Phishing scams target Philippine banks, e-wallets

MANILA, Philippines — Banks and e-wallet providers in the Philippines are facing increasing threats from financial phishing attacks as cybercriminals double down on exploiting the country’s weak digital defenses, global cybersecurity firm Kaspersky has warned.

In its 2024 Financial Threat Report, Kaspersky said the Philippines logged 38,370 phishing attempts targeting financial institutions last year, making it one of the most targeted countries in Southeast Asia.

The figure was significantly higher than Cambodia’s 2,373 and Bangladesh’s 11,212, but still lower than Indonesia’s 85,908 and India’s 199,211.

“Banks remain the primary target of phishing attacks in the Philippines, followed by e-wallet services and online shopping platforms,” Kaspersky told The STAR, citing global patterns that mirror the situation on the ground.

Globally, 42.6 percent of phishing scams were directed at banks, while 19.3 percent targeted payment systems such as e-wallets and 38.1 percent focused on online shopping platforms.

Cybercriminals, Kaspersky said, continue to pursue institutions that are widely trusted and used by the public.

Kaspersky noted that phishing attacks in the Philippines often feature highly localized and culturally tailored schemes designed to exploit familiar brands and consumer behavior.

Fraudsters frequently impersonate major banks, e-wallet apps, digital shops and even local government promotions to appear credible.

“For example, during major online shopping events like Black Friday, scammers create fake websites and bogus promos aimed at Filipino consumers to trick them into giving away sensitive information,” Kaspersky said.

These attacks are timed to coincide with peak online activity and reflect how cybercriminals closely monitor local trends and digital habits to maximize their reach and success.

“While the country has made progress in improving its defenses and ranked third globally for web-based threats with over 14.1 million attacks detected, cybercriminals continue to exploit specific vulnerabilities,” Kaspersky said.

The Philippines, in particular, is vulnerable due to behavioral and infrastructural gaps such as low public awareness, weak password habits and a continued dependence on SMS and email verification.

“These behavioral and infrastructural weaknesses make institutions and consumers in the Philippines attractive targets. That’s why raising cybersecurity awareness and practicing basic digital hygiene remain essential steps in protecting Filipinos online,” it said.

Kaspersky emphasized that beyond installing security tools, organizations must invest in staff training, threat simulations and public education to strengthen their overall cybersecurity posture.