Riding the Digital Wave: Cybersecurity Realities in the Philippines

The Philippines is an archipelago consisting of at least 7,100 islands. It is ranked 22nd among the Asian countries in terms of area. Over the years, Filipinos have banded together to raise the economic status of the country. This resulted in the Philippines being seen as a Newly Industrialized Country (NIC), a definite jump from an agriculture-based economy.

Industrialization meant embracing technology, and most Filipinos, being the adaptable race that we are, welcomed technology with arms wide open. Computers, smart devices, online banking, payment systems, crypto and fintech, online gaming as well as digital networking, are now part of a lot of Filipino lives. As of 2023, roughly 75% of the population are Internet users. 

The explosion of the digital world in the Philippines is both a treat and a threat. A treat because technology has made life easier. A threat because the digital world exposes the vulnerabilities of the Filipino people, particularly the majority who know little to nothing about what cyber criminals can do.

Digital Monetary Platform: A Constant Target

In early 2023, a popular online monetary service was temporarily suspended to address the issue after a number of users reported unauthorized deductions from their accounts. The National Privacy Commission (NPC) concluded that the unauthorized transactions affecting multiple accounts were a result of phishing attacks rather than security vulnerabilities within the mobile wallet provider’s system.

In an official statement, Privacy Commissioner John Henry Naga shed light on the situation, explaining that “unknown threat actors” exploited the digital platform’s users through online gambling platforms such as “Philwin” and “tapwin1.com.”

NPC’s Complaints and Investigation Division (CID) started the questioning, aiming to figure out the presence of compromised personal data and potential breaches of data security and privacy regulations.

Subsequently, the NPC held a constructive meeting with the service provider, during which the commission expressed concerns and the service provider provided additional insights and evidence to conduct an independent assessment.

The service provider went along with the directives issued by the NPC, demonstrating their commitment to fix the situation.

Commissioner Naga emphasized, “We have instructed the company to enhance their client education and awareness efforts to prevent similar incidents from occurring in the future.” He assured the public that the NPC remains committed to its mission to foster a secure digital landscape. Additionally,  urged vigilance against phishing attempts that could compromise personal information.

He further reinforced, “We will leverage the full extent of our legal authority to impose penalties on those who violate the Data Privacy Act of 2012.”

Digital Currencies Fuel a Rise in Online Attacks

A recent report by cybersecurity firm Kaspersky found that the Philippines saw a 169.93% increase in phishing attacks targeting digital currency users in 2022. This placed the Philippines 5th among the Southeast Asian countries with the most phishing attacks.

The attacks typically involve sending links to emails or text messages that take users to fake websites when clicked. These websites then steal personal information or infect devices with malware.

Kaspersky Managing Director for Asia Pacific Adrian Hia said that the malware used in these attacks is becoming increasingly sophisticated. Moreover, it can now be used to monitor victims’ online activity. This makes it easier for criminals to steal their cryptocurrency assets.

The Philippines is not the only country in Southeast Asia seeing an increase in digital currency-related attacks. Indonesia and Malaysia also saw significant increases in phishing attacks in 2022.

Hia warned that as more countries in Southeast Asia adopt digital currencies, it is likely that these attacks will become even more common. He urged awareness of the latest tricks that crypto phishers use and to take steps to protect their assets.

Crypto Hack in the Philippines 

The Philippines already experienced a major crypto hack when the Ronin Bridge was compromised in March 2022. The attack resulted in the theft of $625 million worth of assets, including cryptocurrency and non-fungible tokens (NFTs). Ronin is the blockchain that supports Axie Infinity and the hack happened on the “Ronin Bridge”, a platform that allows users to move assets to and from Ronin.

Despite this, Filipinos remain interested in digital currencies. A recent survey by Consensys found that the Philippines has the highest digital currency awareness in the Asia Pacific.

The survey also found that over 58% of Filipino respondents consider investing in digital currencies over the next 12 months.

The Philippine Securities and Exchange Commission (SEC) is aware of the growing risks linked with digital currencies and has announced plans to put stricter regulations in the market.

The SEC hopes that these regulations will help to protect consumers and prevent fraud.

The Persistence of Phishing and Identity Theft

Cybersecurity challenges persist in the increasing digitalization of the Philippines. Specifically, phishing and identity theft rank as the top online fraud concerns in the past year. This is according to TransUnion, a credit agency. In their 2023 State of Omnichannel Fraud Report, TransUnion revealed that 8.7 percent of digital transactions were suspected to be fraudulent, marking the third highest rate among countries surveyed. Notably, this figure represents an 18-percent decrease from the 2019 level of potential cyberthreats.

Despite the decline, the Philippines continues to show a significantly higher digital fraud rate compared to the global average. Amrita Mitra, Chief Operating Officer at TransUnion Philippines, stressed that this situation calls for ongoing vigilance, as fraudsters are becoming increasingly capable at their tactics. Mitra underscored the importance for businesses to adopt robust fraud detection tools that do not prevent the seamless consumer experience.

The most common fraudulent schemes reported over the past year were phishing and text scams, both accounting for 46 percent of reported incidents. Phishing involves hackers luring individuals into giving personal information, including bank details, through suspicious links in emails, social media posts, and QR codes. Concurrently, text scams, a type of phishing attack initiated through mobile messages, also featured prominently.

The risks associated with successful phishing attacks extend to identity theft, a major concern for Filipinos. Consequently, exploitation of stolen identities can lead to unauthorized access to bank accounts. This underscores the critical need for continued efforts to combat online fraud and protect sensitive personal information.

Cybersecurity Education is a Must

Perhaps the biggest challenge in cybersecurity is educating the masses. Ask a random Filipino in the streets what Phishing is, and they would probably give an answer related to Fishing. Ask them if they know anything about social media like Facebook and Tiktok and you’re more likely to get a “yes”. Companies are recommended to partner with a trusted and dependable cybersecurity provider to not only handle their cybersecurity needs, but also educate their employees through cybersecurity training. It is also best to have constant reminders within a company’s internal network, and perhaps social media as well, to protect oneself from phishing and identity theft. Some of these tips are:

  • Be cautious of any emails or text messages that ask for your personal information or cryptocurrency passwords.
  • Never click on links in emails or text messages from unknown senders.
  • Make sure you are using a secure internet connection when accessing your cryptocurrency accounts.
  • Keep your software up to date, including your antivirus software.
  • Use a strong password and enable two-factor authentication for your cryptocurrency accounts.

The only way to combat cybercriminals is to work together. It only takes one to compromise many.

About IPV Network
Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!