Click, swipe, scam: Inside the battle for digital trust

Banks and regulators stress sustained consumer education as scam tactics evolve each year and more Filipinos fall victim.

Digital scams are no longer crude or careless—they’re fast-evolving crimes powered by artificial intelligence (AI) and new technologies, making the loss of hard-earned savings more permanent than ever.

Fraudsters are now using generative AI to create realistic materials on demand. Victims have reported receiving fake bank receipts, deepfake endorsement videos, and even voice clips that sound convincingly real.

Scams erode confidence in businesses

But the rising sophistication of scams is more than a consumer concern, as it has become a business confidence issue. The credibility of digital transactions now sits at the center of how banks, e-wallets, and telecom firms compete. Each successful scam chips away at public trust, and rebuilding that confidence often costs companies millions in security upgrades, customer reimbursements, and brand repair.

Industry analysts say growing mistrust could limit the sector’s long-term gains from digital transformation. Fintech startups, in particular, rely heavily on seamless and secure user experiences to attract and retain customers. If scams continue eroding confidence, the Philippines risks lagging behind its ASEAN peers in digital payments adoption and e-commerce participation.

In short, these scams have evolved from a nuisance into a key indicator of how ready Philippine industries are to operate in a digital-first economy.

Exploiting urgency

In an age where “reality” can be fabricated with a click, experts urge the public to treat all unsolicited messages with skepticism and verify with official channels before acting.

Many scams exploit urgency—such as “expiring reward points,” “account verification,” or “limited financial aid”—to trigger panic. These messages typically contain malicious links leading to spoofed websites.

Jonathan Paz, BPI enterprise information security officer and data protection officer, said the rule of thumb is simple: if it sounds too good to be true, it probably is.

“Take a pause, breathe, and confirm with your bank,” Paz told radar Business. “A lot of people panic and click links immediately, often ending up on a very convincing fake site.”

BPI chief technology officer Alex Semiano added that scams today are designed to appear more authentic and time-sensitive, making it easy for even alert consumers to slip.

The Bangko Sentral ng Pilipinas (BSP) and the Bankers Association of the Philippines (BAP) have both urged financial institutions to adopt a “shared responsibility” model for cybersecurity, focusing on information campaigns and enhanced consumer protection.

In the past few years, the number of Filipinos falling victims for smishing (phishing via SMS), vishing (voice), and even quishing (QR codes) has been steadily increasing, with about P460 billion being lost to digital scams in 2024, according to a report by the Global Anti-Scam Alliance. 

New scam strategies

One of the newer, more sophisticated tactics uses International Mobile Subscriber Identity (IMSI) catchers—devices that impersonate cell towers. By forcing nearby phones to connect, attackers can spoof sender IDs or intercept SMS and voice traffic, including one-time passwords, making messages look like they come from banks or e-wallets such as BPI, BDO, Globe or GCash and enabling fraudulent transactions.

Another scheme uses rogue apps — counterfeit versions of government platforms like eGov or SSS Mobile. Once installed, they can perform overlay attacks (showing a fake screen while the app performs actions in the background), request excessive permissions, and harvest login credentials or intercept transactions, giving scammers access to sensitive banking data.

“We all know not to fall for this,” Semiano said. “But when you’re tired or distracted—and the timing aligns with something you’re actually dealing with—you can still get caught off guard.”

Multi-layered approach to cybersecurity

Experts emphasize that cybersecurity requires a multi-layered approach. Beyond public awareness, banks and fintech players are investing heavily in back-end systems, encryption protocols, and authentication tools to reduce exposure.

Many banks have adopted two-step verification as standard and are testing AI chatbots to detect suspicious activity or authenticate users more securely. The challenge lies in keeping security robust without compromising convenience.

“When fraudsters use AI, we use AI, too,” Semiano said. “AI itself isn’t good or bad—it’s all about how responsibly you use it.”

READ: