Fraud in Your Inbox: Email Is Still the Weakest Link

Financial fraud remains the leading driver of cyber insurance claims. 83% of cases are traced back to email-based attacks. While most of the common tactics used to deceive employees have remained the same, including wiring funds to fraudulent accounts, executive and vendor impersonation and business email compromise scams, generative AI-crafted emails are on the rise as a threat.

These findings reflect broad fraud trends. According to the FBI’s latest Internet Crime Report, losses from BEC scams alone topped $2.9 billion in the U.S. in 2023. Similarly, a recent LexisNexis Risk Solutions report highlights that financial services institutions globally experienced a 61% increase in fraud attempts involving synthetic identities and mule accounts.

Financial fraud continues to be the leading cause of cyber insurance claims, and email is the primary attack vector, especially for mid-sized businesses. The 2025 InsurSec Report by cyber insurer At-Bay reveals that financial fraud made up nearly a third of all cyber incidents among its insured clients in 2024.

Email was the starting point in 43% of all cyber insurance claims, but it was used in just 6% of ransomware attacks. In contrast, 83% of financial fraud cases began with a fraudulent email. This highlights that email security tools are competently blocking malware, but are more vulnerable to scam email.

In many cases, cybercriminals are focusing on fooling people through carefully crafted messages, as opposed to the more technical task of actually breaking into computers.

While employee security awareness training is important — especially for finance and HR teams — implementing multi-factor authentication across all accounts and using email authentication protocols such as DMARC, SPF, and DKIM is now being made mandatory by cyber insurance firms.

A study by Coalition’s Cyber Insurance Claims Report found that cyber insurers are now scrutinizing clients’ email security posture before underwriting policies, with some denying coverage if MFA and BEC simulation training are absent.

Across industry sectors, financial and insurance companies suffered the most significant average losses from financial fraud, at over $500,000 per incident.

These fraud trends underscore the vulnerability of multiple parts of an organization, as attackers increasingly exploit routine digital communication for high-stakes financial gain.

If you have questions about IT security and the current threat landscape, call ITPAC today.