Most businesses and people assume email is secure. It is not. Every year millions of compromised email accounts are used by fraudsters. Email compromise leads to account takeovers, stolen travel and loyalty rewards, ransomware, and data theft — and it’s accelerating.
The 2025 Cyber Claims Report
The 2025 Cyber Claims Report from Coalition highlights that business email compromise (BEC) and funds transfer fraud (FTF) have become the most frequent sources of cyber insurance claims.
- 60% of 2024 cyber insurance claims originated from BEC and FTF incidents
- 29% of BEC events resulted in funds transfer fraud — a direct pipeline from email compromise to financial theft
- While ransomware claims saw a 3% decrease in frequency and 7% decrease in severity year-over-year, BEC claims severity actually increased 23%
- Average ransom demands dropped 22% to $1.1M; BEC is now the more impactful and consistent threat
Consumers Aren’t Safe Either
Email is widely used as a key unique identifier for customers and is often assumed to be secure — but it is explicitly NOT a secure verification or communication channel. When a consumer’s email is compromised, it opens avenues for account takeover (ATO) fraud. A top U.S. brokerage identified over $700,000 in ATO fraud attempts via a malicious actor’s access to customer emails — demonstrating how compromised consumer emails directly lead to financial theft.
Identifying Threats Before They Strike
The key is seeing the threat before it becomes a problem. Email reputation intelligence reveals the likelihood of an email address being “created-for-fraud” — or if criminals have access to the email box, specifying when the access occurred and what they were seeking.
Critical integration points:
- At Account Creation: Verify if an email is legitimate, synthetic, or already compromised
- At Login with email 2FA or password changes: Confirm email integrity before allowing sensitive actions like password resets
- When a Sensitive Transaction is Initiated: Validate high-risk accounts and confirm end-user authentication on large transactions
myNetWatchman’s repository contains over 35 billion compromised credential pairs, continuously updated by monitoring live bad actor traffic — adding 15 million new credentials and 150 thousand compromised email addresses daily. By identifying and flagging compromised emails before they can be used to initiate BEC or FTF, this approach offers a vital preventative layer against these prevalent and costly cyber threats.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →