This post was first published in November 2019 and has been updated with fresh insights as of September 2023. It’s the second in our series on real estate wire fraud. If you haven’t already, check out the first article in the series for an in-depth look as to why bad actors target homebuyers and real estate transactions. The entire series delves into strategies to fortify against wire fraud, mitigate risks, and navigate recovery should you encounter a scam.

In today’s digital era, wire fraud poses a formidable challenge. Title companies are at the vanguard of defending against wire fraud, ensuring smooth and secure transactions for all. But even the most diligent professionals face obstacles.

Picture this: An email lands in your inbox, seemingly from a familiar associate or business partner. The details on their face, from the letterhead to the signature, are precise and seemingly trustworthy. However, there is a hidden, harmful intent.

Bad actors, adept at their craft, are employing BEC—a sophisticated scam targeting companies that regularly perform wire transfer payments. Their aim is to gain access to or alter confidential data.

BEC isn’t just a casual threat—it’s a burgeoning epidemic that is here to stay.

BEC by the numbers

The year 2022 saw 21,832 BEC complaints registered by victims with the Federal Bureau of Investigation (FBI), reflecting estimated losses exceeding $2.7 billion.

Narrowing in on the real estate industry, BEC scams are the most frequently reported type of fraud. The escalation of this threat within transactions is clear: reports of BEC-related victims surged by 27%, accompanied by a substantial 72% rise in associated losses from 2020 to 2022. The industry suffered a staggering $396M+ in adjusted losses in 2022 as a result of BEC scams.

The ongoing prevalence of this threat demands that all stakeholders in real estate transactions become well-versed in BEC scams to learn how they can reduce their risk of wire fraud.

The anatomy of a BEC attack

Business email compromise is a term used to describe a range of different attack methods, whether it be hacking emails or social engineering. Bad actors employ these methods with the end goal of redirecting fund transfers to fraudulent accounts.

There are many tactics criminals use to conduct BEC scams. Three common approaches include:

Spoofing: A method where criminals make a fake email address, website, or identity appear real and trustworthy.

  • Lookalike email addresses. Deceptive email addresses mirroring authentic ones. For example, substituting “” with “” to deceive recipients.
  • Spoofing the sender information in an email header. Email headers contain metadata about an email, including the sender and recipient email addresses. Criminals can manipulate or falsify this header information to disguise where an email is really coming from. This makes a phishing email appear to be from a trusted source.
  • Spoofing a website. Fake websites created and dressed up to look identical to real, legitimate sites. The spoofed site tricks users into entering login credentials or other sensitive information. These deceptive URLs may contain subtle misspellings, additional characters, or unfamiliar domain extensions, serving as a telling sign of the site’s fraudulent nature

Phishing: Criminals send many fake emails, hoping recipients will believe them and perform an action or click on malicious links/attachments. Phishing uses urgency, fear, or other psychological tactics to tempt users.

  • Deceptive subject lines. Crafted subject lines grab attention and trick users into opening phishing emails (e.g., “system alert,” “payment issue”).
  • Social engineering: Bad actors manipulate individuals, convincing them to perform unintended actions, perhaps divulging sensitive information or transferring funds to fraudulent accounts. It’s not just about breaching systems; it’s about manipulating trust.

Using Malware: Malicious software, such as trojans and remote access tools, can assist criminals in stealing data or spying on communications. These types of software disguise themselves as legitimate programs. Malware payloads often arrive via phishing.

  • Keyloggers log keystrokes to steal login credentials and sensitive information entered by users.
  • Backdoors allow remote access to systems, often undetected, to manipulate and steal data.
  • Spyware tracks user activity and system information to aid social engineering attacks.

Combined, these techniques and tools allow criminals to infiltrate businesses in sophisticated ways leading to major financial losses.

A look at real estate BEC scams

While certain real estate transactions, such as high-dollar deals, vacant lots, LLC-owned properties, or those following recent deaths, tend to attract heightened attention from bad actors, no participant is truly immune from business email compromise.

Hackers, strategic in their approach, carefully select their targets based on perceived vulnerabilities and potential gains. Whether you’re a buyer, seller, attorney, agent, or title company, vigilance is critical. In the complex realm of real estate transactions, every participant should remain alert, because, given the right circumstances, anyone could be in the crosshairs of these malicious actors.

Example of BEC involving a mortgage lender and a title agent

Below is a typical BEC scam scenario based on real events but changing out the names of those involved. 

Samantha, a title agent at Horizon Heights Title, was handling the closing for a home sale. Part of her responsibility was to ensure that the existing mortgage on the property was paid off.

One morning, Samantha received an email that seemed to be from Mark, a representative of Unity Bridge Financial, the lender that held the existing mortgage on the property. The email seemed like it was authentic, using the lender’s logo, Mark’s usual email signature, and a familiar tone.

The email read:

“Samantha, I hope you’re well.

We’ve recently updated our bank details due to some internal restructuring. As you’ll be handling the payoff for the property on Elm Street, please use the new bank details attached for the wire transfer. Let me know if you need any further information.

Regards, Mark.”

A few days later, after the closing was finalized, Samantha wired the payoff amount to the new bank account, believing she had settled the mortgage.

However, when Unity Bridge Financial reached out a week later inquiring about the payoff they were expecting, a red flag was raised. Upon reviewing the email and checking with Mark directly, it became evident that Mark never sent the email with the updated bank details. The sender information had been spoofed, and the bad actors used social engineering to divert the payoff funds to their own account.

The BEC scam had successfully exploited Samantha’s trust in her communications with Mark and the mortgage lender.

Why BEC attacks are difficult to spot in real estate transactions

In real estate transactions, BEC presents a distinct challenge. This is due mainly to the intricate network of communication needed to successfully perform a closing. A typical real estate deal involves up to 12 different stakeholders. These range from buyers and sellers to agents, attorneys, lenders, and title companies.

All parties place a tremendous amount of trust in each other to keep the closing, and all related data, secure. But it’s difficult to detect small signs of impersonation. For example, a slight change in an email address can go unnoticed. The variety of parties involved and the fractured email threads make real estate deals prime targets for sophisticated BEC scammers.

How to avoid BEC and wire fraud 

Create a Culture of Security

Train your staff on security protocols

Adopting technological solutions with the highest security standards is essential. However, even the most advanced systems remain vulnerable if employees fail to implement the required precautions. Top cybersecurity organization, Tessian, and Stanford University researchers found that human error is to blame for about 88% of all data breaches. 

Human error can include password delinquency, misdelivery, and decision-based errors. It’s important to educate employees on security protocols and create a culture of security. This culture will allow employees to feel comfortable reporting security concerns.

  • Host regular training to help staff understand the pivotal role they play in data protection and wire fraud detection.
  • Teach your staff how to spot phishing attempts, use strong passwords, and follow data protocols. (Download our daily checklist designed to help title & escrow agents scrutinize emails and properly close out the day.)
  • Educate employees about the key security features available in your software, such as multi-factor authentication (MFA), and encourage universal adoption.
Educate your clients on BEC scams and wire fraud

An ALTA study indicates that title & escrow companies need to create more urgency around the threat of real estate scams. The study found that 73% of homebuyers knew about the risk of real estate fraud. However, almost half of the respondents (42%) expressed no worry about theft during their real estate transaction.

Homebuyers would benefit from concrete, real-world examples of real estate fraud to better grasp the actual impact of BEC scams. The key is for title & escrow companies to provide clear examples and protection tips that buyers can apply. This goes beyond broad warnings that wire fraud exists and can happen to them.

For instance, title & escrow companies can:

  • Show buyers screenshots of actual emails from fraudsters trying to have wires redirected. The title and escrow company can then point to and explain to the buyer the signs that the emails were fraudulent. 
  • Give buyers specific examples of suspicious last-minute wire instruction changes and emphasize the need to always verify wire instructions directly via an independent source. 
  • Note that personal email is not secure for sending financial details. 
  • Explain that the buyer’s bank will never email unexpected wire transfer requests. 
  • Provide a list of clear warning signs and actions to take if the buyer is unsure that wire instructions are legitimate. For example, advise them to contact their real estate agent or title company directly through known numbers before sending any wire.
  • Provide wire instructions to clients early in the process, and inform them that these instructions will never change.
  • Encourage clients to call and verify wire transfer instructions prior to initiating a wire transfer.

Providing concrete examples and practical tips will effectively illustrate to buyers the seriousness of the wire fraud threat. This approach will empower them with a clearer understanding of how to protect themselves.

Use a hybrid approach to security collect and verify wire instructions

Title & escrow companies should invest in a solution that allows for a secure, automated collection of wire instructions, integrated with manual verification steps. This hybrid approach provides the benefits of technology while still incorporating the human review many experts advise.

While digitizing the process of collecting wire instructions can increase efficiency, relying solely on technology without manual verification opens the door to potential fraud.

According to a survey of title professionals conducted by Qualia, 66% of title & escrow respondents currently use manual methods to prevent wire fraud. This may be driven by recommendations from wire fraud experts advocating for manual verification steps. However, an overly manual process creates inefficiencies and increases the potential for human error. Striking the right balance is key.

The ideal solution will:

  • Encourage sellers to provide details digitally through a secure portal
  • Share title & escrow wire instructions with homebuyers in a secure portal
  • Streamline importing bank information into title production software
  • Assess all wire instructions for fraud risk, not just high-risk transaction types
  • Enable title & escrow company staff to manually verify high-risk transactions

This blended approach reduces repetitive manual work while still maintaining the critical human oversight needed to catch any potential fraud.

By leveraging technology to eliminate inefficient duplication across platforms, title companies can focus expertise on targeted wire verification to keep transactions secure. The combination of human and technical controls will provide maximum protection against evolving wire fraud.

Move communication away from email

As we seek robust security solutions, it’s worth noting that nearly 1 in 5 advanced email attacks are successful. Astonishingly, in 2022 alone, 94% of organizations reported being targeted by spear phishing (an attack on select victims, in contrast to regular phishing, which aims at the masses) or impersonation attacks. This underscores the pressing need to reconsider our reliance on email as a primary communication tool.

Email’s security weaknesses have made portal-based communication the safer alternative for exchanging transaction details. Secure portals allow title and escrow companies to communicate with all parties in real time while avoiding email’s risks.

Portal benefits include:

  • Granular access controls to ensure users only see relevant documents
  • Activity logs providing transparency and audit trails
  • Bank-grade security like mandatory MFA and role-based access control (RBAC)
  • Streamlined workflow since everything is in one place rather than scattered inboxes
  • Real-time communication instead of reply-all email chains
  • Automated alerts that notify clients of updates

By moving interactions into a unified hub with bank-level security, title professionals can reduce their exposure to email-borne threats. This approach also ensures a more streamlined process for clients.

The critical factor lies in selecting platforms that adhere to ALTA Best Practices, have strong encryption, and consistently undergo compliance assessments. With the right portal solution, safety and convenience go hand-in-hand.

It takes a village to combat BEC scams and wire fraud

A layered security approach is vital for title & escrow companies to combat wire fraud. No single strategy or tool offers complete protection. Success hinges on blending vigilant staff, responsive processes, and cutting-edge software.

To protect themselves, title & escrow companies must employ diverse safeguards in communication, authentication, training, and monitoring. As fraudsters evolve, so must defenses. Through unified layers of security and a readiness to act, title & escrow experts can effectively ward off malicious attempts. Proactivity, holistic measures, and recognizing that prevention is a joint venture across people, processes, and technology are essential.

New call-to-action