Impersonation Is Assembled From Public Parts. Your Website Supplies Most of Them.
Staff pages, listings, Google Business Profiles, and email signatures give fraud operations their raw material. How an escrow office should think about — and document around — its public footprint.

In one hour, without touching a single system, a stranger can hold this about your office.
Your team page: officer names, titles, direct emails, headshots. Your Google Business Profile: hours, phone, reviews naming your best officer. The listing agent's feed: "Just closed on Maple St. — thanks to the amazing team at ____!" with dates. County records: the parties. An old domain your office let lapse, or a look-alike nobody registered. And from any one email your office ever sent that got forwarded: your exact signature block, disclaimer, fonts, and the way your officers sign off.
That is not a data breach. That is Tuesday, and it is all free.
The first move in an escrow fraud is usually not an email to your office. It is a browser tab about your office.
Why escrow should care
Escrow impersonation runs in both directions, and the public footprint feeds both.
Inbound, researched detail lets a caller pass as your seller, your lender, your agent. Outbound — the direction that ends offices — your own materials let someone pass as you to a buyer holding closing funds. The buyer who wires to a spoofed version of your office will name the real one in the lawsuit.
Either direction, the post-incident questions land on the same desk: how did they know all that, and what did the office rely on when it acted? "They knew the details" does not survive a deposition. "We corroborated through the number on file from opening, noted here" does.
Personas are assembled, not invented

The reporting behind this series keeps returning to one production detail: fraud operations build identities from found material.
Carlos Barragán's *The Yahoo Boys* documents young men in Lagos building fake avatars — personas that sustain months-long relationships — out of borrowed photos and rehearsed biography. The Economist's Scam Inc shows the same craft at industrial scale, with scripts refined across thousands of contacts. The persona is not a work of imagination. It is collage.
Map that craft onto a transaction. To impersonate a party to your file, an operation does not need access to your file. It needs enough public fragments to pass a familiarity check: the officer's name spelled right, the property address, the agent's phrasing, a signature block that matches, a reply-to domain one character off. Each fragment is harmless on its own. Together they produce the thing that defeats front-desk skepticism — recognition. "It's clearly them; they knew everything about the deal."
They knew everything public about the deal.
That is a different sentence.
Familiarity is research, not identity
A fair word first: recognition is not a rookie mistake. It is how humans have authenticated each other for the whole history of the telephone, and it worked because doing the reading used to cost something.
It no longer does. A caller with the file number, the closing date, and your processor's first name has demonstrated one thing — effort. When the reading is free and the assembly is scripted, familiarity has to be demoted from confirmation to unconfirmed input. The same demotion we gave the sound of a voice in the callback piece applies to the content of the conversation.
The corollary is where identity actually gets established: through channels that predate the contact. The number in the opening package. The email confirmed at signing. The in-person or notarized touchpoint. And the file should say which channel was used. Our guide on vetting a new real estate agent applies the same logic to the front end of a relationship: what you relied on matters most when it is written down.
The footprint audit is worth an afternoon
None of this argues for hiding. Your web presence wins you business, and an office with no footprint cedes the search results to look-alikes.
It argues for knowing your footprint the way the other side does. Search your office name and each officer's name. Check who owns domains adjacent to yours. Read your Google profile and reviews as a stranger would. Skim what agents post about your transactions. And read your own outbound signature block as forgery material, because that is how it is read elsewhere.
Then make the footprint work for you. Many offices publish a short wire policy statement — "we will never change wire instructions by email; call us at the number on our website before sending funds" — turning the public surface into an inoculation instead of a source kit.
What should be written down before money moves
Before the money moves, the file should answer five questions:
- What changed.
- What was checked, and against which source.
- What stayed open.
- Who reviewed.
- What the office did.
For this risk, the "against which source" line does the heavy lifting. Whenever a contact directs or changes the movement of funds, the file records the channel it arrived through, and how identity was corroborated beyond publicly knowable detail — which source row was used, who was reached, what non-public fact anchored the confirmation. Any reliance on familiarity alone gets flagged as exactly that, retained as an open item until closed by an independent check. Then reviewer, time, and the office's decision.
One standing record helps too: a dated footprint review, once a year — what is publicly visible about the office, adjacent domains checked, the published wire policy statement, and what changed since last year.
The phrase worth banning from file notes is "clearly the seller." Clear to whom, established how — that is the record.
Operator takeaway
Assume the first hour of any fraud against your office already happened, in a browser, and that it worked: the eventual contact will sound informed and familiar. So move the goalposts. Familiarity earns nothing; identity comes through channels older than the contact, and the file says which one.
Let them have the website.
The file is the part they can't Google.
— Sebastian Heyneman
Sources
- 'The Yahoo Boys' investigates Nigeria's network of cyber crime 'sweetheart scams' (NPR's Book of the Day, June 17, 2026)
- Scam Inc from The Economist (Apple Podcasts)
- Related on this blog: 7 Ways to Vet a New Real Estate Agent Before You Commit
Boundaries: Barragán's reporting and Scam Inc describe persona-building in consumer scams; neither documents an escrow impersonation. The mapping onto staff pages, listings, and signature blocks is ours, drawn from how these offices are publicly visible — not from a breach study or dataset.
See a sample Review Record.
One page showing what changed, what was checked, what stayed open, and who reviewed it.