PHILIPPINE BANKS should improve their cybersecurity posture amid a rise in phishing attacks targeting the industry as more Filipinos shift to online transactions, global cybersecurity firm Kaspersky said.
“Banks must view phishing as a strategic risk. It’s not just about blocking suspicious e-mails anymore, it’s about building cybersecurity awareness across all levels of the organization and hardening digital infrastructure against deception,” Sam Yan, head of Sales for Asia Emerging Countries at Kaspersky, said in a statement.
“Cybercriminals are adapting fast, but so can we. Through proactive investment in cybersecurity technologies and a culture of digital vigilance, Philippine institutions can stay one step ahead,” Mr. Yan said.
Last year, Kaspersky said it blocked over 10.7 million phishing attempts worldwide linked to financial scams involving cryptocurrency, an 83% jump from the 2023 figure.
In the Philippines alone, around 38,370 of these blocked attacks targeted financial institutions, it said.
The share of digital payments in monthly retail transactions stood at 57.4% in terms of volume and 59% in value terms in 2024, latest data from the Bangko Sentral ng Pilipinas showed. These are up from 52.8% and 55.3%, respectively, in 2023.
Last year, the volume of digital payments was at 3.307 billion, higher than the 2.45 billion in non-digital transactions.
Meanwhile, the value of online transactions stood at $135.95 billion, more than the $94.54 billion in non-digital payments.
Mr. Yan said financial phishing is not just a consumer issue as it can affect banks’ credibility and operational integrity.
“In Southeast Asia, where mobile banking and digital wallets have become part of everyday life, phishing tactics are becoming more convincing. Scammers now use fake bank websites, SMS phishing messages, and bogus investment platforms to target users more effectively,” Kaspersky said.
“The Philippines faces added risk due to low public awareness and the increasing number of scam messages imitating banks and government agencies,” it said.
Cyber attackers use various methods for financial phishing, including credential harvesting, where fake sites trick users to steal usernames and passwords.
Meanwhile, social engineering schemes use fake messages to fool consumers into verifying accounts or claiming refunds.
Attackers also impersonate government services, especially during tax filing periods or aid rollouts, Kaspersky said.
The company said banks must update their systems and software to shield themselves against known vulnerabilities. They should also educate their staff through the use of simulated phishing tests and training.
Institutions should also use strong passwords, restrict remote access, and never expose their ports to public networks.
For consumers, they should use two-factor authentication and strong and unique passwords for account logins and only download apps or software from official sources, Kaspersky said. — Beatriz Marie D. Cruz
