Email: More Dangerous than Ever

Most businesses and people assume email is secure. It is not. Every year millions of compromised email accounts are used by fraudsters. Email compromise is an enormous problem that leads to a variety of fraud losses. Among many other things, consumers could have web accounts taken over, or lose travel or loyalty rewards, while businesses can have data stolen or fall prey to ransomware.

The following report highlights that the tremendous success fraudsters are having at monetizing compromised emails is a growing concern in cyber insurance claims.

2025 Cyber Claims Report

The 2025 Cyber Claims Report from Coalition sheds light on the evolving landscape of cyber threats, highlighting that business email compromise (BEC) and funds transfer fraud (FTF) have become the most frequent sources of cyber insurance claims.

This shift underscores a critical vulnerability that businesses face, primarily through the exploitation of email as a key identifier and communication channel.

According to the Coalition report, a majority of 2024 cyber insurance claims (60%) originated from BEC and FTF incidents. Significantly, 29% of BEC events were found to result in FTF, demonstrating a direct pipeline from email compromise to financial theft.

While ransomware claims stabilized and even saw a 3% decrease in frequency and a 7% decrease in severity year-over-year, and average ransom demands dropped by 22% to $1.1 million, BEC claims severity actually increased by 23%. This indicates that BEC, while perhaps less sensational than ransomware, is a highly effective and increasingly impactful method for cybercriminals to target businesses.

Even though FTF claims frequency decreased by 2% and severity by 46% year-over-year after an all-time high in 2023, the sheer volume of claims originating from BEC and FTF makes them a primary concern.

While the Coalition report primarily focuses on BEC and FTF from a business insurance claims perspective, it's crucial to understand that consumers are not immune to email compromise, which can then fuel these same types of fraud.

Email is widely used as a key unique identifier for customers and is often assumed to be secure, but it is explicitly NOT a secure verification or communication channel. Fraudsters actively target and compromise millions of personal email accounts, gaining access to sensitive information or the ability to impersonate individuals. When a consumer's email is compromised (CEC), it opens up avenues for criminals to initiate account takeover (ATO) fraud, as seen with the top U.S. brokerage that identified over $700,000 in ATO fraud attempts via a malicious actor's access to customer's email. This demonstrates how compromised consumer emails can directly lead to financial theft, exponentially increasing the pool of vulnerable targets and the complexity of the fraud landscape for both individuals and businesses.

See The Threat Before it becomes a Problem

Addressing this pervasive threat, myNetWatchman offers solutions designed to secure email channels, which are frequently exploited in BEC and FTF scenarios. Our Email Reputation solution provides an easy-to-use API that reveals the likelihood of an email address being "created-for-fraud" or if criminals have access to the email box, specifying when the access occurred and what they were seeking.

Companies can leverage myNetWatchman's Email Reputation at various critical points to prevent fraud:

• At Account Creation: To verify if an email is legitimate, synthetic, or already compromised.

• At Login with email 2FA or password changes: To confirm an email's integrity before allowing sensitive actions like password resets or new account sign-ups, protecting trusted accounts from malicious actors.

• When a Sensitive Transaction is Initiated: To confirm end-user authentication on large transactions and validate high-risk accounts, which is vital during breach investigations.

myNetWatchman's effectiveness is underpinned by its vast proprietary data repository, which contains over 35 billion compromised credential pairs, including emails and passwords. We continuously update this database by monitoring live, bad actor traffic, adding 15 million new credentials and 150 thousand compromised email addresses daily that criminals are actively using. This allows mNW to proactively identify compromised accounts and prevent them from being used in fraudulent activities.

By identifying and flagging compromised emails before they can be used to initiate CEC, BEC or FTF, myNetWatchman directly tackles the very vulnerabilities highlighted by the Coalition report, offering a vital preventative layer against these prevalent and costly cyber threats.

For more information on myNetWatchman’s Email Reputation service, click here.