Notifications
Clear all
Topic starter
27/06/2026 1:10 pm
TL;DR: Cryptocurrency fraud campaigns are bypassing traditional email defenses by impersonating trusted platforms, abusing CAPTCHAs, and exploiting familiar workflows to drain wallets and divert payments, according to Abnormal AI. The security gap is not just detection weakness, but the way authentication and trust signals can still validate a message that is operationally malicious.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams handle phishing emails that pass authentication checks?
A: They should treat authentication as a delivery signal, not a trust decision.
Q: Why do crypto fraud campaigns remain effective against legacy email security?
A: Because legacy tools often look for known malware, known bad domains, or obvious spoofing.
Practitioner guidance
- Correlate email trust with user-action risk Score messages by sender reputation, destination reputation, request type, and the downstream action they try to trigger, especially wallet approvals and package-install workflows.
- Instrument the full click-to-action path Track what happens after the click, including CAPTCHA prompts, redirect chains, login screens, and any request to approve a transaction or rotate credentials.
- Separate delivery confidence from action confidence Treat authenticated delivery as one signal and approved business action as another, so a valid-looking email cannot automatically authorise a payment or access change.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Real-world campaign walkthroughs showing how impersonation, CAPTCHAs, and urgency combine in crypto fraud.
- Behavioural AI detection examples that show what changed in the message flow before the attack succeeded.
- The full webinar's explanation of why traditional email defenses miss attacks that contain no obvious malware.
- Practitioner-facing guidance on how the vendor's analysts distinguish benign crypto communications from fraud-led impersonation.
👉 Watch Abnormal AI's webinar on cryptocurrency fraud and email defense gaps →
Crypto fraud and email auth gaps: what IAM teams need to see?
Explore further
27/06/2026 2:23 pm
Crypto fraud exposes an authentication trust gap, not just a detection gap. The article shows that messages can pass checks and still be malicious because the control model validates sender properties more reliably than user intent. That is a governance failure for identity programmes that equate verified delivery with trusted action. Practitioners should treat message legitimacy and transaction legitimacy as separate problems.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- The same research found that organisations maintain an average of 6 distinct secrets manager instances, which fragments control and weakens centralised governance.
A question worth separating out:
Q: How can teams reduce the risk of wallet compromise from phishing-led fraud?
A: They should require stronger verification at the point of action, not just at the point of delivery. That means adding behavioural detection, step-up review for high-risk approvals, and controls that inspect the user journey before a wallet transfer or access grant is completed.
👉 Read our full editorial: Cryptocurrency fraud is exposing email authentication blind spots
