Despite not being designed for identity verification, email’s convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics:
A Convenient Lie — How email, a messaging protocol built in 1971, became the de facto identity layer for the digital economy, and why that decision was never as safe as it seemed.
The Four Jobs Email Was Never Supposed to Have — The four critical identity functions that email has been pressed into serving: universal username, account recovery, action approval channel, and persistent proof of identity over time.
Trust That Expires the Moment It’s Granted — Why email-based identity verification is a point-in-time check on a dynamic threat landscape, and how attackers exploit the gap between account creation and today.
The Cost of Static Trust — The measurable financial consequences of treating an email address as a permanent identity signal, including a $5M average cost per account takeover breach.
The Numbers Behind the Comfortable Myth — A data-driven look at the scale of account takeover fraud, credential stuffing, phishing, and synthetic email abuse, and how email sits at the center of each threat.
The Credential Reuse Epidemic — How password reuse across services turns a single breach into cascading exposure, feeding email-based credential stuffing attacks at industrial scale.
The Password Reset: Email’s Most Dangerous Feature — Why email-based password recovery, used by 64% of services as the sole option, functions as a skeleton key for attackers who control a victim’s inbox.
Why Businesses Keep Using It Anyway — The economic and inertial forces that keep organizations dependent on email as an identity signal, even as the evidence of its failure accumulates.
The MFA Paradox — Why multi-factor authentication hasn’t solved the underlying problem when most MFA flows are themselves rooted in the same compromised email addresses.
The Disposable Address Problem — How the $1.36B disposable email industry enables account fraud from the moment of registration, and why standard validation tools can’t detect it.
The Abandoned Account: A Skeleton Key That Never Expires — How dormant accounts accumulate in every user database, linked to email addresses that have changed hands, and how criminals exploit that invisible drift.
The Case Studies That Should Have Changed Everything — Documented, publicly reported failures — from Roku to Norton to Business Email Compromise — that illustrate the predictable cost of trusting email as identity.
From Static Trust to Continuous Intelligence — What a better approach looks like: shifting from one-time email validation to continuous risk assessment at every high-stakes moment in the account lifecycle.
Closing the Weakest Link — How organizations should rethink email risk, and how myNetWatchman Email Reputation was built to solve account takeover fraud and fake account creation at scale.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →