When we profiled the Philippines in late 2025, the country had just posted the second-highest scam encounter rate in the world, and regulators were promising a national crisis response. Half a year later, the crisis hasn’t eased — it has changed shape. The 2026 story is no longer just about volume. It’s about where the fraud has concentrated: the QR codes Filipinos scan to pay for lunch, the chat apps overseas workers use to fight homesickness, and the social media feeds where AI-generated celebrities now pitch investments that don’t exist.
A Scam Attempt Every Two Days
The baseline numbers remain staggering. According to the Global Anti-Scam Alliance, at least three in four Filipinos have encountered a scam, and most receive at least one scam attempt every two days. The average victim loses roughly ₱11,900 per incident — modest by global standards, devastating in a country where that figure can exceed a week’s wages. Multiplied across tens of millions of encounters, the national bill runs as high as ₱280.5 billion.
The mix of scams is distinctive. More than one in five scam encounters involves illegal gambling — rigged online casino platforms, fake e-sabong revivals, and betting apps that simply never pay out. That’s a category most Western fraud surveys barely register, and it shapes everything about how Philippine platforms respond: the line between “fraudulent merchant” and “illegal gambling operator” is often no line at all.
Quishing: The QR Code Turns on Its Users
The Philippines runs on QR payments now, and scammers have noticed. The national QR Ph standard and the explosive growth of GCash — the e-wallet installed on most Filipino smartphones — turned scan-to-pay into default behavior. In 2026, the fastest-growing attack against that habit is quishing: fake QR codes that redirect a payment or a login to an account the scammer controls.
The mechanics are simple. A sticker pasted over a legitimate merchant’s payment code at a sari-sari store. A QR code embedded in an emailed “receipt” or a delivery notice. A poster promising a promo redemption. Scan it, and you land on a counterfeit payment page or a fake login screen dressed in official branding, where your credentials — or your money — disappear.
GCash’s enforcement numbers show the scale. The platform has blocked more than 4,900 fraudulent merchants in its quishing crackdown, part of a larger purge of over 7,000 fraudulent merchants removed since 2025. In March 2026 alone it cut off 3,200 merchants over links to illegal gambling. And the pressure isn’t only on merchants: the National Privacy Commission confirmed that a GCash security incident traced back not to a platform breach but to phishing attacks on users — a reminder that the weakest link in mobile money is almost always the person holding the phone.
Love Scams Follow the Money Overseas
The syndicates have learned who has savings: overseas Filipino workers. The Cybercrime Investigation and Coordinating Center logged 123 love scam complaints in 2025 — and 18 in January 2026 alone, a pace that would nearly double the annual figure. Investigators believe the true number is far higher, since shame keeps most victims silent.
The pattern is the pig butchering playbook, localized. A stranger opens a conversation on Facebook, TikTok, or a dating app. Weeks of daily attention follow — good-morning messages timed to a Dubai or Hong Kong shift schedule, video calls, talk of a future together. Then comes the investment opportunity: a crypto platform, a forex scheme, a “business” back home. The victim, often an OFW earning well but isolated abroad, sends money in growing increments until the platform freezes withdrawals and the lover evaporates. Remittances that took years to earn vanish in weeks.
Deepfakes of Celebrities — and Relatives
The newest layer is synthetic. AI-generated videos of Filipino celebrities, news anchors, and politicians now circulate on social media promoting investment schemes, often wrapped in cloned news-program graphics for credibility. The same tools are being turned on families: voice clones and manipulated videos of relatives asking for emergency money, or “bank officers” on video calls walking victims through account verification that is actually account takeover.
For a country whose scam defenses have long relied on spotting bad grammar and too-good-to-be-true promises, deepfakes remove the tells. The video looks real because, pixel by pixel, it is real — it just isn’t true.
Protecting Yourself
The Philippine fraud economy in 2026 exploits speed and trust. The defenses are the opposite: slow down, and verify through a second channel.
- Treat every QR code as untrusted. Before scanning a posted code, check whether it’s a sticker layered over another code. When paying a merchant, confirm the name that appears in the app matches the business in front of you — and when in doubt, type the merchant or URL directly instead of scanning.
- Keep your wallet app official. Download GCash and banking apps only from the official app stores, never from links sent by text, email, or messenger. Enable biometric login, and never share your MPIN or OTP with anyone — GCash staff will never ask for them.
- Assume investment pitches on social media are scams. That includes video of celebrities and government officials. No legitimate platform recruits investors through Facebook ads or a stranger’s DMs, and guaranteed returns do not exist.
- OFWs: guard the remittance. If an online relationship turns to money — investments, emergencies, business capital — stop. Talk to family or a friend before sending anything. Isolation is the scammer’s main tool.
- Report, even if you’re embarrassed. File complaints with the CICC through its Inter-Agency Response Center hotline (1326) and report fraudulent merchants inside the GCash app. Every report helps map the syndicates — and silence is exactly what they’re counting on.
The Philippines’ scam problem is no longer an emerging threat; it’s a mature criminal industry embedded in the country’s digital infrastructure. The tools that made payments effortless made fraud effortless too. The habits that protect you — verify, slow down, use a second channel — are the ones the industry is betting you won’t build.



