CYBERTHREATS in the Philippines have become more industrialized, with increasing digitalization among organizations and widespread mobile use by Filipinos giving fraudsters more potential vulnerabilities to exploit, Check Point Software Technologies Ltd. said.
The company’s Philippine Threat Landscape Report 2025 released last week showed that cyberthreat activity affecting organizations in the country are increasing in scale, with its mobile-first population widening the potential attack surface for cybercriminals.
“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” Ritchelle Santos, senior cyberthreat intelligence analyst, Check Point Exposure Management Research, said in a statement.
“In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything — every message, every transaction, and every identity — every time.”
For this year, the rise of artificial intelligence (AI) will make scams faster and more believable and widespread as cybercriminals could use these technologies as force multipliers for their attacks, Check Point said.
Growing adoption of contactless payments in the country with the entry of Google Pay and increased e-wallet use is also an area of concern as threat actors could exploit device-level vulnerabilities for fraudulent transactions.
“As online platforms, mobile payments, and AI-enabled technologies become further embedded in everyday transactions, opportunistic threat actors are expected to adapt familiar social engineering and fraud techniques to these environments. Economic incentives, technological adoption, and evolving geopolitical narratives will continue to shape threat actor behavior as the landscape evolves,” it said.
“The Philippine threat landscape has shifted towards high-impact, high-visibility, low-complexity vectors, focusing on phishing, identity abuse, external misconfigurations and cloud-based exposures. These systemic changes require a fundamental shift in national defensive strategies to protect the country’s digital economy.”
Threat activity in 2025 was dominated by phishing, social engineering, and cyber-enabled fraud, with key targets being the government and public sector, financial services, critical infrastructure, and education platforms, the company said in the report.
Phishing website alerts among Check Point’s clients in the country surged by 423% to 3,824 in 2025 from 731 in 2024, the report showed. Smishing or SMS phishing was a prevalent attack point, with fraudsters using telecom-level manipulation to bypass mobile trust barriers.
“Phishing and smishing remained the most common initial access vectors, with SMS-based delivery gaining prominence through large-scale and coordinated campaigns, including those attributed to the Smishing Triad. These operations frequently served as entry points for credential harvesting, fraud, and broader abuse of digital platforms, reflecting the growing exposure associated with mobile and messaging-based communication,” it said.
The company also saw attacks via infostealer malware designed to exploit insecure portals and systems to expose sensitive information like browser credentials.
Meanwhile, recorded ransomware attacks rose to 17 in 2025 from nine the prior year, but these “remained largely opportunistic in nature, affecting a broad range of sectors rather than concentrating on specific industries.”
“The analysis shows that ransomware activity in the Philippines predominantly affected sectors with high operational and financial criticality, highlighting attackers’ preference for organizations where service disruption and data encryption can exert maximum pressure. This trend reflects the country’s increasing digitalization across critical industries, which has expanded the attack surface for financially motivated threat actors,” Check Point said.
Financial fraud and scam operations were also prevalent, supported by social media impersonation schemes, such as attackers faking banks’ AI chatbots to trick consumers.
“While these trends closely mirror broader Southeast Asia and APAC (Asia-Pacific) patterns, the Philippine threat landscape remains particularly exposed due to its mobile-first population, rapid growth of digital payments, and high engagement with social media platforms,” the company said. — Bettina V. Roc
