Loading Results

Defending Filipinos against phishing, deepfakes, and digital threats in 2025
Defending Filipinos against phishing, deepfakes, and digital threats in 2025
  • December 2025

As the holidays quickly approach and many start preparing for their vacations, the threats we face online don’t take a break.

As more people go online for banking, shopping, work, and social media, cybercriminals also get smarter. In just the third quarter of 2025, over 52 million personal credentials were exposed in data breaches—a 49% increase from earlier in the year. That means names, passwords, and even financial details may now be floating around the dark web.

Whether you’re using digital banking applications, logging into your email, or clicking on a link from a friend, there’s always a risk if you’re not paying attention.

According to PwC’s 2026 Digital Trust Insights, building trust online isn’t just for big companies. It’s something we all play a part in. From choosing strong passwords to spotting fake messages, every small action helps protect your digital life.

Understanding the threats

SMS phishing

Social engineering

i.e., email phishing, SMS phishing, voice phishing, QR phishing

What it is: Fake emails, chats, text messages and calls that impersonate banks, government agencies, or coworkers. Calls and messages that force you to do certain actions—often clicking a link, scanning a suspicious QR code, or giving personal information.

How to identify it:

  • Check the sender’s email address or phone number. Look for misspellings or strange domains (e.g., @banc0.com instead of @banco.com.ph) or check if it’s a personal number acting as a financial institution or other known institution.
  • Watch for urgent language like “Your account will be suspended!” or “Claim your prize.”
  • Hover over links before clicking for emails. If the website looks suspicious or doesn’t match the sender, don’t click.
  • Look for poor grammar or formatting.
  • For chats or SMS, check for links that look odd even if the number is from a known institution.
  • Check if messages or calls come from unknown people requesting personal information, especially one-time pins or passwords.
  • Check if QR codes are provided by unknown senders or placed in an unusual spot (e.g., public areas or taped on top of another QR code).
Deepfake scams

Deepfake scams

What it is: AI-generated videos or audio that impersonate public figures or colleagues and are made to trick people into sending money or sharing sensitive data. The Philippines saw a 4,500% increase in deepfake-related fraud in 2023. In October 2025, a doctor lost ₱93 million in an investment scam using a manipulated video of President Marcos.

How to identify it:

  • Check for videos or voice messages that seem “off” in tone and/or feature inaccurate lip-syncing.
  • Watch for unusual requests from known people (e.g., famous figures telling viewers to send large amounts of money).
  • Verify the content through a second channel (e.g., research or call the person directly).
  • Be skeptical of investment pitches using celebrity endorsements.
Identity theft

Identity theft

What it is: Stolen personal data reused in fake job listings, e-commerce scams, and fraudulent loan applications. Reused passwords across accounts make individuals especially vulnerable.

How to identify it:

  • Monitor unexpected loan approvals, credit card bills, or job offers.
  • Check for notifications of account changes you didn’t make.
  • Check for emails or calls about services you never signed up for.
  • Monitor your credit report and bank statements regularly.

Cyber hygiene: practical tips for everyone

Passwords and Multi-Factor Authentication (MFA)

  • Use long, unique passwords for each account. You can use pass phrases.
  • Avoid using birthdays, names, or common words.
  • Memorize your passwords.
  • Enable MFA for email, banking, and social media.
  • Use authenticator apps (e.g., Google or Microsoft Authenticators) whenever applicable.
  • Use one-time pins sent via SMS or email in case authenticator apps are not yet supported by the website or application.

Virtual Private Network (VPN)

  • Use reputable VPNs. A VPN hides your online activity and makes it difficult for your data to be intercepted.
  • Activate a VPN when you’re working remotely and traveling.

Antivirus software

  • Install reputable antivirus software.
  • Keep it updated and enable real-time protection.

System updates

  • Regularly update your operating system, apps, and browsers. Updates fix security vulnerabilities.

Access on social media and personal devices

  • Provide access only to trusted people on your social media accounts. Do not set the access to “Visible to everyone” especially if you put personal or sensitive information in your social media accounts.
  • Remove or disallow excessive permission access of your mobile applications (e.g., loans applications gaining access to your contact lists or a calculator application requesting for camera access).

Compromised accounts

  • If your credit card or debit card has been compromised, disable it immediately via your bank’s mobile application.
  • Report it immediately. If your social media account is hacked, inform friends and family as hackers may use your account to gain money from your loved ones. If your phone is stolen, ask your telco provider to disable your number. If your bank account is hacked, ask your bank to disable your accounts.

Mobile permission settings

What they are: Permissions control what apps can access—like your location, camera, microphone, contacts, and files.

Why they matter: Overly permissive apps can leak sensitive data or be exploited by malware. For example, a flashlight app shouldn’t need access to your messages.

How to manage:

  • Review app permissions in your phone’s settings.
  • Disable access that is not essential for the app’s function.
  • Use “Ask Every Time” for sensitive permissions like camera or location.
  • Avoid installing apps from unknown sources.
  • Keep apps updated to ensure security patches are applied.

Social media awareness

  • Be cautious about sharing personal info (e.g., birthday, location).
  • Review privacy settings and limit who can see your posts.
Cybersecurity is a shared responsibility

Cybersecurity is a shared responsibility

Cyber threats are evolving rapidly, but so are our defenses. Whether you are a student, employee, or business owner, awareness and action are your best tools.

Stay alert. Stay informed. Stay secure.

References

Cybersecurity threats surge in PH

Retrieved from: https://www.philstar.com/the-freeman/cebu-business/2025/10/28/2483064/cybersecurity-threats-surge-phl-digitalization-rises

SMS phishing suspects arrested

Retrieved from: https://www.gmanetwork.com/news/topstories/nation/963092/acg-2-nabbed-sms-phishing-mandaluyong-makati/story/

Deepfake surge in PH

Retrieved from: https://www.philstar.com/business/2025/03/23/2430318/danger-deepfakes

₱93M deepfake scam

Retrieved from: https://www.gmanetwork.com/news/topstories/nation/963384/marcos-deepfake-video-scam-pampanga/story/

Restaurant worker stolen phone

Retrieved from: https://www.abs-cbn.com/news/2024/6/18/restaurant-staff-nasalisihan-ng-cellphone-natangayan-pa-ng-p29k-905

Subscription

Join our mailing list

Related content

Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Services Leader, PwC Philippines

Tel: +63 (2) 8845 2728

Email
Mark Anthony P. Almodovar

Mark Anthony P. Almodovar

Risk Services Executive Director, PwC Philippines

Tel: +63 (2) 8845 2728

Email
Eugene Jerome V. Tan

Eugene Jerome V. Tan

Risk Services Director, PwC Philippines

Tel: +63 (2) 8845 2728

Email

© 2010 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for details.