Phishing is now big time. Can security keep up?

Phishing is on the rise, and it’s no longer limited to amateurish, badly worded emails from obviously fake accounts.

Phishing is now a multibillion-dollar criminal enterprise that targets consumers and businesses in increasingly sophisticated ways. Through a combination of brand impersonation and domain exploitation, scammers are creating phishing messages that are harder than ever to detect.

Phishing attacks designed to steal funds and tax data rose 60 percent in 2018, in part because criminal gangs are leveraging legitimate business tools like marketing contact lists to target specific victims to scam. Fraudsters are also getting better at impersonating brands that consumers trust, such as Microsoft, Amazon and Netflix, in order to dupe email recipients into handing over login credentials that can be used to launch account takeover attacks.

To make their scams seem even more legitimate, fraudsters are increasingly directing their victims to data-capture websites with SSL certificates. These sites feature the padlock icon consumers have been taught to trust. Nearly half of phishing sites surveyed in last year's third quarter had the padlock.

As a result of these sophisticated phishing techniques, in addition to ongoing data breaches at businesses and other organizations, there’s a never-ending stream of payment and account data criminals can exploit or sell.

Fraud committed with stolen card data is getting easier to detect, so criminals are using their haul of stolen data to take over existing customer accounts or to create fake online personas that are harder to detect. Juniper predicts that in the area of money transfers alone, synthetic identity fraud losses will rise 20 percent year over year through 2023.