Multi-factor authentication was supposed to be the answer to the password problem. But when the second factor routes through the same compromised email address, you haven’t added security, you’ve just added steps.
Every security team in America will tell you the same thing: enable MFA. It’s become the first commandment of enterprise cyber hygiene, the baseline recommendation in every compliance framework, the checkbox that signals an organization takes security seriously. The problem is that most MFA implementations are built on a foundation that attackers cracked open years ago, the email inbox.
Learn more →Every morning, hundreds of millions of people prove who they are to their bank, their employer, their insurance company, their investment platform. They do it with the same mechanism they’ve used for decades: an email address and a password. The system sends a link. The link arrives. The system says: identity confirmed. Access granted.
It sounds reasonable. It is, in fact, one of the most expensive security mistakes the digital economy has ever made, and it is still being made, at scale, right now.
Learn more →Despite not being designed for identity verification, email’s convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics:
A Convenient Lie — How email, a messaging protocol built in 1971, became the de facto identity layer for the digital economy, and why that decision was never as safe as it seemed.
Learn more →In the modern digital economy, the email address has transcended its original purpose as a communication tool. It has become the near-universal unique identifier — the primary digital ID for billions of users. From financial services to SaaS products, the email address is the default gatekeeper for account creation, password resets, and high-value transactions.
However, this reliance has created a dangerous security paradox: while email is treated as a permanent, trusted anchor of identity, it was never designed to be one. To secure the digital ecosystem, companies must shift from assumed trust to continuous risk assessment.
Learn more →Cybercrime is evolving faster than ever, and Business Email Compromise (BEC) stands out as one of the most insidious threats. Unlike flashy malware attacks, BEC is a subtle, social engineering scam where fraudsters impersonate trusted figures — like CEOs, vendors, or partners — to trick employees into wiring funds, sharing data, or authorizing bogus transactions. The result? Massive financial losses, data breaches, and shattered reputations.
According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams racked up a staggering $2.9 billion in losses in 2023 alone, with an average hit of $137,000 per incident. Fast-forward to 2024, and BEC accounted for 73% of all reported cyber incidents, with losses soaring past $55 billion over the decade. What’s more alarming? A 13% spike in attacks in early 2025, fueled by AI-generated emails — now 40% of BEC phishing attempts — making them eerily polished and undetectable.
Learn more →While organizations invest heavily in perimeter defenses, a critical vulnerability often lurks within: the exposed email addresses, passwords, and user IDs of employees and third-party vendors. These seemingly small exposures can provide an open door for cybercriminals to unleash devastating ransomware attacks, data breaches, and other malicious activities.
Recent incidents at major retailers like Victoria’s Secret and Adidas serve as stark reminders. Victoria’s Secret’s internal corporate systems and customer website were shut down for several days. Adidas’ customer data was stolen from a third-party vendor. Overlooking the security posture of internal personnel and external partners is a significant threat that many companies fail to adequately address.
Learn more →Most businesses and people assume email is secure. It is not. Every year millions of compromised email accounts are used by fraudsters. Email compromise leads to account takeovers, stolen travel and loyalty rewards, ransomware, and data theft — and it’s accelerating.
The 2025 Cyber Claims Report
The 2025 Cyber Claims Report from Coalition highlights that business email compromise (BEC) and funds transfer fraud (FTF) have become the most frequent sources of cyber insurance claims.
Learn more →According to Coalition’s 2025 Cyber Claims Report, Business Email Compromise (BEC) attacks and Fund Transfer Fraud (FTF) accounted for a staggering 60% of all cyber insurance claims in 2024. The financial impact is significant: BEC incidents cost organizations on average $35,000. Furthermore, 29% of BEC attacks led to FTF incidents, with an even higher average loss of $106,000.
A Near-Miss That Says It All
Consider the story of a banker at a large regional bank. A customer — a landscaper — came in to finalize the purchase of a large truck, with a $50,000 wire transfer to the dealership.
Learn more →