Audit Your Escrow Office's Public Footprint Before Someone Uses It Against You

Someone pulls "Pacific Road Escrow" off a purchase agreement and spends twenty minutes online: your officer's name and title from LinkedIn, her signature block from a stale page on your website, your phone format from Yelp.

Seven public identity surfaces surround an escrow office, with one shadow duplicate marked for review.

Someone pulls "Pacific Road Escrow" off a purchase agreement and spends twenty minutes online: your officer's name and title from LinkedIn, her signature block from a stale page on your website, your phone format from Yelp. Then a buyer gets a "revised wire instruction" that looks like it came from your desk.

Nobody breached you. They impersonated you. Wire fraud against escrow rarely starts with a hack, it starts with research, and the research runs on what your office already published.

None of that is carelessness. An escrow office is public on purpose. Clients have to find you, and the listings are how they do. The exposure is the cost of being findable. But when the money is gone, the first question anyone asks is what the office knew about its own public footprint, and what it did about it.

This is the audit: every listing, domain, profile, and phone number that could be used to impersonate or confuse your office, plus the record that proves you checked.

Who this guide is for

Independent California escrow companies, especially small offices where the owner is also the manager, the website was built years ago, and nobody formally owns the Google listing. If you've ever spotted an old suite number on a map result or a former employee still listed as staff somewhere, this is for you.

What this guide helps you do

  • Inventory every public listing, profile, domain, and number tied to your office.
  • Find the specific details a fraudster would use to impersonate your officers.
  • Fix what you control; document what you don't.
  • Turn it into a quarterly habit with a record showing it happened.
  • Give clients one verified channel, so a fake one stands out.

1. Google Business Profile: the listing strangers trust most

Consumers treat the Google panel as authoritative. Unclaimed profiles can be claimed by strangers, and Google lets any user suggest edits to a profile the office does own, so a claimed listing still needs its phone, address, URL, and manager list reviewed on a schedule. Think about what rides on that panel: the careful buyer who calls "your number" to verify instructions is trusting whatever number the listing shows.

Check: the profile is claimed under an office-controlled account, not an ex-employee's personal Gmail. Phone, address, hours, and URL are exact. Review the edit history and the manager list.

Record: a dated screenshot, the access list, any corrections made.

Don't assume "we never set one up" means one doesn't exist. Google generates listings automatically. If you didn't claim yours, someone else can.

2. Your domain and its lookalikes

Your domain anchors your email identity. If Pacific Road Escrow lives at pacificroadescrow.com, the lookalikes are pacific-road-escrow.com, pacificroadescrow.net, and paciflcroadescrow.com with a swapped letter. They cost a few dollars, and they're the standard tool for business email compromise against escrow.

Check: who owns the registrar account (the office, not the webmaster from 2016), the expiration date, auto-renew, and two-factor on the registrar login. Then run a search for obvious variants of your domain. You can't buy them all; you can know which exist and whether any resolve to a live site.

Record: registrar, expiry, account owner, and the date and results of your lookalike search.

Don't assume silence is safety. Lookalikes get registered and parked quietly until a large file is in flight.

3. Email authentication: SPF, DKIM, DMARC

Three DNS records decide whether other mail systems can tell your real mail from mail forged on your exact domain, not a lookalike, pacificroadescrow.com itself. Without a DMARC policy, that forged mail can land in a buyer's inbox looking legitimate. Most small offices have never looked.

Check: paste your domain into a free online DMARC checker, it takes a minute and requires no IT skills. If the policy is missing or set to "none," ask your email host to move it to quarantine, then reject, after a monitoring period.

Record: the date checked, the current policy, and who confirmed it. If your provider says "it's handled," get that in writing and file it.

Don't assume your host set this up by default. Many don't.

4. Yelp, Facebook, and LinkedIn

Social profiles leak the impersonation kit: names, titles, tenure, headshots, writing style, and sometimes transaction chatter ("Congrats on closing 123 Main St!"). A fraudster emails a seller "from" your officer using her real name and title, sourced entirely from LinkedIn. A duplicate Facebook page with your logo fields inquiries from real clients.

Check: search each platform for your office name and close variants. Confirm which pages are yours and who admins them. Hunt for duplicates. Look at what staff post about closings.

Record: the official pages and their admins; duplicates found and reported; the review date.

Don't assume staff personal profiles are out of scope. You can't control an officer's LinkedIn, but if it shows her direct line and email, that's part of your surface, brief the team on what makes impersonation easier.

5. Phone numbers: the callback chain of trust

Your whole verification model, "call the known number", depends on the public record of your number being correct and controlled. Old numbers outlive carriers, get recycled, and get reassigned. A stale directory number can route the verification call somewhere you've never heard of.

Check: list every number the office has ever published, main line, direct lines, fax, cell numbers on business cards. Confirm each rings to your office or is formally retired. Confirm port-out protection with your carrier so numbers can't be hijacked.

Record: the canonical number list, where each is published, port-out status, verification date.

6. Staff names and signature blocks

Impersonation gets easier two ways: when the fake matches reality, and when your real signatures are so inconsistent that a forgery can't stand out. A former officer still on your website is a name someone can borrow on live files.

Check: reconcile every public staff mention, website, LinkedIn company page, association directories, against the current roster. Standardize one signature template: same format, same disclosure, same verified number.

Record: the reconciliation date, removals requested, and the template version.

The standardization is really for you: once every signature looks the same, a nonstandard one becomes its own red flag.

7. Old addresses and dead listings

Offices move; listings don't. Data aggregators copy each other, so one stale address propagates across dozens of directories. Worse, a party can "verify" a fraudster's letterhead against a stale listing the fraudster used as a source.

Check: search your office name with your old addresses. Fix the high-traffic listings first, Google, Apple Maps, Yelp, Bing, BBB.

Record: what you found, corrections requested, follow-up dates.

Don't assume one fix ends it. Aggregators re-sync from each other. Recheck quarterly.

Seven public identity surfaces surround an escrow office, with one shadow duplicate marked for review.

Audit checklist table

#ItemVerifyOwnerFrequency
1Google Business ProfileClaimed by office; details exact; access reviewedOwner/managerQuarterly
2Website domainRegistrar owner, expiry, auto-renew, 2FAOwnerAnnually + alert
3Lookalike domainsVariant search run; live ones listedOwnerQuarterly
4SPF/DKIM/DMARCRecords present; DMARC at quarantine/rejectIT or hostSemi-annually
5Social profilesOfficial pages confirmed; duplicates reportedManagerQuarterly
6Phone numbersAll published numbers ring or retired; port lock onOwnerSemi-annually
7Staff & signaturesRoster reconciled; one template in useManagerOn staff change
8Old addressesStale listings found; corrections requestedManagerQuarterly

Risk / what to check / what to record

RiskWhat to checkWhat to record
Hijacked or edited Google listingAccess list, edit history, phone accuracyDated screenshot; access roster; correction note
Lookalike domain in useVariant search; live resolutionSearch date, variants found, action taken
Exact-domain spoofingDMARC policy statusHost's written confirmation, date
Officer impersonationPublic staff info vs. roster; signature consistencyReconciliation note; template version
Callback interceptionPublished numbers vs. controlled numbersCanonical list, verification date
Stale address confusionDirectory search on old addressesListings found, corrections, follow-ups

Template: quarterly footprint review memo

Public Footprint Review, [Office Name] Date: ____ Reviewed by: ____ Reviewed: GBP / domain / DMARC / social / phones / staff / addresses (circle) Discrepancies found: ____ Corrections made or requested: ____ Open items retained for next review: ____ Owner/manager sign-off: ____ Date: ____

Template: client channel notice (opening package)

"Our office will never change wire instructions by email. Our verified phone number is [number] and our only email domain is [@domain.com]. If you receive anything inconsistent with this, call us at the number above before acting."

Common mistakes

  • Treating this as an IT project. Most of it is listings, not technology; the owner can do it in an afternoon.
  • Leaving the registrar or Google account in a former employee's or webmaster's name.
  • Fixing the listings but never briefing staff, so the next hire publishes a direct line and personal email on a fresh profile.
  • Doing the audit once, saving nothing, and having no proof it happened.
  • Buying three defensive domains and calling it done while DMARC sits unset.

What to save in the file

Keep a standing "office footprint" file: the quarterly memo, dated screenshots of the Google profile and website contact page, the canonical phone list, registrar and DMARC confirmations, lookalike search results, roster reconciliation notes, and each period's client channel notice. If an impersonation incident ever touches a transaction, this file is your evidence of a controlled, verified public identity, and it shortens every conversation with a bank, carrier, or examiner.

When to escalate

Owner immediately on any live lookalike domain, hijacked listing, or duplicate page. Email host or IT for any spoofing or DMARC question. If a fake channel was used on an actual file, a party received instructions you didn't send, treat it as an incident: owner, your bank, carrier notice per your policy terms, and counsel before you communicate conclusions to parties. Report fakes through each platform, and consider an IC3 report if a party was targeted. This is operational guidance, not legal advice.

How Veto fits

The audit only counts if it leaves a record. Offices using Veto file the quarterly footprint review the same way they file a wire review: what changed, what was checked and against which source, what stayed open, who reviewed, what the office did. When a party later says "I got an email from your office," the record of your real channels, and the review behind it, is part of the answer.

The fake channel costs a few dollars. The record of your real ones costs an afternoon a quarter.

Printable checklist

PUBLIC FOOTPRINT AUDIT, [OFFICE NAME]   Date: ____  By: ____

[ ] Google Business Profile claimed under office account
[ ] GBP phone, address, hours, URL verified exactly
[ ] GBP access list reviewed; ex-employees removed
[ ] Registrar account owner = office; 2FA on
[ ] Domain expiry noted: ____  Auto-renew: Y / N
[ ] Lookalike search run; live variants listed
[ ] SPF / DKIM / DMARC checked; policy: ____
[ ] Yelp, Facebook, LinkedIn official pages verified
[ ] Duplicate/fake pages searched; reports filed
[ ] Every published number rings or is retired
[ ] Carrier port-out protection confirmed
[ ] Website staff page matches current roster
[ ] Signature template current; staff using it
[ ] Old-address listings searched; corrections requested
[ ] Client channel notice current in opening packages
[ ] Review memo saved to footprint file
[ ] Owner sign-off: ________  Next review: ____

One page in the file before money moves.

Your office decides. Veto records what was reviewed, what stayed open, and who reviewed it.