New Philippine Threat Landscape Report highlights a “Smishing” explosion and the rise of AI-powered financial deception.
Check Point® Software Technologies Ltd., a pioneer and global leader of cyber security solutions, today unveiled its Philippine Threat Landscape Report 2025. The findings were first presented during the inaugural CXO Elite Club Philippines dinner, a private, invitation-only gathering of select senior leaders and industry decision-makers.
The report reveals a dramatically intensified cyber risk environment, where cybercriminals have pivoted from isolated technical attacks to systemic, industrialized operations targeting the nation’s mobile-first population. Data from Check Point Exposure Management Research, indicates that the rapid expansion of cloud adoption and vendor reliance is widening the national attack surface faster than many organizations can secure it.
The Numbers Tell the Story: A Critical Shift in the Risk Landscape
* Phishing & Smishing Explosion: Phishing websites surged from 731 in 2024 to 3,824 in 2025, a 423% increase. Smishing (SMS phishing) has become the dominant threat, with attackers now using telecom-level manipulation to bypass mobile trust barriers.
* Ransomware Nearly Doubled: Recorded attacks grew from 9 in 2024 to 17 in 2025. The Qilin ransomware group emerged as the most aggressive actor, using cross-platform ransomware and double extortion tactics to prey on industries ranging from finance and retail to healthcare, manufacturing, food, business services, media and real estate.
* Social Media Impersonation Up 37%: Fake executive and brand profiles jumped from 940 cases to 1,291 cases. Banks are the hardest hit, as attackers leverage AI chatbots to push investment scams and scale financial deception.
* Accelerating Data Exposure: Source code leaks more than doubled (from 38 to 81), while third-party breach incidents also doubled (from 8 to 29), confirming the Philippines’ growing supply-chain exposure.
Industrialized Fraud and High-Value Targets
The research highlights that financial fraud and e-gaming schemes are no longer amateur operations. Powered by underground SIM card markets and celebrity deepfakes, these fraud ecosystems now function as full-scale cross-border operations rather than isolated scams.
Key targets identified in the report include:
* Government & Public Sector: Facing high-visibility DDoS attacks and defacements tied to political events and hacktivism.
* Financial Services: Suffering massive fraud exposure through account takeovers, brand impersonation and credential harvesting.
* Critical Infrastructure: Targeted by disruption-focused reconnaissance and DDoS attempts, particularly during periods of geopolitical tension.
* Education Platforms: Frequently used as “test beds” for emerging threat actors due to lower cyber maturity.
Outlook for 2026: The AI Factor
Check Point predicts that 2026 will see AI amplify existing fraud vectors, rather than replacing them, making scams faster, more believable and more widespread. Additionally, NFC payment fraud is expected to rise alongside Google Pay, and the expansion of local e-wallets. Supply-chain breaches are also projected to escalate as more Philippine organizations integrate AI tools and cloud-based services into their workflows. Deepfakes and misinformation will increasingly target brands, executives and political institutions.
The report concludes that the Philippine threat landscape has shifted towards high-impact, high-visibility, low-complexity vectors, focusing on phishing, identity abuse, external misconfigurations and cloud-based exposures. These systemic changes require a fundamental shift in national defensive strategies to protect the country’s digital economy.
“Cyberattacks in the Philippines are no longer defined by technical sophistication, but by scale, automation, and deception,” said Ritchelle Santos, Senior Cyber Threat Intelligence Analyst, Check Point Exposure Management Research. “In an environment where identity, trust, and mobile channels are the new battleground, the safest organizations will be those that protect their digital footprints as carefully as they protect their networks. Staying safe now means verifying everything—every message, every transaction, and every identity—every time.”
