments, online shopping and e-wallet use expand, cybercriminals are scaling their operations with automation and artificial intelligence. Social media impersonation cases rose 37 percent last year, with scammers creating fake executive profiles and brand accounts to promote investment schemes and harvest personal information.

Ransomware attacks also nearly doubled, affecting sectors from finance and retail to healthcare and education.

The report warns that fraud groups are now operating like organized businesses, using underground SIM card markets and even AI-generated deepfakes to make scams appear legitimate.

Government agencies, banks and even schools have been targeted, but ordinary consumers remain the most exposed. Many attacks rely not on technical complexity, but on urgency and deception — fake account suspensions, prize winnings, loan approvals or package delivery issues.

“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” Ritchelle Santos, senior cyber threat intelligence analyst at Check Point Exposure Management Research, said.