Real Estate Closing Wire Fraud
Attack Trigger
Intercepts legitimate real estate email chains to substitute fraudulent wire instructions
What Attackers Want
$50,000–$500,000+ (full real estate down payment or closing costs)
How This Attack Works
Attackers compromise the email of a real estate attorney, title company, or realtor and monitor closing conversations. Days before closing, they send updated wire transfer instructions that route funds to a criminal account. Victims wire their entire down payment to fraudsters.
Red Flags to Watch For
- ✗Wire instructions arrive by email alone without a phone confirmation call
- ✗Account number or routing number changed from prior instructions
- ✗Email sender address has a subtle spelling difference from the real company
- ✗Urgency to wire immediately before the closing window closes
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- escrow-wire-instructions.comMALICIOUS
- title-company-closing.netMALICIOUS
- real-estate-wire-update.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free