skip to Main Content

Clear To Close

The Complete Guide to Understanding and Preventing Real Estate Wire Fraud


Free Guide: Learn how to improve security and lower your risk.

Download eBook

Wire fraud is an epidemic in nearly every U.S. industry.

According to information recently obtained from the FBI, from June 2016 through December 2018, roughly $90 billion in attempted wire fraud was reported through the FBI’s IC3 division.

Because of this, it is crucial that companies are aware of how these scams work, and—most importantly—what you can do to protect your business and your customers from these types of fraud.

While wire fraud affects nearly every business, this article will focus on its impact on the real estate sector. We’ll cover:

  1. 01How Real Estate Wire Fraud Happens
  2. 02Parties Affected By Real Estate Wire Fraud
  3. 03Why Real Estate Wire Fraud Happens
  4. 04Fraud Strategies To Look Out For
  5. 05How To Prevent Wire Fraud
  6. 06How to Recover From Wire Fraud
Clear To Close
Download PDF


How Real Estate Wire
Fraud Happens

If you work in the real estate industry, it’s essential that you know how wire fraud occurs. While no two real estate scams are the same, cybercriminals tend to follow a typical playbook that includes the following steps:

  1. 01Fraudsters find publicly available information of anyone involved in the transaction via social media, company websites, and online resources. This could target buyers, sellers, real estate agents, lenders, settlement providers, attorneys, or any other party to a transaction.
  2. 02Known transaction participants are targeted with phishing scams designed to gather email account details. Once the fraudster gains access to one email account, all other parties to the deal are exposed and may be individually targeted or spoofed by the fraudster.
  3. 03Armed with account access, fraudsters wait patiently and obtain intimate details about a transaction and the participants involved; particularly when someone is expected to transfer funds electronically.
  4. 04The fraud begins once the fraudster identifies that funds are to be electronically transferred for a closing (e.g. via Wire or ACH). Using a compromised or spoofed email address, the scammer will send emails containing fake wiring instructions to the victim. This is typically a buyer wiring cash to close to the title company. Or it could be the title company wiring funds to a broker, seller and/or current mortgage holder in connection with the disbursement process.
  5. 05Once the money lands in the fraudsters account, it is quickly wired to other bank accounts or withdrawn in cash, through an elaborate network of money mules that await instructions in real-time.


Parties Affected By Real
Estate Wire Fraud

While wire fraud directly affects the party sending funds to the fraudulent account, all other transaction participants stand to lose too. Here is a look at how some of the parties may be affected. For more detail on this, check out the full blog post here.


Buyers continue to be the most vulnerable to real estate wire fraud as they are largely unaware that they may be personally targeted by cybercriminals. The purchase of a home is typically the largest financial decision the average U.S. consumer makes in their lifetime. For that reason, most people go through the process just a few times in their life. Inexperience with the process makes them susceptible to being tricked.


Baby boomers make up a significant portion of sellers. Their lack of sophistication with technology leads to mistakes that could provide fraudsters access to critical transaction details.

If a transaction is compromised, sellers are directly affected when closing funds are diverted to a cybercriminal. If a transaction participant is unable to recover stolen funds quickly, the sale may fail and the seller will have to go through the whole selling process again.

Title and Escrow Companies

Real estate professionals working

As title and Escrow companies themselves often wire money, they are vulnerable to wire fraud attempts. Once a buyer has transferred money for a closing, fraudsters will attempt to insert themselves into the stream of communication with the goal of diverting wires during the disbursement process.

This can lead unsuspecting and ill-prepared title and escrow companies to send money to a fraudulent account. In such cases, not only does the buyer lose their funds, but the title or escrow company may be held liable for the loss. This has forced many companies to close their doors because they cannot make up the shortfall in their escrow account caused by the fraudster.

Real Estate Agents and Brokers

In the event that wire fraud occurs, real estate agents stand to lose a whole lot more than their commission check.

Both their reputation and business are on the line, and if a lawsuit is filed after a loss occurs, they may be held responsible if their email account was compromised and that led to the loss.

Juries have found real estate agents and their brokers personally liable for such losses with judgments in the hundreds of thousands of dollars. This, coupled with a changing landscape from E&O insurance carriers that limit coverage for cyber fraud and wire transfer losses, may put the economic burden squarely on the shoulders of the individuals and companies representing consumers.

Law Firms

Cyber scammers know that law firms receive and send funds through their escrow accounts for real estate transactions. Scams that divert incoming wires from buyers and redirect disbursement wires after closing are proving successful against law firms and the individual attorneys representing clients in a real estate transaction.


Why Real Estate Wire
Fraud Happens

There are three main attributes that make real estate transactions a prime target for wire fraud:

Median home listing price is ~$280,000

Average of eight parties in every transaction

All the information to start a fraud can be found online

These unique attributes make it attractive and easy for fraudsters to compromise an individual in a transaction. It’s time to firm up processes and communications to lower the chances for successful frauds. Let’s take a look at why these attributes make fraud so appealing. For more details, check out the full blog post here.

Large Wire Transfers Happening Frequently

A briefcase full of 100 dollar bills

Fraudsters target real estate transactions because they are incredibly lucrative.

Those running scams only need to be successful once or twice to earn significant amounts of money.

Additionally, many real estate transactions take place every day. The real estate industry hit $33.3 trillion in 2018, a new record as prices continue to increase across all inventory segments. With millions of transactions taking place each year, a hacker—unsuccessful in one attempt—can simply move onto the next one.

Multiple Parties Communicating Electronically

There is an average of eight parties involved in any U.S.-based real estate transaction. While their obligations may differ based on whether they are representing the seller or buyer in a transaction, there is one commonality among them all – they exchange communications and sensitive transaction information electronically. 

Many times these parties have never met in person and rely solely on the information exchanged over phone calls and emails. Making matters worse, real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement. Newly introduced parties, short time frames, and the stress of trying to close a home make everyone involved more susceptible to getting tricked or making a mistake.

Tight Timeframes

Real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement.

Knowing that closings must take place by a certain date, fraudsters apply pressure at critical points in the transaction. This can lead to someone being tricked and defrauded out of funds.

It only takes one party in a transaction to make a mistake and everyone is exposed.

It could be the real estate agent that unknowingly allows a fraudster to obtain login and passwords for their email account and enables them to begin acting as if they were the account holder. Or the eager-to-please title agent who makes an exception to company policy in order to keep the real estate agent or lender satisfied. It may be that—in the days leading up to closing—the fraudster tells the buyer or seller that the deal may collapse if a specific action is not taken immediately.

Inexperienced Buyers

The purchase of a home is typically the largest financial decision the average US consumer makes in their lifetime. It accounts for the biggest financial obligation and asset they will manage and own.

For that reason, most people go through the process just a few times in their life. On the other hand, fraudsters know precisely what they are doing. They know the parties involved, what documents are exchanged, and the timing of every transaction. By inserting themselves at the right time with convincing information, they are able to defraud their victims with a high degree of success.

There’s little an uninformed and ill-prepared buyer can do to protect themselves. After all, the hacker has vast amounts of experience and knows how to spot and exploit an inexperienced buyer. All they’ve got to do is trick them into making a tiny mistake, which isn’t a difficult task for a pro.

Insufficient Authentication Processes Between Parties

The large number of successful fraud attempts suggest that the process the real estate industry uses to authenticate wire transfers is flawed.

If real estate professionals verify details using email, it is easy for hackers—having taken over an email account—to insert false wiring instructions into a transaction.

Everything a Fraudster Needs Can Be Found Online

Most people in the real estate industry have no idea how easy it is for fraudsters to find sensitive information online. Sources fraudsters use include simple Google searches, social media profiles, MLS listings, and services like Spokeo that provide personal details about an owner of a property. In addition, they are able to identify the title or escrow company used to close the transaction by profiling the prior sales of a real estate agent. Using public notaries, fraudsters review the recorded deeds to determine whether the same notary public closer was used and identify where the transaction is likely to close.  

Once they have this information, they can use it perform spear phishing scams and create spoofed websites and email accounts.


Fraud Strategies To
Look Out For

Wire fraud usually ends in the same way: a fraudster sends fake wiring details to someone involved in a real estate transaction for the purpose of diverting the wire funds transfer to a fraudulent account.

However, fraudsters use different methods to get to the stage where they can attempt to give the buyer false wiring instructions. In this section, we’ll look at some of the techniques most often used to start a fraud. For more details on how these scams work, check out the full blog post.

Email Phishing

Phishing is when criminals send an email to a fraud target—or pool of targets—designed to get the recipient to enter account credentials or personal information about themselves.

When running a phishing scam, hackers send out an email that claims to be from a trusted organization; such as a bank, email provider, electronic document platform, or other reliable company.

The email will often look real. Attackers usually send the phishing email from a disguised email address and include the logos and taglines of the company they are spoofing.

The hacker also provides a convincing reason for needing the information. They will then specify the information required, before highlighting a negative consequence for not sending it.

How Scammers Steal Account Details

There are many techniques fraudsters use to steal details.

Most often, scammers claim to be from a trusted company. In the email, the hacker will explain that there is a problem with your account and direct you to a malicious link where you can solve the problem.

The link will appear to be for a website you trust—such as your email provider. However, the website will be a clone designed to steal your login details. The example below looks realistic, but take a look at the URL.

Spoofed website URL Amazon

Image Courtesy:

On these clone sites, hackers include a box that looks like a regular login form. When you enter your details, the website records them and sends them to the criminals.

Another technique scammers use is to convince the victim to download key-tracking malware onto their computer. This malware tracks what is typed on the computer, including any passwords and usernames entered. All the data is sent to the hackers who search the records for login credentials.

Spear Phishing

Spear phishing is a targeted attack on a specific individual.

The fraudsters send out an email from a cloned email account that’s nearly identical to that of a trusted party. They’ll likely use the same name, email, job title and signature of the trusted source. In real estate, fraudsters pose as the buyer, seller, title agent or realtor, to sneak into your inbox undetected.

Spear Phishing email example

What’s concerning is that spear phishing attacks are less likely to be flagged by an email provider’s spam filter than regular phishing attacks. This is because the emails aren’t sent out to a high number of people at the same time. They may also be sent using an email address that hasn’t been used for phishing before.

Whaling and Business Email Compromise

Whaling is a scam used to target or impersonate business owners and high-level executives for the purpose of diverting wire transfers to fraudulent accounts.

Wire fraud email example

In the case of real estate fraud, hackers can use the access to a title company owner’s email account to run a business email compromise scam. In these scams, they use the compromised account to convince employees to wire money to bank accounts they control.

Like spear phishing attacks, emails used for whaling and business email compromise are highly personalized and will appear to come from a legitimate source. They generally use the same techniques to steal passwords, such as key-tracking malware and spoofed hyperlinks.

If you’re a key decision maker in your organization, be wary of personalized emails asking you to verify account details or transfer funds. If you’ve got any doubt, don’t act!


While most attacks come via email, vishing—voice phishing—is another method used during fraud attempts. Fraudsters know that most companies are requiring phone call verification before funds are wire transferred. This is known as “call back” procedures.

In these scams, hackers will call the victim or leave a voice message. The call or message will seem like it’s coming from a trusted party in the transaction such as the title company, attorney’s office or bank.

The fraudster will often lead with specific transaction details and state that the call is being made to protect the person on the other end from fraud. This builds instant credibility and disarms the victims. The scammer can then move on to the goal of the call—get the victim to trust the wiring instructions they are about to receive from the fraudster and act on them.

Social Engineering

Access to email accounts, transaction information, and techniques such as vishing allows fraudsters to convincingly manipulate their target. This is called social engineering.

The social engineering techniques used in real estate are convincing. The use of cloned emails — the act of forging an email address to make it appear to have been sent from a legitimate email — and knowledge of the transaction give the fraudsters apparent authority over their targets.

Furthermore, the fraudsters are able to increase stress on the target—thereby reducing their ability to think clearly—by introducing an element of immediacy, as well as a serious repercussion for not following instructions.

An example of this would be an apparent email from a title company to a buyer asking for a wire, with the threat that the deal could fall apart if the transfer is not made immediately.


How To Prevent
Wire Fraud

Preventing wire fraud essentially comes down to three things:

  • Educating transaction participants about the threat of fraud and what to watch out for;
  • Preventing fraudsters from accessing email and other communication-based accounts to obtain critical information about a transaction; and
  • Ensuring parties have accurate, uncompromised wiring information and contact details for the person or entity that will be receiving funds via wire transfer.

A commitment to education and the adoption of preventative measures will lower your risk profile and protect yourself and your customers from fraud.

Stop Fraudsters From Accessing Sensitive Information

An important step in wire fraud prevention is to stop fraudsters from gaining access to transaction-level information required to run a scam. Here are some strategies to consider.

Limit Publicly Available Information

Running a business requires that certain information be shared about your company. However, there are things you can do to protect some of the more sensitive data about your organization and employees.

Use Strong Spam Filters

Preventing phishing emails being seen is the best way to stop employees from falling for them. A strong email filter is one of the best ways to do this. Products like Mimecast and Spam Bully provide solutions that block and filter phishing emails.

If criminals can’t get their emails in front of your employees, then it will be far harder for them to steal account details and, ultimately, hit someone in your organization with wire fraud.

Phish Your Employees

Cyber-Fraud Featured Photo

Spam filters aren’t always enough. This is why many forward-thinking businesses are hiring third-party companies to perform phishing testing on their employees.

They simply create a phishing email, send it to your staff, and then see who falls for it and what credentials are given. This provides a starting point for training and awareness and gives them the education needed to avoid making the same mistake in the future.

We recommend taking advantage of Google‘s phishing test. It provides a great set of emails meant to educate you and your employees on how to identify phishing versus legitimate emails.

Google Phishing Test Screenshot

Real-Time System Monitoring

Perimeter security helps keep your organization’s entire network threat-free. It utilizes features such as a firewall, web-content filtering, malware protection, and geolocation blocking to keep your network safe in real time.

By monitoring all web activity that enters and exits the network, perimeter security is able to identify unusual patterns or abnormal behavior on your network that could be a sign you are under attack and take action to stop it.

Secure Your Accounts with Strong Passwords and Two-Factor Authentication

Another step you can take is to secure accounts with two-factor authentication (2FA). Accounts that use 2FA require an extra piece of information on top of a username and password to log in.

This additional bit of information is something that only the account owner has access to and it usually has a physical element. For example, it could be a code, sent to an app on the user’s phone, virtual private networks that are tethered to each company device, or a physical key like Yubi Keys. It could even be an SMS message or an actual key.

Essentially, it means that even if a hacker knows an account’s username and password, they will be unable to log into the account without also having access to the third authentication detail.

One final thing you can do regarding 2FA is to educate your customers and referral partners about the benefits of turning it on.

If everyone involved has 2FA turned on, the chances of a hacker being able to access an account are drastically reduced.

Always Verify The Person You’re Doing Business With

Wire fraud is a symptom of the lack of proper identity verification at critical points in a transaction. The success rate of wire fraud scams is due to the exploitation of a trusted relationship between two parties. If identities are confirmed properly, that trust is never breached.

Some things you can do to help verify information include:

  • Gather and share contact information early in the transaction cycle
  • Have a process for sending and receiving wire transfers
  • Educate customers and staff about what a scam looks like
  • Authenticate wiring details and identity

You can find out detailed instructions and techniques you can use in our blog post.


Tom Cronkright

CEO and Co-Founder @ CertifID

Back To Top