Real Estate Wire Fraud – Transactions are Under Attack

Real estate transactions are drawing attention from cyber criminals because they can lead to big payoffs, and the threat of real estate wire fraud is growing quickly.  In 2016, the FBI reported $19 million in real estate wire fraud targeting home buyers. In 2017, that number grew to $969 million.

A billion dollars is such a large amount that it’s difficult to imagine, or easy to ignore. So what does a billion dollars in real estate wire fraud look like from an individual standpoint?  I did a quick google search to find out. $31,000 lost. $379,000 taken. $36,000 gone. The list of losses from real estate wire fraud goes on.

Wire Fraud Scams in the News

Real Estate Closing – The Perfect Storm

There are three factors that make the real estate and settlement process a perfect target for wire fraud at closing.  Money, Complexity, and Time.

  1. Money.  Real estate transactions are high value, and so are real estate wire transfers.  Cyber criminals always look for an opportunity with a large payday, so closing is a great target for them.  One successful attack can be huge – reported losses have ranged from a couple thousand to a couple million.

This type of payday is relatively unique for cyber criminals.  Often they are targeting data/information that they can sell, or some type of ransomware that requires participation from the victim.  These attacks take time and patience. Real estate wire fraud attacks are the opposite – immediate, high value pay offs with little risk to the criminal.  

  1. Complexity.  Real estate transactions usually have a complex network of stakeholders.  There’s always a buyer (1) and a seller (2). They typically include a buyer’s agent (3) and a seller’s agent (4), a settlement agent (5) and a lender (6), and there’s often an assistant for the settlement company (7) and an assistant for the mortgage lender (8).  That’s a lot of people in a single transaction.

To make it more complex, the communication between these channels isn’t serial in nature, rather a complex web of communication.  On any day the buyers agent might email the title company, the lender, the sellers agent, or any of there assistants.

This provides multiple access points for the attacker and makes it easier to impersonate any of these stakeholders.  Complexity allows cyber criminals to insert themselves in the process without raising any red flags.

  1. Time.  All parties involved are pushing for the quickest close possible, and no one wants to be the reason a closing is delayed.  Attackers know this, and use it to their advantage.

In 2017, home buyers represented 37% of home sales and 56% of home purchase loans (Genworth).  Those first time home buyers are likely staying in their parents house, or a small apartment, and any delay to closing is unacceptable, especially if they have control over it.  So when a cyber criminal sends an email that looks like it’s from their agent or lender threatening to delay closing if the down payment is not transferred immediately, the buyer is quick to react and transfer the funds.  Once a wire transfer is sent, it’s most often gone forever.

Large sums of money, complex interactions, and strict timelines create a perfect storm for cyber criminals, and make for a perfect target.

How Cyber Criminals Gain Access 

Cyber criminals typically start the process by breaking into an email account – often it’s a real estate agent or someone in the settlement company.  This can be done through malware or social engineering techniques like phishing. Phishing is a type of cyber attack in which the attacker sends an email to their target with a malicious link, attachment, or request for sensitive information.  If the target clicks on the link in the phishing email they may find themselves on a page that looks like something they use daily, and provide their username/password, or they might unknowingly install malware that allows the attacker to gain access to the necessary information.  Learn more about phishing with examples of phishing emails and information on how to identify phishing emails.

The image below is an example of a phishing email impersonating Amazon.  If someone receives this in their inbox they are likely to click through it because they trust Amazon, and likely use Amazon, so receiving a gift card from Amazon doesn’t require a huge leap of faith, unlike the Nigerian prince email most people are familiar with when they hear phishing.

You can actually test your employees by simulating a phishing attack using the email below.  We offer a free trial so you can see how your employees respond, and if they click on the link our platform instantaneously provides training to show them how they can identify phishing emails like this one.


Once the cyber criminal has access to an email inbox they can monitor for upcoming real estate closings.  Having access to the inbox means they can read every email to learn the people in the process, how they talk/email, and all of the details of the closing.  

The cyber criminal can then target an upcoming closing by sending a message to the buyer that looks like it’s coming from the real estate agent, closing company, or the lender.  The email would include new wire transfer details that will route the money to the cyber criminals account, and use words like ‘urgent’ and ‘delayed closing’ to encourage a quick wire transfer from the buyer.  Once those funds are sent, it’s hard, if not impossible to get them back.

Real Estate Wire Fraud Fallout

This is unfortunate for all parties.  The buyer often loses out on their life savings and dream home, and buyers, real estate agents, and settlement companies risk the financial burden of being at fault.

For example, in April 2018,in Bain v. Platinum Realty, LLC, a Kansas federal court upheld a jury verdict that determined the real estate agent was 85% responsible for the buyers loss.  The total amount lost due to real estate wire fraud was $196, 622.67. The court’s judgement against the defendant held the real estate agent responsible for $167,129.27.

Fortunately, real estate wire fraud can be prevented.  You should build prevention into your process.

Building Prevention into Your Process

You can start by building a warning message of real estate wire fraud in your email signature.  This has become almost an industry standard. It’s effectiveness is to be debated as most stakeholders barely notice the warning.  Nonetheless, if anyone reads it and it prevents a single issue, it’s worth doing. Alta provides a few examples of real estate wire fraud warnings that you can use like this one.  

WARNING! WIRE FRAUD ADVISORY: Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.

Secondly, you have to build communication into your transaction process with the home buyer and real estate agent – starting at the beginning of the process.  Ask that the buyer confirm they understand that wire transfer details will only come from a specific source, and they should ALWAYS call your direct line to verify. Include a direct line for them to confirm wire details during the closing process.  If you’re sending a wire transfer out, be sure that your team always calls to confirm the transaction no matter how busy they are at the time.

Finally, call your client before a legitimate wire transfer to let them know it’s coming, and make sure the still call to verify the wire transfers details.  Remember, it only takes a second for a cyber criminal to send new wire instructions.

Raising Employee Awareness

In addition to building prevention into your process, you should raise awareness with employees. Most cyber criminals gain access to your email/systems through phishing, or some other social engineering attack, so it’s important to raise awareness of general security threats.  Stopping cyber criminals from gaining access to email is the best way to prevent a real estate wire fraud issue.  Here’s a few general best practices to follow.

  1. Be wary of phishing emails by confirming the sender and not clicking on links.
  2. Do not click on links in emails from people that you do not trust, and always hover over the link to confirm it’s going to the website that you expect.
  3. Scrutinize the sender and recipient email address on every email going in and out.
  4. Never use a free email service.  Only use a secure, encrypted email account.  
  5. Change passwords regularly, and implement a multi-factor authentication requirement to access your email.  

Cybersecurity awareness is common in big organizations, but not as common in real estate and title companies.  Learn more about building a cybersecurity awareness program.

Secure Wiring Information

CERTIFID provides a real-time identify platform for real estate, mortgage, and title industry professionals to authenticate parties in a transaction and securely transfer wiring information.    This technology allows you and your customer to communicate securely, protect the wire transfer process, and protect your brand from the fallout of a cyber attack.

Real Estate Closings – The Perfect Storm

Real estate closing is the perfect storm — large sums of money, strict deadlines, and several lines of communication in every transaction make it an easy target.  Cyber criminals are targeting you and your customers. By building security and awareness into your process you have the ability to stop cyber criminals, protect your customer, and protect your business.

About Us

Wuvavi provides the world’s only cyber security awareness platform developed for small and medium sized businesses.  Wuvavi allows SMBs to deploy enterprise grade awareness training and simulated phishing campaigns to their employees, track progress, and receive completion certifications. Learn more and sign up for a free trial.