Inquirer Plus
Now Reading
Human-focused scams lead PH fraud losses in 2025
Inquirer Plus
Inquirer Plus
Dark Light
Optimism with some pragmatism
PSEi slips as investors await inflation data
February 5, 2001: During talks, 2 sides acted in bad faith
House panel junks 2 impeach raps vs Marcos
Sotto ‘thwarts’ Senate coup; term-share with Legarda on the table
Barzaga suspended for another 60 days 
Another Leviste firm faces up to P150-M penalty
New vehicles’ registration valid for 5 years
Gov’t urged to prepare for ‘aging population’ shift
Rep. Marcos wants travel tax abolished
Duterte expected to personally attend long-delayed ICC hearing on Feb. 23
President’s satisfaction rating stays ‘neutral’–SWS survey

Human-focused scams lead PH fraud losses in 2025

Ian Nicolas P. Cigaral
by
February 5, 2026

DUMAGUETE CITY—Social engineering schemes—in which criminals manipulate victims into revealing sensitive information that enables fraudulent transactions—emerged as the Philippines’ most prevalent cybersecurity threat last year, underscoring a shift from technical breaches to attacks that exploit the human mind.

Data from the Bangko Sentral ng Pilipinas (BSP) showed that social engineering, account takeovers and identity theft accounted for 76 percent of total fraud losses in 2025. Hacking ranked second, responsible for 13 percent of the funds stolen.

Card-not-present fraud, once the country’s most common cybercrime, made up 8 percent of losses last year. Under the scheme, scammers obtain victims’ payment details without a physical card being presented to merchants, allowing criminals to carry out fraudulent transactions.

Speaking at a forum for journalists, BSP Deputy Governor Lyn Javier, who heads the central bank unit regulating financial firms, said the trend reflected how cyber risks are evolving from attacks on technical vulnerabilities to schemes that exploit the “human element.”

The shift, she warned, poses growing challenges for regulators, as a major cyberattack could erode public trust in the financial system and potentially trigger bank runs, potentially creating liquidity and capital strains for institutions.

“An attack in one financial institution does not necessarily mean it will be confined to that institution,” Javier said. “It could affect other financial institutions connected to that bank.”

“Public trust—the trust of depositors—is the foundation of banking,” she added. “We have to take care of that trust.”

In 2024, President Marcos signed into law Republic Act No. 12010, or the Anti-Financial Account Scamming Act (Afasa), a piece of legislation that the BSP fully supported to fight fraud and other financial crimes targeting everyday savers.

See Also
Visa applications by Filipinos up 8% in ’25

Afasa prohibits and punishes crimes like acting as money mules to carry out scams, as well as performing social engineering schemes and economic sabotage. That said, it authorizes the BSP to investigate bank deposits, e-wallets and other financial accounts involved in such crimes with the help of law enforcers.

To help the investigations, other laws prohibiting any inquiry into or disclosure of deposits will not apply to financial accounts being probed by the BSP.

Beyond Afasa, Javier said the BSP is preparing a series of policy and supervisory reforms, including new regulations on application programming interfaces, or APIs, which were traditionally used internally by financial firms to connect systems and applications but are now exposed to a broader range of external parties in the digital ecosystem.

The central bank, she added, would also issue standards for enhanced authentication mechanisms for financial transactions, as well as a cyber maturity model.

Tags
Inquirer Plus

Have problems with your subscription? Contact us via
Email: plus@inquirer.net, subscription@inquirer.net
Landline: (02) 8896-6000
SMS/Viber: 0908-8966000, 0919-0838000

© 2025 Inquirer Interactive, Inc.
All Rights Reserved.

Scroll To Top