IMHO, biggest issue is that attacks usually appear to be coming from 'not-so-cooperative' countries (eg, Russia, China). Even if the attack is not based there they can appear like it (eg, via proxy/VPN). That makes it difficult for US police to track down the criminals without involving Interpol or use some other means of cross-country police cooperation. And that usually means it has to be a really big fish to catch.
So best solution is still prevention and education.
So, is it effectively an unsolvable problem given the current situations with email and banking and so on?
As the other respondent indicated, you can lock down your domain but if the whaler registers yourbuslnessdomain.com, they'll catch someone. "Sorry, I've had some trouble with my email recently and IT haven't been able to get the authorised designation appearing, you know how they are! Anyway, I've been working on a contract with Penske for months as you probably heard and unfortunately their lawyers have accelerated the process to the first stage. I need you to organise the initial cash transfer..."
Susceptible to the same social engineering. "My PGP thingy isn't working right now. We could wait until IT have fixed that but I'm worried that we're going to run out of time."
I'm aware that Nigerian scammers supposedly fill emails with typos to eliminate clever marks, but if scammers could more accurately emulate emails/styles and write more convincingly in English, I think we'd see a lot more people scammed.
PGP prevents the user from overlooking the domain/email from where the message came. Educating users and introducing policies (mandatory PGP, etc) minimizes the possibility of someone performing these kind of social engineering tricks. After all, people are always the weakest link, and you cant fix people :)
So best solution is still prevention and education.