Despite not being designed for identity verification, email’s convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics:
A Convenient Lie — How email, a messaging protocol built in 1971, became the de facto identity layer for the digital economy, and why that decision was never as safe as it seemed.
Learn more →Yes, criminal activity spikes during peak shopping season. But the most damaging fraud often doesn’t happen in November or December. It happens months later — after the holidays have passed and attention has shifted — using accounts that were created, compromised, or harvested during peak volume.
Fraudsters don’t treat the holidays as a sprint. They treat them as account setup season.
In the 62 days of November and December, myNetWatchman observed the following from live data sources:
Learn more →Klarna is just now learning what many in fraud prevention have known for years: synthetic identity fraud doesn’t start with stolen credit cards — it starts with unvetted digital identities.
For years, email addresses have been treated as little more than a communication channel — a box to check during account creation. That assumption is now proving to be dangerously outdated. Email is often the first persistent identifier tied to consumer, vendor, and partner accounts. When email addresses are not properly authenticated at account opening, it becomes the perfect entry point for synthetic identities:
Learn more →Across the payments ecosystem, criminals need validated, “live” cards because stolen cards are the fuel for almost every form of online payment fraud. The sooner they confirm which cards work, the sooner they can monetize them — and fraud can hide more easily.
But here’s the problem: many organizations, including banks, don’t see these attacks happening — not because they lack technology, but because they lack visibility. The early signals don’t show up in their systems at all. This is the “visibility gap” that continues to cost banks millions in fraud losses every year.
Learn more →Business leaders and fraud managers invest significant resources in verifying and authenticating new customers. You implement rigorous fraud checks, confirm identities, and follow best practices to ensure each account is secure at the point of creation. At that moment, you can be confident the account is trustworthy.
Here’s the hard truth: even if you’ve verified a customer at signup, their account can still be at risk the next day — all because of their email address.
Learn more →Apple just opened iPhone 17 pre-orders, and history has shown that fraudsters treat new-phone hype and holiday volume as their favorite cover.
Sleeper Accounts: Set for Attack
One common tactic used by fraud groups is to set up accounts well in advance of an attack. These accounts — sometimes called “sleeper” or “dormant” accounts — are used to hit companies at scale and avoid the scrutiny of guest checkouts. Fraudsters typically create new accounts using synthetic identities or compromise existing accounts.
Learn more →It has been a year since the massive AT&T data breach shook the digital landscape — an incident affecting 73 million current and former customers stretching back to 2019. While the $177 million settlement and complimentary credit monitoring may signal closure for AT&T, for the individuals affected and every other business online, this event could be only the beginning.
Once customer data enters the dark web, its impact reverberates for years. This data is bought, sold, and repurposed time and again in countless fraud schemes.
Learn more →Cybercrime is evolving faster than ever, and Business Email Compromise (BEC) stands out as one of the most insidious threats. Unlike flashy malware attacks, BEC is a subtle, social engineering scam where fraudsters impersonate trusted figures — like CEOs, vendors, or partners — to trick employees into wiring funds, sharing data, or authorizing bogus transactions. The result? Massive financial losses, data breaches, and shattered reputations.
According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams racked up a staggering $2.9 billion in losses in 2023 alone, with an average hit of $137,000 per incident. Fast-forward to 2024, and BEC accounted for 73% of all reported cyber incidents, with losses soaring past $55 billion over the decade. What’s more alarming? A 13% spike in attacks in early 2025, fueled by AI-generated emails — now 40% of BEC phishing attempts — making them eerily polished and undetectable.
Learn more →According to the 2025 Verizon Data Breach Incident Report, credential abuse (credential stuffing, account takeover attacks, etc.) is the leading initial attack vector — up over 22%. Credential screening — evaluating credentials for potential compromise at login, signup, and account reset — is a best practice for enhancing security measures to fight these types of attacks.
Many organizations use breach data to screen against compromised credentials. However, using breach data alone can result in higher false positive rates, poor user experiences, and increased fraud remediation costs.
Learn more →Cyber insurance is a critical tool for businesses to mitigate financial losses from cyberattacks. However, insurers’ traditional approach of using questionnaires to assess cyber risk is inadequate in today’s rapidly evolving threat landscape.
Unless insurance companies stop relying primarily on questionnaires for risk assessment, they will continue to experience increased financial losses due to cyber fraud and crime.
Questionnaires have long been a staple for insurers to evaluate a company’s cybersecurity posture — typically asking about basic security measures such as whether a company uses firewalls, antivirus software, or Multi-Factor Authentication (MFA). However, these static, self-reported assessments fail to capture the dynamic and sophisticated nature of modern cyber identity threats.
Learn more →According to the Global Anti-Scam Alliance and Chainalysis Reports, “pig butchering” scams — luring victims into investing in fraudulent financial schemes often involving cryptocurrency — cost victims $75 billion globally from 2020 to 2024.
Compromised credentials on dating sites provide scammers a valuable toolset for executing these scams. By leveraging stolen information and impersonating real individuals, they can effectively target and manipulate victims, leading to significant financial losses and emotional distress. myNetWatchman has seen ongoing credential testing at multiple dating sites, with 235 thousand compromised accounts accessed by miscreants in the past year.
Learn more →While organizations invest heavily in perimeter defenses, a critical vulnerability often lurks within: the exposed email addresses, passwords, and user IDs of employees and third-party vendors. These seemingly small exposures can provide an open door for cybercriminals to unleash devastating ransomware attacks, data breaches, and other malicious activities.
Recent incidents at major retailers like Victoria’s Secret and Adidas serve as stark reminders. Victoria’s Secret’s internal corporate systems and customer website were shut down for several days. Adidas’ customer data was stolen from a third-party vendor. Overlooking the security posture of internal personnel and external partners is a significant threat that many companies fail to adequately address.
Learn more →Imagine Johnny, an AI expert, famous for his globetrotting talks, boasting about racking up over a million Delta miles. Unbeknownst to him, in his audience sits Billy, a tech guru with a less-than-ethical focus — stealing travel loyalty points to sell discounted travel.
Billy spots Johnny as a potentially “ripe target.” His initial challenge is accessing Johnny’s Delta account without knowing his email or password. At this stage, the odds of success are astronomically low — estimated at 1 in 100 billion. But Billy collects vast amounts of breach data, and his odds improve dramatically with each additional piece of information he obtains.
Learn more →According to Coalition’s 2025 Cyber Claims Report, Business Email Compromise (BEC) attacks and Fund Transfer Fraud (FTF) accounted for a staggering 60% of all cyber insurance claims in 2024. The financial impact is significant: BEC incidents cost organizations on average $35,000. Furthermore, 29% of BEC attacks led to FTF incidents, with an even higher average loss of $106,000.
A Near-Miss That Says It All
Consider the story of a banker at a large regional bank. A customer — a landscaper — came in to finalize the purchase of a large truck, with a $50,000 wire transfer to the dealership.
Learn more →The cybersecurity landscape is facing unprecedented challenges — and businesses are falling behind in robust, proactive defense strategies. As highlighted in the most recent Verizon report, a critical element in this environment is the pervasive threat of compromised credentials.
Verizon’s 2025 DBIR: Key Findings
- Credential abuse (22%) and exploitation of vulnerabilities (20%) are the leading initial attack vectors
- The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches
- Third-party involvement in breaches doubled to 30%, emphasizing supply chain risk
- Ransomware has risen 37% since last year, now present in 44% of breaches
- For SMBs, ransomware appears in 88% of breaches — the impact is disproportionate
Account Takeover as a Major Threat
Criminals leverage stolen email addresses, user IDs, and passwords to take control of legitimate user accounts, leading to fraud events. Compromised credentials provide attackers with the initial access needed to deploy ransomware — and beyond.
Learn more →Recent news brought this topic close to home: Troy Hunt, a renowned security expert and the creator of Have I Been Pwned (HIBP), recently shared that he fell victim to a sneaky phishing attack targeting his Mailchimp account.
Troy received an email that looked like it was from Mailchimp, claiming there was a spam complaint and that he needed to log in to resolve it. Being tired and a bit jet-lagged, he clicked the link and entered his credentials — only to realize moments later it was a fake site. The attackers immediately used this access to export his blog’s mailing list, containing around 16,000 records.
Learn more →Imagine this: You have elite frequent flyer status. You’ve spent years building up your miles, dreaming of that perfect vacation with your family. Then one day, your digital world crumbles. You can’t access your account. Your miles vanish. Your dream vacation turns into a nightmare.
This is exactly what happened to Steve.
For years, he’d been the airline’s dream client — clocking in countless hours and millions of miles. One day, Steve simply couldn’t access his frequent flyer account. He tried different passwords, different devices. Nothing. The customer service team could see his account, his miles, his upcoming trips — but couldn’t grant him access.
Learn more →Online accounts are protected by the three factors of authentication: something you know (like a password), something you have (like a phone), and something you are (like a fingerprint). These factors are designed to keep our accounts secure — but fraudsters constantly find new ways to compromise all three.
Something You Know: The Data Breach Bonanza
Fraudsters scoop up usernames and passwords from compromised companies — and they’ve been doing it since digital passwords were invented. They develop phishing scams to fool users into handing over credentials. And malware is everywhere: it’s estimated that more than 1 billion malware programs currently exist, automatically mining and sending information without the user knowing.
Learn more →In the world of online security, it’s tempting to take a rigid, unyielding stance against bad actors. Block any suspicious IP address, and bam — problem solved, right? Not quite.
“Be like water making its way through cracks. Do not be assertive, but adjust to the object, and you shall find a way around or through it.” — Bruce Lee
The Problem with IP Blocking
Many security solutions rely heavily on IP address blocking as a primary defense. While seemingly straightforward, this tactic is fraught with issues:
Learn more →Think of it this way: your smart fridge might be a Russian spy. That’s right — little Timmy’s WiFi-enabled icebox could be the reason poor Mrs. Miggins in Florida can’t buy her catnip online. Timmy’s fridge got hacked, used to launch a cyberattack, and bam — the IP address is flagged. Mrs. Miggins is collateral damage.
This is the fundamental problem with IP address blocking. IP addresses are like pigeons — they move around.
Learn more →