Multi-factor authentication was supposed to be the answer to the password problem. But when the second factor routes through the same compromised email address, you haven’t added security, you’ve just added steps.
Every security team in America will tell you the same thing: enable MFA. It’s become the first commandment of enterprise cyber hygiene, the baseline recommendation in every compliance framework, the checkbox that signals an organization takes security seriously. The problem is that most MFA implementations are built on a foundation that attackers cracked open years ago, the email inbox.
Learn more →Every morning, hundreds of millions of people prove who they are to their bank, their employer, their insurance company, their investment platform. They do it with the same mechanism they’ve used for decades: an email address and a password. The system sends a link. The link arrives. The system says: identity confirmed. Access granted.
It sounds reasonable. It is, in fact, one of the most expensive security mistakes the digital economy has ever made, and it is still being made, at scale, right now.
Learn more →Despite not being designed for identity verification, email’s convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics:
A Convenient Lie — How email, a messaging protocol built in 1971, became the de facto identity layer for the digital economy, and why that decision was never as safe as it seemed.
Learn more →Email was never built to be your digital passport. Created as a simple, open-network protocol for exchanging messages between trusted parties, it lacked the foundational architecture for authentication, financial security, or identity verification.
Yet today, email has quietly become the de facto primary identifier for billions of users. From resetting bank passwords to approving high-value transactions, the email address is the gatekeeper of the digital economy. This reliance has created a security paradox: we treat email as a permanent, trusted anchor of identity, even though it is one of the most easily compromised assets in a criminal’s toolkit.
Learn more →In the modern digital economy, the email address has transcended its original purpose as a communication tool. It has become the near-universal unique identifier — the primary digital ID for billions of users. From financial services to SaaS products, the email address is the default gatekeeper for account creation, password resets, and high-value transactions.
However, this reliance has created a dangerous security paradox: while email is treated as a permanent, trusted anchor of identity, it was never designed to be one. To secure the digital ecosystem, companies must shift from assumed trust to continuous risk assessment.
Learn more →Yes, criminal activity spikes during peak shopping season. But the most damaging fraud often doesn’t happen in November or December. It happens months later — after the holidays have passed and attention has shifted — using accounts that were created, compromised, or harvested during peak volume.
Fraudsters don’t treat the holidays as a sprint. They treat them as account setup season.
In the 62 days of November and December, myNetWatchman observed the following from live data sources:
Learn more →Klarna is just now learning what many in fraud prevention have known for years: synthetic identity fraud doesn’t start with stolen credit cards — it starts with unvetted digital identities.
For years, email addresses have been treated as little more than a communication channel — a box to check during account creation. That assumption is now proving to be dangerously outdated. Email is often the first persistent identifier tied to consumer, vendor, and partner accounts. When email addresses are not properly authenticated at account opening, it becomes the perfect entry point for synthetic identities:
Learn more →If you’ve worked in fraud prevention or cybersecurity, you’ve probably heard it a thousand times: “Just turn on multi-factor authentication (MFA). It’ll stop the hackers.”
And sure, MFA helps — a lot. But here’s the reality no one likes to admit: the most common doorway attackers use to bypass MFA is a compromised email account. The inbox — that familiar, everyday tool we all rely on — is often the weakest link in account security. It’s the digital key to password resets, login approvals, and account verifications. When that key is stolen or spoofed, even the strongest MFA setup can crumble.
Learn more →Business leaders and fraud managers invest significant resources in verifying and authenticating new customers. You implement rigorous fraud checks, confirm identities, and follow best practices to ensure each account is secure at the point of creation. At that moment, you can be confident the account is trustworthy.
Here’s the hard truth: even if you’ve verified a customer at signup, their account can still be at risk the next day — all because of their email address.
Learn more →Every executive decision relies on trustworthy numbers. Metrics like CAC, CLTV, churn, and growth are only as accurate as the data behind them. When fake, synthetic, or compromised email addresses start clogging up your customer account lists, they distort these critical measurements — inflating acquisition costs, diluting lifetime value, and creating churn that doesn’t reflect real customer behavior.
By eliminating fake, compromised, and other high-risk accounts, companies get a clearer picture of their true customer base and a more reliable financial view of their business. This isn’t just a fraud problem — it’s a cross-functional issue that affects how Marketing measures campaign ROI, how Sales forecasts pipeline growth, and how Finance evaluates capital efficiency.
Learn more →In our digital-first world, passwords — combined with an email address or User ID — are the primary gatekeepers to vast amounts of sensitive data. However, for nearly every online company, this reliance on passwords as a verification and identity method presents a critical weakness, leaving them vulnerable to credential stuffing, account takeover, and ransomware attacks.
Pervasive Problems: Weak, Reused, and Leaked Passwords
A Cybernews study on billions of leaked passwords revealed that a staggering 94% are either reused or duplicated across multiple services. Many users opt for “lazy” patterns like “123456” or simple combinations of lowercase letters and digits, making them trivial targets for brute-force and dictionary attacks. Despite decades of cybersecurity education, there has been little to no progress in user behavior.
Learn more →Most businesses and people assume email is secure. It is not. Every year millions of compromised email accounts are used by fraudsters. Email compromise leads to account takeovers, stolen travel and loyalty rewards, ransomware, and data theft — and it’s accelerating.
The 2025 Cyber Claims Report
The 2025 Cyber Claims Report from Coalition highlights that business email compromise (BEC) and funds transfer fraud (FTF) have become the most frequent sources of cyber insurance claims.
Learn more →