Across the payments ecosystem, criminals need validated, “live” cards because stolen cards are the fuel for almost every form of online payment fraud. The sooner they confirm which cards work, the sooner they can monetize them and fraud can hide more easily. These cards include traditional consumer Visa and Mastercard branded cards from issuing banks, private label, commercial, and even gift cards.  But here’s the problem: many organizations, including banks, don’t see these attacks happening, not because they lack technology, but because they lack visibility. The early signals don’t show up in their systems at all. This is the “ visibility gap ” that continues to cost banks millions in fraud losses every year. Marketplace Data: Important…but Far Too Late For years, fraud teams have relied on Marketplace Data , the lists of stolen cards that appear for sale on dark-web shops. These lists, often obtained from breaches, infostealer logs, or underground marketplaces, give a rough sense of which cards may be exposed. Marketplace Data has value. It shows: Which BINs are circulating underground When large breaches occur How many cards are being sold by geography or issuer But Marketplace Data has two crippling limitations: 1. It’s reactive. Cards usually appear on dark-web markets days, weeks, or even months after they are stolen. Because it is a marketplace, these cards may have been bought and sold many times. By the time an organization sees them, it's likely that criminals may already be testing or monetizing them. 2. It says nothing about card validity. A card listed for sale may be expired, canceled, or blocked. Marketplace Data doesn’t reveal which cards remain active, and therefore doesn’t help banks know where fraud is actually imminent. This gap can be especially dangerous during the holiday season. Fraud rings stockpile tens of thousands of stolen cards in early Q4, but marketplace listings only confirm exposure, not criminal activity or timing. To stop fraud before it starts, organizations need something more immediate and more reliable: behavioral evidence of live card testing . Checker Data: The Earliest, Most Actionable Warning Signal Checker Data captures the exact moment criminals test cards across the internet, this is real-time behavioral intelligence, not scraped listings, not breach dumps, not forensic aftermath. This is the earliest point in the fraud lifecycle where intent becomes visible. Instead of relying on a dark-web posting, real-time intelligence data shows: Which BINs are being tested right now Which cards are being validated successfully Where testing is geographically clustered How quickly testing is accelerating Which testing tools, botnets, or attack methods are involved And this early signal matters. As highlighted in a recent case study, one regional bank detected 25,000 compromised cards by monitoring real-time testing behavior, saving over $2.5 million in operational expense while preserving $7.5 million in revenue that would have been lost to customer churn and cardholder frustration. The fundamental difference here is between knowing cards were stolen (Marketplace Data)…and knowing that criminals are actively preparing to use them (Real-time intelligence data). Why Some Miss Seeing Card Testing Themselves An organization’s fraud models, no matter how advanced, may not detect early testing for one simple reason: Card testing happens at merchants that many don't see. Criminals rarely test cards at well-protected, high-security ecommerce sites. Instead, they test them at: Small online stores Donation platforms Subscription trial signups Global merchants with weak AVS or no 3-D Secure Bots hitting thousands of micro-merchants at once Organizations only see testing if an attacker attempts a transaction at a merchant using the issuer’s card. But in most attack cycles, criminals test hundreds of cards for hours or days before a single transaction ever reaches the issuing company’s systems. That means fraud managers are trying to solve a problem operating almost entirely outside their field of view . Closing the Gap: Why Real-Time Intelligence Matters Real-time Intelligence Data offers organizations a fundamentally different approach: Detection within seconds, not weeks Action before fraud, not after Accurate, high-fidelity signals tied to real testing behavior Compliance-safe data (no illicit marketplace procurement) Protection from seasonal testing surges Organizations don’t need to wait for fraud to appear in their own ledger. They can see attacks as they begin, across the entire internet. This is the shift from reactive defense to proactive prevention. myNetWatchman: Closes the Visibility Gap The visibility gap doesn’t have to be a permanent feature of BIN testing or seasonal fraud. myNetWatchman delivers the earliest alerts in the industry , detecting card-testing activity within seconds of the first probing attempt. By monitoring real-world testing behavior across the internet, myNetWatchman identifies compromised cards before fraud occurs, giving issuers the power to block, lock, or reissue with confidence. If your organization wants to get ahead of testing surges, strengthen customer trust, and reduce fraud losses before they happen, contact myNetWatchman today to see how real-time Checker Intelligence can transform your fraud-prevention strategy. Read more about our Card Monitoring solution.

We’re thrilled to share some exciting news: our founder, Lawrence Baldwin , is featured in a gripping new BBC World Service  podcast series that dives deep into one of the most remarkable  true stories  in cyber history. Listen to Cyber Hack “Evil Corp”: https://www.bbc.com/audio/brand/w13xtvg9   About the Series The BBC’s Cyber Hack series “Evil Corp” takes listeners inside the high-stakes world of international cybercrime, where hackers, governments, and investigators cross paths in a web of digital intrigue. It’s a global story that touches on billions of dollars, state-backed hacking, and the people who work tirelessly to uncover the truth. Among those voices is Lawrence Baldwin , our founder, whose pioneering work in cybersecurity and threat intelligence has been shaping this field for decades. His story brings authenticity, expertise, and a deeply human perspective to a narrative that spans continents. Why It Matters This isn’t just a story about hacking, it’s a story about integrity, perseverance, and innovation . For us, it’s an honor to see Lawrence’s contributions recognized on such a global stage. His experience has not only guided our company’s mission but continues to inspire how we approach our work every day, with curiosity, courage, and commitment to protecting others online. Tune In Cyber Hack series “Evil Corp” here: https://www.bbc.com/audio/brand/w13xtvg9   You can also find it on your favorite podcast app including Apple Podcasts & Spotify. Join the Conversation After you listen, we’d love to hear what you think. Thank you  for being part of our community and for supporting the work that began with one founder’s vision to make the internet a safer place. Enjoy, The myNetWatchman Team

The First Industry Benchmark on Cyber Threats Targeting Global Travel Brands Savannah, GA, October 21, 2025  — myNetWatchman today announced the release of the Travel Credential Abuse Index (TCAI) Report , a first-of-its-kind benchmark tracking credential-based cyberattacks across airlines, hotels, online travel agencies (OTAs), and car rental companies. The report delivers unprecedented visibility into how credential abuse has evolved over the past two years, revealing that while overall attack volumes fluctuate, the sophistication and persistence of threat actors continue to rise. Drawing on activity across more than 85 travel platforms  and billions of login attempts , the TCAI captures  real-world fraud behavior across sectors. The findings reveal  that credential abuse in travel has not declined, it has adapted . Attackers continue to exploit stolen credentials, MFA bypass tools, and both human and supply chain vulnerabilities. High-attack periods frequently correlate  with major data breaches such as the Otelier hotel software breach in 2024 and the coordinated Scattered Spider  airline campaigns in mid-2025. “Credential abuse represents one of the most persistent and underestimated risks to digital travel. Our goal with the TCAI is to give the industry a data-driven view of this evolving threat, and the tools to fight back.” said David Montague, CEO, myNetWatchman The TCAI highlights that attackers are increasingly ROI-driven , shifting focus among travel sectors as defenses tighten. Airlines and OTAs face  the most sustained surges. Despite widespread adoption of multi-factor authentication, the report warns that MFA alone is not enough . Travel companies must also implement compromised credential screening, advanced bot detection, and synthetic identity prevention . The research underscores the growing need for proactive threat intelligence and continuous monitoring. “Credential abuse is not a one-time event; it’s an evolving ecosystem,” added Montague. “Without layered detection and identity verification, even the strongest authentication systems can be undermined.” The Travel Credential Abuse Index Report (October 2025)  is available for download at   www.myNetWatchman.com/TCAI . About myNetWatchman myNetWatchman provides real-time intelligence and fraud prevention solutions to help organizations detect and stop credential abuse, account takeover, and synthetic identity fraud. Leveraging billions of behavioral and reputational signals across the internet, myNetWatchman helps global enterprises identify risk, reduce fraud losses, and protect customer trust.

If you’ve worked in fraud prevention or cybersecurity, you’ve probably heard it a thousand times: “Just turn on multi-factor authentication (MFA). It’ll stop the hackers.” And sure, MFA helps — a lot. But here’s the reality no one likes to admit: the most common doorway attackers use to bypass MFA is a compromised email account. That’s right. The inbox — that familiar, everyday tool we all rely on — is often the weakest link in account security. It’s the digital key to password resets, login approvals, and account verifications. When that key is stolen or spoofed, even the strongest MFA setup can crumble. So before we talk about logins, we need to talk about detecting compromised credentials and detecting compromised emails, because not every email belongs to who it claims to. The Bigger Problem: Compromised and Fake Email Accounts Every modern account starts with an email address, it’s the backbone of digital identity. Unfortunately, attackers know this too. They target inboxes because controlling one email account can unlock a chain of others, bank accounts, customer portals, corporate systems, cloud services, and more. Two major issues make this a nightmare for security teams: Compromised accounts : These are real users’ emails that have been stolen or exposed in breaches, often found in dark web dumps or infostealer logs. Once compromised, they become golden tickets for account takeover (ATO) attacks. Synthetic or fake accounts : Fraudsters create “clean-looking” identities that pass basic verification. They lie dormant for months, appearing legitimate until they’re suddenly used for fraud or cash-out events. In one incident, threat actors compromised multiple email accounts to identify users with Bitcoin holdings. By exploiting access to those inboxes, they located crypto exchange notifications, used that information to circumvent two-factor authentication, and ultimately walked right into those accounts. In both cases, MFA can be completely bypassed, not because the technology is broken, but because it’s authenticating the wrong person. Why MFA Isn’t Enough Anymore MFA was designed to stop unauthorized access by asking users for more than just a password. It combines factors like something you know (a password), something you have (a phone or token), or something you are (a fingerprint or face scan). But modern attackers are patient and clever. They’ve developed ways to slip past these barriers by exploiting weak links, usually human ones. Here are a few ways MFA is commonly defeated: Compromised Email Account : When a fake, synthetic, or compromised email account is used as a part of the MFA verification, criminals are taking over the account or will shortly. Prompt Bombing (MFA Fatigue) : Attackers flood users with repeated authentication requests until someone hits “approve” just to make it stop. Social Engineering : Fraudsters pose as IT or customer support, tricking users into confirming fake login attempts. SIM Swapping : By hijacking a phone number, attackers intercept SMS-based MFA codes. Session Hijacking : Cybercriminals steal valid session cookies from browsers, effectively “skipping” MFA. Malware on Endpoints : Once malware is on a device, even MFA can’t protect what’s already been compromised. Phishing-as-a-Service Kits : Ready-made tools now let attackers rent sophisticated MFA-bypass systems that intercept credentials and session tokens. Each of these methods preys on one key weakness, the trust we place in user credentials . Why Email Reputation Is the Missing Piece If MFA verifies “how” someone logs in, Email Reputation verifies who can log in. It’s the trust layer that ensures the credentials you’re authenticating actually belong to a legitimate, uncompromised user or another party who may have access. Email Reputation by myNetWatchman was built for exactly this. It uses real-time intelligence, sourced from both open and dark web data to identify whether an email account: Has been accessed by bad actors Observed in recent criminal activity Fake or synthetically created Recently registered and showing high-risk behavior Instead of waiting for an attack to happen, businesses can flag risky accounts at the moment of login or account creation. Where to Integrate Email Reputation Adding email reputation checks into your existing processes is straightforward and powerful. Here’s how to make it part of your fraud and security workflow: At Account Creation : Screen new sign-ups for compromised or fraudulent email addresses. At Login (even with MFA) : Identify compromised users before granting access. During Password Reset : Prevent attackers from resetting credentials on hijacked accounts. For High-Value Transactions or Account Changes : Reassess account trust before money moves. Periodic Account Reviews : Uncover “sleeper accounts” that may have gone bad since creation. This approach doesn’t replace MFA, it completes it . You’re no longer just confirming someone’s login attempt; you’re validating their identity’s credibility. The Bottom Line MFA is a valuable tool, but it was never meant to be a silver bullet. When the average data breach starts with a compromised email, focusing on MFA alone is like putting a better lock on a door, while ignoring that someone already has a copy of the key. Real security starts with trustworthy credentials . By integrating Email Reputation intelligence, businesses can finally move from reactive defense to proactive protection, spotting compromised, fake, and high-risk accounts before they do harm.

Why Continuous Monitoring Is Essential for Account Protection Business leaders and fraud managers invest significant resources in verifying and authenticating new customers. You implement rigorous fraud checks, confirm identities, and follow best practices to ensure each account is secure at the point of creation. At that moment, you can be confident the account is trustworthy. Compromised Email Risk: The Silent Trigger for Account Takeover Here’s the hard truth: even if you’ve verified a customer at signup, their account can still be at risk the next day, all because of their email address. When an email gets compromised through a phishing scam, a data breach, or dark web sale, fraudsters suddenly hold the keys to everything. With email inbox access, they can grab password reset links, approve fraudulent transactions, and impersonate your customer, all while flying under the radar. Account Creation to ATO From your perspective, a new customer has successfully passed fraud checks and started their journey with your brand. For fraudsters, however, this is just the beginning of an opportunity. Even if the onboarding data is clean, an email address, a seemingly mundane detail, can become the gateway to account takeover. A user enters data to create a new account Your company runs its process to authenticate and verify user data and approves the new account The email address becomes compromised due to several causes like phishing, breach, etc. Using the compromised email account, fraudsters now control the account and can: Alter account details or reset passwords Drain loyalty points, balances, or digital wallets Make unauthorized purchases Damage your brand’s reputation by making your business appear vulnerable The Underlying Issue Users/customers routinely reuse the same email and password combinations across numerous websites. On average, people maintain 75–100 online accounts. If their credentials are compromised elsewhere, that same combination can be used to breach their account on your platform. When an email gets compromised through a phishing scam, a data breach, or dark web sale, fraudsters suddenly hold the keys to everything. With inbox access, they can grab password reset links, approve fraudulent transactions, and impersonate your customer—all while flying under the radar. Why is this so dangerous? Email is the digital hub: It connects bank accounts, shopping platforms, social media, even work logins. If one email is compromised, dozens of accounts can be, too. Customers rarely know: Most people never realize their email has been exposed until after something bad happens. Credential reuse is rampant: People recycle the same email-and-password combo across sites, so a breach in one place can easily spill over to yours. That’s why continuous email reputation checks matter, they help you spot when “trusted” accounts are no longer trustworthy, before takeover and fraud hit your bottom line. A Proactive Approach While robust account verification at signup is essential, it's not sufficient. Modern fraud management demands ongoing risk assessment at every key touchpoint, such as account creation, customer login, account changes, funds transfer, and loyalty points redemption. The Power of Email Reputation This is where myNetWatchman’s Email Reputation service adds critical value. Through a simple API, you can instantly verify at these key customer interactions, like: Account Creation : Assess whether the email is compromised, fake, or synthetic, for step-up authentication or to block suspicious applicants upfront. Customer Login : Detects if the account has been compromised and actively being used by bad actors since its creation. Account Changes : Ensure account details are not being changed by bad actors who have taken over the account. Funds Transfer, Loyalty Points Redemption : Before a transfer of value takes place, make sure the actual account owner is in control. For your business, this translates to lower authentication costs, stronger defense against account takeover, and a smoother experience for legitimate customers. Final Thought The reality is that an account deemed “safe” yesterday may already be a risk today. By integrating continuous trust checks like Email Reputation into your fraud prevention strategy, you proactively close security gaps, protecting your business and maintaining customer confidence.

Every executive decision relies on trustworthy numbers. Metrics like CAC (Customer Acquisition Cost), CLTV (Customer Lifetime Value), churn, and growth are only as accurate as the data behind them. When fake, synthetic, or compromised email addresses start clogging up your customer account lists, they distort these critical measurements, inflating acquisition costs, diluting lifetime value, and creating churn that doesn’t reflect real customer behavior. By eliminating fake, compromised, and other high-risk accounts, companies get a clearer picture of their true customer base and a more reliable financial view of their business. This isn’t just a fraud problem, it’s a cross-functional issue that affects how Marketing measures campaign ROI, how Sales forecasts pipeline growth, and how Finance evaluates capital efficiency. One of the most effective and under-leveraged processes to achieve cleaner data is email account hygiene. This approach evaluates the trustworthiness of an email address at account creation, login, or during ongoing use, helping to detect synthetic identities, compromised accounts, disposable emails, and addresses linked to recent criminal activity. Filtering these out early protects your business and ensures that your growth, retention, and revenue metrics reflect reality rather than noise. Impact on Business Metrics Fraud Vector Signal from Email Reputation Impact on Business Metrics Disposable / temporary email addresses Poor domain reputation, short lifetimes, high churn Marketing : Campaign performance looks inflated but doesn’t convert. Finance:  CAC rises as acquisition spend is wasted Compromised / breached credentials Appear in breach dumps or infostealer logs Fraud:  Direct ATO losses. Sales:  Inflated LTV that disappears with churn. Finance:  Missed revenue forecasts due to account attrition Synthetic / fake accounts Detected via email age, domain reputation, behavioral signals Sales:  Inflated pipeline and false “user growth”. Marketing:  Campaign ROI reporting skewed. Finance: Overstated revenue potential in models Observed criminal / fraud activity Known fraud rings, chargebacks, spam networks Operations:  Reduced manual review and chargeback costs. Customer Experience:  Trust and retention improve. Finance:  More predictable fraud loss reserves. The Bigger Picture Behind the Numbers The data paints a sobering picture: synthetic and fake accounts aren’t just a nuisance, they are warping the very financial metrics executives rely on to make decisions . TransUnion reports that more than half of financial institutions now see synthetic identities as their top fraud concern. At the same time, the tactics behind these accounts are evolving, with 40% of institutions observing increased fraud attempts tied to generative AI, and nearly a third already facing deepfake-driven synthetic identities. These aren’t fringe issues; they’re mainstream risks undermining the quality of customer data. It’s not just financial services feeling the impact. Ping Identity highlights a 32% growth in fraudulent new bank accounts in a single year, and a staggering 183% spike in synthetic fraud attempts in retail over a three-year period. These accounts don’t only drain fraud budgets, they inflate Marketing’s lead counts, Sales’ user growth numbers, and Finance’s forecasts. Executives making calls on CAC, LTV, or churn are often doing so with corrupted data sets. Email Reputation from myNetWatchman Exposes Compromised, Fake Email Accounts Email Reputation doesn't just reduce fraud losses; it restores trust in the numbers themselves . By filtering out the noise of fake, synthetic and compromised accounts, companies can ensure their financial reporting is grounded in reality. And for business managers, that clarity isn’t a nice-to-have, it’s essential for allocating capital, planning growth, and proving ROI across the organization. For Marketing : Better segmentation, cleaner campaign attribution, higher conversion rates For Sales : Real pipeline, not padded by synthetic users For Finance : Capital efficiency ratios (CAC, payback, LTV/CAC) calculated on real customer, not fake ones Email Reputation is a simple API that helps companies determine if an email address is trustworthy, fake, synthetic, deliverable, or actively compromised. Businesses use Email Reputation during new account setup, login, and password reset to reduce authentication costs, enhance security, and prevent fraud. The real impact goes beyond fraud to ensure the metrics driving strategy and valuation actually reflect reality. For more information on Email Reputation by myNetWatchman, click here .

Apple just opened iPhone 17 pre-orders (stores launch September 19), and history has shown that fraudsters treat new-phone hype and holiday volume as their favorite cover. Sleeper Accounts Are Set for Attack One common tactic used by fraud groups is to set up accounts well in advance of an attack. These accounts, sometimes called "sleeper" or "dormant" accounts, are used to hit companies at scale and avoid the scrutiny of guest checkouts. Experian describes this as new or hijacked accounts that behave normally until a rapid cash-out. Fraudsters typically create new accounts using synthetic identities or compromise existing accounts. In some cases, fraudsters have pre-positioned tens of thousands of accounts for the holidays alone. When you add in the hype of a new iPhone, the stage is set for a season of attacks. After weeks or months of lying low, these accounts are then activated by criminals to purchase upgrades, device financing, add-a-line promotions, or execute SIM swaps and port-outs. Why this matters for mobile carriers: the new-account step is already the riskiest stage in digital onboarding; of which the Communications Fraud Control Association (CFCA) reports 1 in 9 telecom applications are believed to be fraudulent and that subscription/application fraud dominates telco fraud cases. Once a sleeper slips through, detection gets harder because the identity has “aged” and looks trustworthy. What the numbers say (and don’t) The telecom industry’s fraud pain is well documented even if “sleeper accounts” aren’t broken out as a standalone line item. The CFCA estimates $38.95B in telecom fraud losses in 2023 (about 2.5% of global telecom revenue). Subscription/application and handset-related schemes are repeatedly cited among the top drivers, exactly the channels sleepers exploit when high-demand devices land. Bottom line: sleeper accounts deserve carrier attention, especially during iPhone launches and the seasonal spike in orders. How sleepers behave Age the account: Clear KYC/IDV, low-risk behavior, on-time micro-payments to build trust/limits. Change-then-spike : Recent contact or address changes, then a sudden upgrade/financing basket, add-a-line, or number port. Cross-linking tells : Shared delivery addresses, devices, IPs/subnets, or emails across “unrelated” accounts, hallmarks of organized crime rings. All patterns consistent with dormant/ATO and subscription-fraud lifecycles. myNetWatchman spots synthetic and compromised accounts before they can monetize How quickly can you spot a compromised or synthetic/fake account? At myNetWatchman, we identify "sleeper" accounts in real-time giving you the earliest possible heads-up to fraud. We're constantly sifting through attack traffic and monitoring criminal activity as it happens. This means you get the best detection and remediation for hijacked accounts, right when it matters most. Here's how we do it: Our Email Reputation service is a low cost and easy-to-use API companies use to determine if an email address really works, was created-for-fraud (its fake), or if criminals have compromised the email account and are actively using it. Stop Fraud Before it Starts : Check the validity of an email account, anytime. Companies use Email Reputation to enhance user experience and optimize costs to authenticate and verify users as part of KYC, security, and fraud prevention. At account opening At login with 2FA/MFA During password reset User verification before large transaction Not Just Customer Accounts : Since fraud can come at you from several directions, Email Reputation is applicable for all users with emails, customers, employees, vendors, partners, suppliers, consultants and contractors. We're always gathering data, from live sources to the darknet. Then, our own intelligence and analysis kick in, pulling out the most relevant details—raw data, comparisons, velocities, and key features. All this incredibly accurate and actionable data is deployed in real-time, ensuring a smooth and secure experience for you. Want to learn more? Check us out at myNetWatchman.com. Sources : CFCA global telecom fraud loss estimate (2023); TransUnion State of Omnichannel Fraud (new-account fraud rate); Experian on dormant/sleeper fraud; TransUnion on rising SIM-swap/port-out & Javelin ATO losses.

(Excerpts from the recently published Special Report, “ The Economics of Credential Stuffing Attacks and Account Takeover Fraud ” by myNetWatchman) Credential stuffing has endured because it’s ruthlessly economical. Attackers take username/password pairs harvested from one breach, or several combined, and automate login attempts across thousands of sites. Even when only a tiny fraction succeed, think 0.00018% to 0.025% , the sheer scale turns pennies into profits and headaches into real losses for businesses (see report pages 1 and 5 ). The problem persists because consumers, employees, and vendors reuse passwords and criminals can cheaply rent botnets, proxies, and tools that mimic human behavior. The math favors the adversary. As the report details, a large-scale campaign can cost around $300 for the total package of credential lists, residential proxies, 2FA-bypass kits, and automation software ( page 4 ). Break-even can happen at ~0.006% success if each compromised account yields just $50 and many accounts are worth far more. At volume, the numbers get staggering: one streaming service saw 773 million credential tests/attacks in a year, producing nearly 2 million successful logins at a 0.0025% hit rate; even a “low” success rate becomes material at internet scale ( page 5 ). For organizations, the economics cut the other way. There are direct fraud losses , investigation and remediation costs, and reputational harm. The report cites $13B lost to ATO fraud in 2023 and an average of $4.81M per credential-stuffing attack (pages 4–5 ). Operationally, bots can clog login flows, ~16.5% of login-page traffic is linked to stuffing, driving latency, downtime, and support load ( page 5 ). Compliance risk compounds the pain: PCI DSS, GDPR, and CCPA enforcement can stack on fines and legal exposure ( page 7 ). The threat is evolving, too. AI-powered bots and headless browser automation help attackers solve CAPTCHAs, navigate complex flows, and adapt to defenses ( page 6 ). That means static controls won’t keep up. What does work is shifting the economics back in your favor. The report recommends a multi-layered defense : credential screening to spot exposed or actively abused credentials, MFA, aggressive rate limiting, device fingerprinting, behavioral biometrics, cooling-off periods for high-risk actions, and zero-trust checks for sensitive steps ( pages 8–9 ). Real-world outcomes are compelling. One international ISP drove ATOs down from 3,000/day to 4/day , and the sidebar on page 9 also highlights a 91% detection rate of compromised credentials observed in a multi-channel retailer slashing ATO successes from 532,000 to under 49,000 after implementing myNetWatchman’s AllCreds screening. If losses from credential stuffing feel inevitable, this report shows it isn’t. You can upend the attacker ROI with layered controls and proactive credential screening at account creation, reset, and login. Want to view the full report? Download here for all the details.

Credential stuffing is a serious cyberattack because it’s cheap, easy to scale, and takes advantage of the common problem of people reusing passwords. Even though only a tiny fraction of these attacks succeed (0.00018% to 0.25%), the sheer number of attempts means big profits for criminals and big costs for organizations. The financial gains for attackers, combined with how these attacks work, highlight the urgent need for strong defenses. Our latest report, "The Economics of Credential Stuffing Attacks and Account Takeover Fraud," breaks down why these attacks are so effective and what they cost both criminals and organizations. Inside, you'll learn about: The Low-Risk, High-Reward Business Model : A large-scale attack can cost as little as $300, while a single successful login can lead to hundreds or even thousands of dollars in fraud. The Alarming Cost to Businesses : From direct financial losses and operational expenses to severe reputational damage, the costs for organizations can be millions of dollars per breach. AI's Growing Role : Discover how AI-powered bots and generative AI are making these attacks more sophisticated and harder to detect. Essential Defensive Strategies : We outline the multi-layered approach organizations must take to protect themselves, including implementing Multi-Factor Authentication (MFA), behavioral biometrics, and our own AllCreds Compromised Credential Screening solution. Don't wait until your organization becomes the next victim. Download our report today to get a clear understanding of the threat and how to protect your customers and your business.

Bridging the Divide Between Breach Data and Actionable Intelligence It has been a year since the massive AT&T data breach shook the digital landscape, an incident affecting 73 million current and former customers stretching back to 2019. While the $177 million settlement and the offer of complimentary credit monitoring may signal closure for AT&T, for the individuals affected and every other business online, this event could be only the beginning. Once customer data enters the dark web, its impact reverberates for years. This data is bought, sold, and repurposed time and again in countless fraud schemes. Breach data is a point in time, static indicator of what a user’s credentials were on a site. As time passes it becomes less and less accurate as users could have closed their account or changed their password. This leads to lots of false positives when relied on to detect compromised accounts. In fact, industry estimates suggest that business losses from false positives reach an astonishing $300–$400 billion each year. While breach data informs risk assessment systems during credential verification, it cannot stand alone as the ultimate arbiter of trustworthiness. It requires supplementary evidence to provide a holistic determination. Informative, yes, but rarely actionable by itself. By contrast, integrating live data, information that demonstrates not only past compromise but that a fraudster is actively and or successfully using the credentials, transforms risk assessment, essentially bridging the gap from suggestive to actionable. Live data is rooted in real evidence, tracking accounts actively exploited by bad actors, and remarkably, it delivers zero false positives in relation to “we know the bad actor is using your data”. The difference may seem nuanced, but this gap can make a big difference in how businesses respond to perceived risk. With over 12,000 data breaches reported last year alone, nearly everyone has faced exposure over the past decade, often more than once. If every breached account were classified by businesses as high risk, the result would be universal step-up authentication, an expensive, tedious, and frequently insulting process for customers. A smarter approach combines breach data with live actionable intelligence, painting a clearer, more precise picture of the risk tied to each account, be it customer, employee, or vendor. This enables organizations to make judicious decisions about who merits additional verification or deserves to be declined outright. That’s why at myNetWatchman, we built our credential screening service to collect and combine breach data with actionable live data from multiple sources. Prioritizing the use of live data can help bridge the gap between mere information and genuine security. How Can myNetWatchman Help? For more than a decade, myNetWatchman has been at the forefront of live data tracking, empowering organizations to anticipate and mitigate bad actor activity. With a dataset exceeding 38 billion credential pairs, growing by 15 million new entries daily, and available within seconds of detection, myNetWatchman offers unparalleled clarity into the risks associated with every user account.

Cybercrime is evolving faster than ever, and Business Email Compromise (BEC) stands out as one of the most insidious threats. Unlike flashy malware attacks, BEC is a subtle, social engineering scam where fraudsters impersonate trusted figures like CEOs, vendors, or partners to trick employees into wiring funds, sharing data, or authorizing bogus transactions. The result? Massive financial losses, data breaches, and shattered reputations. According to the FBI's Internet Crime Complaint Center (IC3), BEC scams racked up a staggering $2.9 billion in losses in 2023 alone, with an average hit of $137,000 per incident. Fast-forward to 2024, and BEC accounted for 73% of all reported cyber incidents, with losses soaring past $55 billion over the decade. What's more alarming? A 13% spike in attacks in early 2025, fueled by AI-generated emails that are now 40% of BEC phishing attempts—making them eerily polished and undetectable. In addition, nearly 40% of ransomware attacks begin with a compromised email. These attacks exploit poor habits like credential reuse across personal and work accounts. Real-world examples paint a grim picture. In 2023, Children's Healthcare of Atlanta lost $3.6 million to fake invoices from a spoofed CFO. The School District of Philadelphia saw $700,000 diverted in a vendor impersonation scheme in 2024. Even charities aren't safe: Treasure Island in San Francisco was fleeced of $625,000 in a month-long BEC ploy. These aren't isolated incidents—they highlight how BEC preys on trust and rushed decisions, turning everyday emails into financial nightmares. Don't let BEC blindside your organization. Dive into myNetWatchman's special report, "The Rising Threat of Business Email Compromise (BEC) Fraud" for in-depth insights, more case studies, and actionable strategies.

Cyber insurance is a critical tool for businesses to mitigate financial losses from cyberattacks. However, insurers' traditional approach of using questionnaires to assess cyber risk is inadequate in today’s rapidly evolving threat landscape. Unless insurance companies stop relying primarily on questionnaires for risk assessment, they will continue to experience increased financial losses due to cyber fraud and crime. Questionnaires have long been a staple for insurers to evaluate a company’s cybersecurity posture. They typically ask about basic security measures, such as whether a company uses firewalls, antivirus software, or Multi-Factor Authentication (MFA). However, these static, self-reported assessments fail to capture the dynamic and sophisticated nature of modern cyber identity threats. Avoiding real world catastrophes like 23&Me and Marks & Spencers requires insurers to update risk assessments protocols to meet the ever-evolving threat today’s criminals present. This new Special Report outlines what is needed to protect Cyber Insurance Carriers and reduce losses for both insurers and policy holders.