Multi-factor autentication was supposed tobe the answer to the password problem. But when the second factor routes through the same compromised email address, you haven't added security, you've just added steps. 85% of breached orgs had bot detection 62% were successfully breached anyway $5 M average cost per ATO breach Every security team in America will tell you the same thing: enable MFA. It’s become the first commandment of enterprise cyber hygiene, the baseline recommend

The $15.6 billion mistake hiding in plain sight, and why fixing it starts with questioning the premise. Every morning, hundreds of millions of people prove who they are to their bank, their employer, their insurance company, their investment platform. They do it with the same mechanism they've used for decades: an email address and a password. The system sends a link. The link arrives. The system says: identity confirmed. Access granted. It sounds reasonable. It is, in fact,

Despite not being designed for identity verification, email's convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics

Executive Brief Email was never built to be your digital passport. Created as a simple, open-network protocol for exchanging messages between trusted parties, it lacked the foundational architecture for authentication, financial security, or identity verification. Yet, today, email has quietly become the "de facto" primary identifier for billions of users. From resetting bank passwords to approving high-value transactions, the email address is the gatekeeper of the digital ec

In the modern digital economy, the email address has transcended its original purpose as a communication tool. It has become the near-universal unique identifier—the primary digital ID for billions of users. From financial services to SaaS products, the email address is the default gatekeeper for account creation, password resets, and high-value transactions. However, this reliance has created a dangerous security paradox: while email is treated as a permanent, trusted anchor

Yes, criminal activity spikes during peak shopping season. But the most damaging fraud often doesn’t happen in November or December. It happens months later, after the holidays have passed and attention has shifted, using accounts that were created, compromised, or harvested during peak volume. Fraudsters don’t treat the holidays as a sprint, they treat them as account setup season. Fraudsters use the holidays to set up sleeper accounts and synthetic identities, and to harves

Klarna is just now learning what many in fraud prevention have known for years: synthetic identity fraud doesn’t start with stolen credit cards, it starts with unvetted digital identities. For years, email addresses have been treated as little more than a communication channel, a box to check during account creation. That assumption is now proving to be dangerously outdated . Email is often the first persistent identifier tied to consumer, vendor, and partner accounts. When e

Across the payments ecosystem, criminals need validated, “live” cards because stolen cards are the fuel for almost every form of online payment fraud. The sooner they confirm which cards work, the sooner they can monetize them and fraud can hide more easily. These cards include traditional consumer Visa and Mastercard branded cards from issuing banks, private label, commercial, and even gift cards.  But here’s the problem: many organizations, including banks, don’t see these

We’re thrilled to share some exciting news: our founder, Lawrence Baldwin , is featured in a gripping new BBC World Service  podcast series that dives deep into one of the most remarkable  true stories  in cyber history. Listen to Cyber Hack “Evil Corp”: https://www.bbc.com/audio/brand/w13xtvg9   About the Series The BBC’s Cyber Hack series “Evil Corp” takes listeners inside the high-stakes world of international cybercrime, where hackers, governments, and investigators cross

The First Industry Benchmark on Cyber Threats Targeting Global Travel Brands Savannah, GA, October 21, 2025  — myNetWatchman today announced the release of the Travel Credential Abuse Index (TCAI) Report , a first-of-its-kind benchmark tracking credential-based cyberattacks across airlines, hotels, online travel agencies (OTAs), and car rental companies. The report delivers unprecedented visibility into how credential abuse has evolved over the past two years, revealing that

If you’ve worked in fraud prevention or cybersecurity, you’ve probably heard it a thousand times: “Just turn on multi-factor...

Why Continuous Monitoring Is Essential for Account Protection Business leaders and fraud managers invest significant resources in...

Every executive decision relies on trustworthy numbers. Metrics like CAC (Customer Acquisition Cost), CLTV (Customer Lifetime Value),...

Apple just opened iPhone 17 pre-orders (stores launch September 19), and history has shown that fraudsters treat new-phone hype and...

(Excerpts from the recently published Special Report, “ The Economics of Credential Stuffing Attacks and Account Takeover Fraud ” by...

Credential stuffing is a serious cyberattack because it’s cheap, easy to scale, and takes advantage of the common problem of people...

Bridging the Divide Between Breach Data and Actionable Intelligence It has been a year since the massive AT&T data breach shook the...

Cybercrime is evolving faster than ever, and Business Email Compromise (BEC) stands out as one of the most insidious threats. Unlike...

According to the 2025 Verizon Data Breach Incident Report, credential abuse (i.e., credential stuffing, account takeover attacks, etc.)...

Cyber insurance is a critical tool for businesses to mitigate financial losses from cyberattacks. However, insurers' traditional approach...