Did you know that 1 of every 3 transactions is targeted for wire fraud? Here is a real example of a successful wire fraud attempt.
A few weeks ago I spoke with the CEO of a Colorado-based title company. The company is not a Red Fence client but he shared his company's most recent wire fraud attempt with me.
It all started when the closing agent received an email from the seller asking for a copy of her payoff statement. The seller noticed a few mistakes and told the agent that her lender would provide the correct information. The lender sent the agent the correct information for the payoff statement and the money was wired...to the attacker.
This is an example of an impersonation attack. When the seller requested a copy of the payoff statement, it was the attacker who made the request. They impersonated the seller by removing one letter from the seller's real domain and leaving the rest of the email address the same. The email from the "lender" was also also sent by the attacker using the same domain spoofing tactic.
As humans, we use heuristics in order to be efficient in daily life. If a stop sign looks like a stop sign, we don't actually read the word "STOP". We rely on general patterns (heuristics) to make decisions. If we inspected everything as if it was our first time seeing it, we would be far less efficient. We're wired to rely on heuristics but that's what makes us susceptible to domain spoofing. We're not looking closely because it's not efficient to. One of the ways we're securing title companies is adding security to the inbox that automatically detects when a domain has been changed. The software idenfies the domain with email history as the legitimate domain and diverts any emails with look-a-like domains.
Getting spoofed doesn't make us dumb, it makes us human. Humans are smart. After all, it's humans who developed the software to spot look-a-like domains for us. We think that's pretty smart.