Whoscall PH Reports Sharp Rise in Malicious URLs, Phishing as Top Scam Vector for 2026

POSTED BY: Lionell Go Macahilig
2026-01-27 11:59:17 PHT

Phishing has emerged as the most rapidly escalating digital threat in the Philippines, with risky URLs surging nearly fourfold throughout 2025 and intensifying the need for stronger consumer protection. According to Gogolook’s Whoscall 2025 Philippines Scam Report, malicious URLs jumped from 13,602 in the first quarter to 49,431 by the fourth quarter—an alarming rise that positions phishing as the dominant scam tactic entering 2026.

This steep, consistent quarter on quarter increase shows how scammers are shifting away from traditional methods such as calls and SMS and moving aggressively toward link based attacks across messaging apps, social media, email, and other online platforms.

Mel Migriño, General Manager and Country Head of Gogolook Philippines, emphasized that the evolution in scam behavior reflects a strategic shift among cybercriminals. “Scammers are shifting from calls and texts toward malicious links and fake social media sites because URLs are easier to spread, harder to verify, and far more scalable,” Migriño said.

Cybercrime Investigation and Coordinating Center (CICC) Executive Director Renato “Aboy” Paraiso highlighted the importance of collaborative intelligence. “This can be a source for actionable intelligence. When scam data is responsibly shared, it allows us to spot patterns, trace digital footprints, and respond faster to emerging threats,” Paraiso said.

“We thank Gogolook with the support of Scam Watch Pilipinas for turning public reports into valuable insights and for strengthening partnerships that help protect more Filipinos,” he added.

While certain types of scam calls fell by 21.84% year on year and SMS scam volumes declined in part due to better enforcement and filtering, phishing attacks told a very different story. Link based scams—especially those delivered through URLs embedded in messages—rose sharply, indicating a major behavioral shift among cybercriminals.

Migriño stressed that combating phishing requires collaboration across government, industry, and civil society. Joint awareness drives, community training sessions, and digital education campaigns help translate scam data into practical consumer guidance while reinforcing official reporting channels.
Migriño urged the public to take immediate steps to secure their digital habits.

She recommended downloading the Whoscall app, which screens incoming communications, identifies suspicious phone numbers, and allows users to check links for safety before clicking. “Before you click a link or answer a call from an unknown number, pause and check,” Migriño said. “These tools give consumers an extra layer of protection, especially now that phishing has become more pervasive.”

The surge in phishing attempts poses increasing risks not only to consumers but also to brands frequently spoofed by scammers, including banks, e wallet services, e commerce platforms, and other enterprises. A single malicious link can lead to financial losses and reputational harm within minutes. This trend is echoed in community reporting platforms such as Scam Vault PH, which recorded hundreds of verified scam reports in 2025, many of them now tied to phishing related URLs.

With phishing activity escalating, Migriño underscored the need for faster URL takedowns, stronger intelligence sharing frameworks, and broader citizen participation in scam reporting. “Phishing is now the frontline,” she said. “If users, platforms, and institutions move together, we can slow it down. If not, it will only grow more aggressive.”

The report’s findings make one thing clear: While progress has been made in reducing traditional scam channels, phishing now stands as the Philippines’ most urgent digital fraud challenge—one that demands immediate, collective action from both consumers and organizations.