Stop Wire-Fraud Lookalike Domains Targeting Title and Escrow Companies
In real-estate closings, a single spoofed domain can cost a buyer their entire down payment and expose your firm to liability. Attackers register a lookalike of your title company or the closing attorney, then email fraudulent wire instructions. VigilDNS finds that domain before it is used, starting at $79 a month, self-serve.
The threat aimed at title and escrow firms
Business email compromise is the most damaging category of cyber loss, and real-estate closings are one of its richest targets. The FBI's Internet Crime Complaint Center reported roughly $2.8 billion in BEC losses in 2024, and nearly $8.5 billion across 2022 through 2024, with real-estate wire fraud a significant share. The mechanics are specific to your industry: an attacker registers a domain that imitates your title company, your escrow team, or the closing attorney, sometimes swapping a single character, more often adding a word like "escrow," "closing," or "title." They then email the buyer fraudulent wire instructions days before closing. The buyer wires their down payment to the criminal, and by the time anyone notices, the funds are gone.
Because so many of these attacks use brand-plus-keyword names rather than obvious typos, monitoring built only on misspellings misses them. VigilDNS leads with combosquatting and live page and email detection. Learn more about combosquatting and what to do when someone registers a lookalike of your domain.
The cheaper purchase that comes first
An entire vendor category, including wire-verification services like CertifID, exists to confirm wiring details at the moment of transfer. That layer is valuable, but it acts at the point of payment. Lookalike-domain monitoring sits upstream and cheaper: it catches the impersonating domain when it is registered or when it requests a certificate, often before a single fraudulent email is sent. Buying the upstream signal first means you can warn clients, alert staff, and start a takedown while the domain is still dormant.
What VigilDNS watches for you
- Combosquatting and keyword lookalikes: brand-plus-keyword domains like yourtitle-escrow.com or closing-yourtitle.com, the names attackers actually use, plus homoglyphs and 11 permutation techniques.
- Mail-capable (MX) lookalikes: domains configured to send email, the exact infrastructure used to send fraudulent wire instructions. This is the highest-priority signal for your industry.
- Page screenshots with side-by-side clone detection: when a lookalike also stands up a copy of your site, we capture and flag it.
- Live Certificate Transparency monitoring: we catch a lookalike at certificate issuance, frequently before the fraud email goes out.
- AI threat verdicts: intent, confidence, and a written rationale, with risk scoring and dormant-threat detection so a registered-but-quiet domain is not ignored.
- Campaign clustering, RDAP ownership data, real-time alerts, team workspaces, and CSV export for your evidence file.
What we do not do
VigilDNS is detection and evidence, not managed takedowns. We assemble the package, screenshots, certificate records, RDAP ownership data, and our verdict, so you or your counsel can file abuse reports with the registrar and host. See how domain takedowns work. We do not monitor social media, the dark web, or counterfeit marketplaces, and we do not verify individual wire transactions at the point of payment. We catch the impersonating domain early so your other controls have time to work.
Published pricing, no sales call
Enterprise brand-protection platforms are quote-only and run into five figures a year, out of reach for most title and escrow firms. Free typo tools list names but give you no email detection, no scoring, and no evidence. VigilDNS fills the gap with transparent pricing: Starter at $79 a month (5 domains, 3 seats, 24-hour scans), Team at $199 (20 domains, 10 seats, 12-hour scans), and Business at $899 (100 domains, 25 seats). Annual billing includes two months free. Given that one prevented wire-fraud loss dwarfs a year of monitoring, the math is straightforward. Sign up online and start today.
| Layer | When it acts | Catches the lookalike domain early | Pricing |
|---|---|---|---|
| Wire-verification services | At payment | No | Per-transaction or subscription |
| Free typo checker | One-time lookup | Typos only, no email signal | Free |
| VigilDNS | At registration or certificate | Yes, including MX-capable names | From $79/mo, self-serve |
Frequently asked questions
How does VigilDNS help prevent closing wire fraud specifically?
It surfaces lookalike domains of your firm and closing partners early, especially mail-capable ones built to send fraudulent wire instructions. Knowing the domain exists lets you warn clients and staff and begin a takedown before money moves.
We already use a wire-verification tool. Do we still need this?
They are complementary. Wire verification acts at the moment of payment, VigilDNS acts upstream when the impersonating domain is registered. Catching the domain early gives every downstream control more time and reduces the chance a fraudulent email ever reaches your client.
Will you catch domains that imitate the closing attorney, not just our firm?
Yes. You can monitor multiple domains, including partner firms and closing attorneys you work with regularly, up to your plan's domain count.
Can you take down the fraudulent domain for us?
We do not file managed takedowns, but we give you a complete evidence package, screenshots, certificate and RDAP records, and our verdict, so you or your counsel can submit abuse reports quickly.
Run your firm's name through the free typosquat checker now, then see plans on the pricing page. You may also want community bank brand protection if you handle bank-side closings.