Wire Transfer Fraud Email
Attack Trigger
Urgent internal wire request from a spoofed executive or finance contact
What Attackers Want
$10,000–$500,000+ per incident
How This Attack Works
Attackers impersonate a company executive, CFO, or trusted vendor and instruct an employee to initiate an immediate wire transfer to a new account. The request bypasses normal approval channels using urgency and authority. Once wired, funds are nearly impossible to recover.
Red Flags to Watch For
- ✗Wire request arrives by email alone with no phone confirmation
- ✗Sender email has a subtle domain variation from the real company
- ✗Request emphasizes secrecy — "do not discuss with colleagues"
- ✗New bank account or routing number not previously used
- ✗Urgency language: "must be completed today before the market closes"
- ✗Executive claimed to be unavailable by phone or in a meeting
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- wire-transfer-request.comMALICIOUS
- secure-wire-instructions.netMALICIOUS
- business-wire-update.comMALICIOUS
- finance-wire-confirm.netMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free