One cybersecurity firm’s user base data shows that ransomware, data exposure, and AI-driven impersonation are widening attack surfaces, threatening critical sectors.

Cybercriminals are rapidly industrializing fraud in the Philippines, with phishing and mobile scams surging at unprecedented levels, according to new data reported by a global cybersecurity firm.

Data from the firm’s user base indicates that the number of phishing websites had jumped 423% year-over-year — from 731 in 2024 to 3,824 in 2025 — as cybercrime operations shifted towards large-scale, automated models targeting the country’s mobile-first population.

Smishing, or SMS-based phishing, had emerged as the dominant attack vector, with hackers exploiting telecom infrastructure to bypass traditional safeguards. Also:

  • Ransomware incidents also nearly doubled to 17 cases in 2025, led by campaigns from the Qilin group, whose cross-platform attacks had disrupted sectors including banking, healthcare, manufacturing, and retail.
  • Meanwhile, social media impersonation had climbed 37%, driven by AI-generated fake profiles used to promote investment schemes and financial scams.
  • Researchers also observed a jump in data exposure cases. Source code leaks had more than doubled to 81, and third-party breach incidents had risen from eight to 29, underscoring persistent vulnerabilities in the nation’s supply chains and cloud dependencies

The data analysis noted that the country’s growing reliance on vendors and digital platforms has broadened its attack surface faster than many organizations can secure it. Financial institutions and entertainment platforms remain prime targets, while public and critical infrastructure continue to face politically motivated defacements and denial-of-service attacks. Education networks are increasingly used as low-risk testing grounds for emerging cybercriminal groups.

Looking ahead, Check Point, the firm sharing its data, forecasts that AI will intensify existing attack tactics in 2026 by making fraudulent content more convincing and scalable. It also warns of rising risks from NFC payment fraud and AI-driven misinformation targeting executives, banks, and government institutions in the country, concluding that cyber risks in the Philippines have shifted toward high-volume, identity-focused attacks, requiring a nationwide reassessment of digital defenses and verification practices.