Business email compromise on a closing
An attacker monitors a compromised inbox and emails the buyer or escrow updated wire instructions, diverting the down payment or disbursement — often unrecoverable once sent.
MFA on all email, email authentication (SPF/DKIM/DMARC), monitoring for malicious inbox rules, and a mandatory phone-verify-before-wire policy for every party.