Article
Fraud Defense Turns One
How At-Bay’s award-winning email security solution keeps customers safe
Email fraud costs small and mid-sized businesses an average of $286,000 per incident1 — and financial fraud incidents are the most common type of claim we see. Since 2021, financial fraud frequency has jumped by 55%. Unfortunately, SMBs typically face these threats without the dedicated security teams and sophisticated fraud detection infrastructure of larger enterprises.
One year ago, At-Bay launched Stance™ Fraud Defense to change that equation. Available at no additional cost to At-Bay Cyber and Tech E&O policyholders2, Fraud Defense uses insights from real-world incidents to deliver AI-powered protection against threats that get through legacy email security solutions. Today, across At-Bay’s policyholder community, we’re protecting 138,000 inboxes. Nearly 5,000 fraudulent emails that got past existing legacy email security solutions were flagged by Fraud Defense over the last year, and 40% of accounts were protected against an active financial fraud attack.
The impact has been significant. In October 2025, Fraud Defense was named “Fraud Prevention Innovation of the Year” by CyberSecurity Breakthrough, a prestigious recognition among thousands of nominations around the world. “Financial fraud is surging, and email is driving the wave. At-Bay’s Fraud Defense solution is uniquely designed to identify and stop these extremely common and costly attacks,” said Steve Johansson, managing director, CyberSecurity Breakthrough. “The solution is a major innovation in both cybersecurity and cyber insurance, delivering stronger preventative protection and better coverage in the case of a financial fraud incident.”
The Anatomy of an Email Fraud Attack
At-Bay is an insurance company, but security has been a part of our DNA from day one. Because of this, we not only see real-world incidents that show up as claims, but our cyber research experts also analyze them to identify new patterns, trends, and tactics — and then we build solutions like Fraud Defense to protect our policyholders.
Email-based fraud attacks are growing increasingly sophisticated, with threat actors crafting convincing messages that bypass traditional security filters and exploit human trust. Here’s what that looks like:
How Fraud Defense Protects Businesses From Email Fraud
Fraud Defense monitors your email in real-time, analyzing every incoming message for signs of fraud. Here’s how the solution’s AI-powered detection capabilities identify and flag threats before employees fall victim — preventing significant financial losses and protecting business operations:
| What Fraud Defense Catches | Explanation | Example |
| Lookalike domain | Attackers register domains that closely resemble legitimate ones, changing just one or two characters to trick recipients. | Legitimate: finance@acme.com Fraudulent: finance@acme.co Fraudulent: finanoe@acme.com |
| Newly registered domain | Fraudsters create brand-new domains specifically for attacks. Legitimate businesses rarely change email domains. New domains sending invoices or payment requests are highly suspicious and flagged by Fraud Defense. | An email from payments@supplier-services.com arrives requesting updated wire instructions. The domain was registered 3 days ago – a red flag that this is likely a scam, not your long-time vendor. |
| Suspicious email structure | Fraudulent emails often have irregularities in formatting, headers, or metadata that differ from legitimate business communication, like missing security headers, unusual reply-to addresses, or mismatched sender information. | An email appears to come from your CEO, but the “reply-to” address is a personal Gmail account. Or the email has no standard corporate email signature, unusual formatting, or modified header information that doesn’t match your company’s email system. |
| Domain reputation score | Each domain has a reputation based on historical sending behavior, associations with fraud, and external threat intelligence. Emails from domains with poor reputations are flagged by Fraud Defense. | An invoice arrives from billing@vendor-solutions.net. The domain has been flagged in multiple fraud databases, has no legitimate web presence, and has been associated with previous phishing campaigns, giving it a low reputation score. |
| Suspicious behavioral patterns | Fraud Defense detects unusual email behaviors that deviate from normal business communication patterns, like urgent financial requests sent outside business hours, sudden changes to payment instructions, or atypical language for the supposed sender. | Your “CFO” sends an email at 2 AM requesting an immediate $300K wire transfer with the subject line “URGENT – DO NOT CALL ME.” This timing, urgency, and instruction not to verify by phone are all red flags that indicate fraud. |
The entire process happens in seconds, giving you the context needed to make informed decisions before clicking, responding, or taking any action. When a suspicious email is detected, a visual warning banner appears directly on the email showing why it was flagged, and your security contact receives detailed alerts via email and in the Stance dashboard.
Although these examples may seem straightforward, legacy email security solutions aren’t equipped to identify them. In fact, the average claims frequency of all At-Bay customers with email security solutions saw a relative increase of 53% year-over-year, with nearly every email security solution associated with higher email claims frequency.
Protection That Pays for Itself
When a single fraudulent wire transfer can cost your business hundreds of thousands of dollars, having the right protection in place isn’t optional — it’s essential. Fraud Defense stops these attacks before they reach your employees’ inboxes, providing a critical layer of defense that traditional email security solutions miss.
The solution works automatically in the background, requires no technical expertise to manage, and comes at no additional cost to At-Bay Cyber and Tech E&O policyholders.
If you’re a current policyholder, you can connect your email integrations to activate Fraud Defense today.
1. Source: At-Bay’s 2025 InsurSec Rankings Report
2. At-Bay Stance Fraud Defense is an email security solution for Microsoft 365 and Google Workspace customers. Access to Stance Fraud Defense is available to insureds with policies placed through At-Bay Insurance Services, LLC that include an Embedded Security Endorsement. It is at the sole discretion of the Named Insured to engage with any of the policy’s risk mitigating Embedded Security offerings. Eligibility, rules, and limitations will vary based on your risk profile and security requirements.
