SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Filipino user haunted by fake notifications shadowy binary figure
#
Firewalls
#
Ransomware
#
Network Security

Phishing & smishing scams surge across Philippines

Thu, 19th Feb 2026
Author image
By Kaleah Salmon, News Editor

Cybercriminals sharply increased their use of phishing and SMS-based scams in the Philippines in 2025, alongside higher levels of social media impersonation, ransomware activity and data exposure, according to new figures from Check Point Research.

Check Point Research counted 3,824 phishing websites in 2025, up from 731 a year earlier-a 423% increase. The report describes a shift to large-scale fraud targeting mobile users and consumer-facing services.

Smishing, or phishing via text messages, is a major finding. Attackers are increasingly using techniques that exploit the trust people place in messages delivered to their phones. The report links the rise to a fraud ecosystem that relies on SIM card supply and cross-border operations.

Impersonation rise

Social media impersonation also rose in 2025. The research recorded 1,291 fake executive and brand profiles, up from 940 the year before-a 37% increase.

Banks featured prominently. Attackers use automated chat tools to message targets and promote investment scams, enabling financial deception to scale quickly across platforms consumers use every day.

The findings also point to celebrity deepfakes as part of the fraud economy. In this model, synthetic media and copied brand identities lure victims into credential theft, account takeover attempts and payment fraud.

Ransomware counts

Ransomware incidents rose from 9 in 2024 to 17 in 2025. Qilin was the most active ransomware group in the dataset, with attacks that combine data theft and extortion demands.

Affected sectors span finance, retail, healthcare, manufacturing, food, business services, media and real estate. The breadth reflects operators' focus on disruption and leverage rather than narrow technical targeting.

Data exposure

The report also highlights growth in indicators of data exposure and supply-chain risk. It recorded 81 source code leaks in 2025, up from 38 in 2024, and 29 third-party breach incidents, up from 8 in 2024.

The figures suggest greater exposure is associated with vendor relationships and external dependencies. The report links the trend to faster cloud adoption and wider reliance on third parties than many organisations can secure at the same pace.

External misconfigurations and cloud-based exposures also feature as prevailing risks. These are framed as high-impact issues that can stem from routine operational gaps rather than advanced intrusion techniques.

Targets and tactics

The analysis identifies several categories of high-value targets. Government and public sector organisations face denial-of-service attacks and defacement attempts associated with political events and hacktivism.

Financial services organisations are at the centre of fraud trends, with brand impersonation, credential harvesting, and account takeover attempts recurring.

Critical infrastructure organisations face reconnaissance and disruption-focused attempts, particularly during periods of geopolitical tension. Education platforms can also serve as early testing grounds for emerging actors because of lower levels of cyber maturity.

The broader message is that many of the most damaging incidents now rely on deception and operational scale. The report describes a shift away from isolated, technically complex attacks and toward repeatable playbooks that exploit identity and communication channels.

2026 outlook

Looking ahead, the research expects artificial intelligence to increase the volume and plausibility of fraud attempts rather than replace established methods. It also forecasts more NFC payment fraud alongside wider adoption of services such as Google Pay and the growth of local e-wallets.

Supply-chain breaches are also projected to rise as more organisations integrate AI tools and cloud services into everyday workflows. Deepfakes and misinformation are increasingly expected to target brands, executives, and political institutions.

"Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception," said Ritchelle Santos, Senior Cyber Threat Intelligence Analyst, Check Point Exposure Management Research.

"In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything-every message, every transaction, and every identity-every time," Santos said.

Related stories
Sweep wins cybersecurity firms for Salesforce control
Xiid secures EV charging, healthcare AI & multi-cloud
AI-fuelled crime drives illicit funds to $4.4 trillion
AI agents drive surge in cyber threats & extortion
Tenable appoints Dino DiMarino to drive AI security growth

Top stories

Manifest tool boosts SBOMs for critical C & C++ code
Stryker probes global cyber attack via MDM systems
Global CISO Council launched to steer AI governance
MIND unveils Autonomous DLP Analyst to cut alert noise
DNSFilter adds DNS PreCheck to protect roaming staff