The 3rd step above would have protected me but I'm not sure everyone would be so cautious as that.
In my case, the attacker had control of my solicitor's email.
A few days before he sent me a letter instructing me to deposit money to the correct account, the attacker sent an email from the solicitors email server (Dkim verified by Gmail), with a different account.
This was in the context of a thread about the conveyancing on a house purchase so I was expecting to have to transfer money somewhere.
I admit my own failure in the process but I think there's room for improvement in the whole process of buying a house too (like why don't solicitors get buyers to enter the correct account info proactively at the beginning of the process)
In my case, the attacker had control of my solicitor's email.
A few days before he sent me a letter instructing me to deposit money to the correct account, the attacker sent an email from the solicitors email server (Dkim verified by Gmail), with a different account.
This was in the context of a thread about the conveyancing on a house purchase so I was expecting to have to transfer money somewhere.
I admit my own failure in the process but I think there's room for improvement in the whole process of buying a house too (like why don't solicitors get buyers to enter the correct account info proactively at the beginning of the process)