Wire fraud doesn’t start at the bank. It starts in your inbox.

For law firms and real estate professionals, the most expensive security failure rarely looks like a hack. It looks like a normal email: wiring instructions, on letterhead, from an address everyone recognizes — sent by an attacker who has been quietly reading the mailbox for weeks.

How it actually happens

• A staff member reuses a password or approves a fake login page, and the attacker gains mailbox access.
• The attacker creates a forwarding rule so they see every message about an upcoming closing — without logging in again.
• Days before funds move, they send revised wire instructions from the real account, or from a lookalike domain one letter off.

The controls that stop it

• Phishing-resistant multi-factor authentication on every mailbox — no exceptions for partners.
• Email authentication (SPF, DKIM, DMARC) fully enforced, so your domain is hard to spoof.
• Regular audits of mailbox forwarding rules — the single most common compromise artifact.
• A money-movement procedure that verifies wire instructions by phone, on a known number, every time.

None of this requires an enterprise budget. It requires someone who owns it. That is the job of a CIO — fractional or otherwise.