The cyber threat landscape in the Philippines has undergone a major transformation, with attackers increasingly shifting from isolated hacking incidents to industrial-scale cybercrime operations powered by automation and artificial intelligence.
According to the latest cybersecurity threat intelligence report, phishing websites detected in the country increased by an alarming 423%, highlighting the growing sophistication of digital fraud campaigns targeting users and organisations.
Phishing Websites Register Sharp Increase
Cybersecurity researchers found that detected phishing websites increased from:
- 731 phishing websites in 2024
- 3,824 phishing websites in 2025
The dramatic rise reflects the growing use of fake digital platforms designed to steal:
- Banking credentials
- Usernames and passwords
- One-time passwords (OTPs)
- Personal identity information
- Financial account details
Researchers believe phishing remains one of the primary entry points for organised cybercrime.
Mobile-First Economy Creates New Opportunities for Cybercriminals
The Philippines has rapidly evolved into a mobile-first digital economy, driven by widespread adoption of:
- Digital banking
- Mobile wallets
- QR payments
- Online commerce
- E-wallet platforms
- Real-time payment systems
While digital adoption has improved financial inclusion, it has also expanded the attack surface available to cybercriminals targeting consumers and businesses.
Human Behaviour Becomes the Primary Target
The report notes that attackers are increasingly exploiting psychology rather than software vulnerabilities.
Modern phishing campaigns now rely heavily on:
- Fake banking portals
- Counterfeit login pages
- Fraudulent investment websites
- Identity impersonation
- Social engineering
- AI-generated communications
Rather than attacking technology directly, cybercriminals seek to manipulate trust and human decision-making.
Smishing Attacks Continue to Grow
SMS phishing, commonly referred to as smishing, has also increased significantly.
Fraudsters are sending fake messages impersonating:
- Banks
- Government agencies
- Telecom providers
- Financial institutions
- Investment platforms
- Public service organisations
These messages frequently create urgency through false claims such as:
- Account suspension
- KYC verification
- Cashback rewards
- Tax refunds
- Investment opportunities
- Security alerts
Victims are then redirected to malicious websites designed to harvest sensitive information.
Ransomware Threat Continues to Escalate
The report also highlights a noticeable increase in ransomware incidents.
Recorded ransomware cases increased from:
- 9 incidents during 2024
- 17 incidents during 2025
Researchers identified the growing use of double extortion, where attackers:
- Steal sensitive organisational data.
- Encrypt business systems.
- Threaten to publicly release stolen information unless ransom demands are paid.
Groups such as Qilin have reportedly adopted these tactics against multiple organisations.
Financial Institutions Among Primary Targets
Several sectors have emerged as preferred targets for cybercriminals, including:
- Banking
- Healthcare
- Retail
- Manufacturing
- Professional services
These industries often possess valuable financial records, customer databases and operational systems attractive to organised cybercrime groups.
Fake Social Media Profiles Increase
Researchers also observed a 37% increase in fake brand profiles and impersonation accounts across social media platforms.
Criminals increasingly use:
- AI-powered chatbots
- Fake customer support
- Fraudulent investment advisers
- Impersonated corporate accounts
- Automated messaging systems
These methods help attackers establish credibility before initiating financial fraud.
Supply Chain Risks Continue to Grow
The report highlights increasing concerns surrounding third-party digital ecosystems.
Researchers identified growing incidents involving:
- Source code leaks
- Third-party compromises
- Supply-chain vulnerabilities
- Cloud infrastructure exposure
- Vendor-related data breaches
As organisations become increasingly interconnected, cyber risks now extend well beyond their own internal systems.
Government Infrastructure Also Targeted
Government agencies have also experienced cyber incidents involving:
- Distributed Denial-of-Service (DDoS) attacks
- Website defacement
- Hacktivist campaigns
- Politically motivated disruptions
Researchers noted that attacks frequently intensify during politically sensitive periods.
Artificial Intelligence Changes the Threat Landscape
Experts believe artificial intelligence will significantly enhance cybercriminal capabilities over the coming years.
AI enables attackers to generate:
- Highly convincing phishing emails
- Voice impersonation scams
- Fake identities
- Automated fraud campaigns
- Sophisticated chatbot interactions
- Deepfake content
As AI becomes more accessible, cyber fraud operations are expected to become increasingly scalable and personalised.
NFC and Digital Payment Risks Expected to Rise
With continued expansion of:
- Contactless payments
- Mobile wallets
- NFC-enabled devices
- Instant payment platforms
Researchers expect cybercriminals to increasingly target digital payment ecosystems using identity theft and payment manipulation techniques.
Cybersecurity Experts Stress Identity Protection
A researcher at Algoritha Security observed that cybercrime has evolved beyond technical hacking into a broader ecosystem combining:
- Identity theft
- Social engineering
- Psychological manipulation
- Automated fraud
- AI-assisted attacks
The researcher emphasised strengthening:
- Identity verification
- Third-party risk management
- Employee cybersecurity awareness
- Continuous monitoring
- Incident response capabilities
Lessons for the Asia-Pacific Region
Experts believe developments in the Philippines provide valuable lessons for other Asia-Pacific economies experiencing rapid digital transformation.
As governments and businesses expand digital services, cybersecurity strategies must evolve simultaneously through:
- Stronger identity controls
- Advanced threat monitoring
- Supply-chain security
- AI-assisted defence mechanisms
- Faster incident response
- Continuous cybersecurity awareness
Without these measures, increasingly organised cybercrime networks are expected to exploit expanding digital ecosystems across the region.
Conclusion
The sharp 423% increase in phishing websites demonstrates that cybercrime is becoming increasingly organised, automated and AI-driven.
Rather than relying solely on technical exploits, attackers are now combining artificial intelligence, psychological manipulation and identity fraud to compromise individuals, organisations and critical infrastructure.
As digital economies continue to expand, proactive cybersecurity investment, user awareness and robust governance will remain essential to counter the next generation of cyber threats.
Shunyatax Global Insight
Shunyatax Global says that phishing has evolved from mass email campaigns into highly targeted AI-assisted fraud operations capable of imitating trusted organisations with remarkable accuracy. Businesses should no longer treat cybersecurity as only an IT function—it must become part of enterprise risk management. Regular employee awareness training, multi-factor authentication, vendor risk assessments and continuous monitoring of digital identities are now fundamental controls for protecting financial assets and customer trust.