<  All articles

Real Estate Wire Fraud: Email Scam Threat Model and Examples

Real Estate Wire Fraud

Real estate wire fraud starts with email, and it doesn’t seem to end. The fraud is common but criminally under-reported.

It is catching up with home buyers and title companies who are oblivious to the threat landscape provided by the use of regular email. 

People who purchase the house don’t calculate the risk of interacting with malicious emails — most of the time they don’t even know that the risk is present. 

Title companies who also suffer from this fraud don’t have enough controls and tools to ensure secure communication with clients.

In most cases, banks can’t return the funds to their rightful owners or block the transfer to an unverified bank account. All these factors make real estate wire fraud one of the fastest rising crimes in the United States.

What Is Real Estate Wire Fraud?

Before advancing, we need to present a clear wire fraud definition.

Real estate wire frauda cyber crime that incorporates identity theft and social engineering to defraud parties involved in real estate operations.

After compromising the email system of the party expecting a payment, criminals get the latest information about the upcoming deals and scrape email addresses of all involved parties. This allows them to create a spoofed email address and instruct buyers to complete a wire transfer to a fraudulent bank account, usually from another country. Scammers use cryptocurrency and money mules to obfuscate the money trail.
Foul play goes undiscovered for long enough to render transaction cancellation impossible, even if cryptocurrency is not playing any part in the fraud. 

Criminals prepare in advance to coordinate this scam. 

The environment spoils them for choice, as real estate transactions involve multiple sides: agents, mortgage lenders, attorneys, escrow companies, and finally, buyers and sellers.

Five Stages of Real Estate Wire Fraud 

The steps of real estate fraud usually are the following:

  1. Fraudsters preparing to execute an attack scan real estate property listings and syndication sites to pindown upcoming home sales. 

    Widely available information scraped from social media, websites, and online resources give more than enough information to discover and profile parties involved in the future transaction. 

  2. One of the email accounts used for the coordination of real estate purchase gets compromised. 

    In most cases, spear-phishing gives attackers access. 

    In this attack, victims receive a trustworthy-looking email that will trick the user into exposing their account credentials. 

    When the email account takeover is complete, hackers move to the next stage of the real estate email scam.

  3. After gaining entry, criminals monitor the conversations between the parties. 

    Hacked email provides vast amounts of sensitive financial information about the potential victims, and gives attackers the necessary details to hijack the upcoming closing. 

    Criminals set a forwarding rule in the hacked account to one of their own, and continue to monitor the communication, waiting for the fitting opportunity to strike.

  4. Equipped with enough information on all sides involved in the conversation, criminals create new email accounts that spoof real email addresses gathered in the second stage. 

    When spoofing legitimate addresses, miscreants usually change only one symbol or letter to get a unique handle that looks like the original, for example, “business.com” changes to “busines.com”. 

    Criminals recreate a large “communication network”, also getting ready to prepare a weaponized email. 

  5. As the eventual victim will interact mostly with the email body, most of the work is put into email composition

    Email signature, font, and other formatting specifications are carefully duplicated in the malicious email. 

    Spoofed emails of account names discovered after initial compromise are placed in the BCC section to make the request even more believable. 

    The crafted email contains bank account information belonging to a criminal, and enough inside information to raise no concern from buyers.

Oblivious home buyers (or title companies wiring funds to a broker/seller/mortgage holder) then proceed to wire the funds without spotting a difference in the “from” section. 

Needless to say, there’s no verification of the bank account details either.

What Makes Real Estate Wire Fraud Such a Potent Threat?

The scam is as sudden as it is ruthless. 

It happens days or even hours before the home purchase closure. Scammers manipulate the emotions of home buyers, and it doesn’t take much effort to do so, as buying a home is a nerve-racking and tedious experience. 

The purchase process can take months, plus hundreds of emails from multiple sides written in a complicated legal language.

People fall victim to wire fraud because of their desire to close the deal faster, save some money, or leave the current residence. Eventual victims are encouraged to wire funds in the email decorated by an urgent “call to action”. 

Most people buy houses only once or twice in their lifetime, so there’s an evident lack of experience that makes this fraud so dangerous. Buyers are not only estranged to the buying process but sometimes also don’t have enough knowledge to fully understand the instructions given to them. 

In contrast, everyone can understand the wire instructions “please send money here to close the deal”.

The Increasing Level of Sophistication Behind the Fraud

Fraudsters are improving their playbook with new schemes and details, designed to make fraudulent emails more believable and trustworthy. 

In the latest BEC scams, for example, hackers also forward authentic and harmless messages, reenacting the whole dialogue and masquerading as multiple sides at once. 

Miscreants also address the point about verifying the wire by a simple phone call. They tell their victims to do everything through email, using a “busy schedule” excuse. Sometimes criminals can even express how they could be able to get the job done faster if they could ignore the protocol. 

Because of this, many entities incorporated an email notice template in their email signatures, highlighting how the buyer should never trust wire instructions sent via email. 

Always double-check and confirm the instructions via a call to a verified phone number.

People can lose hundreds of thousands of dollars in a single transaction. Besides that, victims of real estate wire fraud miss out on the house of their dreams and the time that was sacrificed to accumulate the life savings. 

Recovering money is a complicated process, if not an impossible challenge of its own. Fraudsters operate as managers of elaborate money mule networks – scam assistance groups that process wire transfers in real-time to launder the stolen funds. We are covering the transfer cancellation process later in this post.

Not only home buyers suffer from the scam, sellers also do. Often they don’t have the money to pay off the mortgage and get caught between the rock and a hard place. Agents involved in the process also won’t earn a commission for their work and lose some part of their credibility and hard-earned reputation. 

Title companies get blamed for being compromised and failing to protect other involved parties of wire fraud. There’s no side that “wins” in this fraud except scammers.

Wire Fraud Statistics in Real Estate

To back up the reality of wire fraud in the real estate industry, we need some numbers as evidence, and respectable sources to back up the information provided above.

Business Email Compromise/Email Account Compromise crime overall accounted for $1,776,549,688 losses in 2019. If we take a bigger sample for reference, IC3 started tracking this cybercrime back in June 2016. Since that time, BEC has inflicted 26 billion dollars in damages.

FBI’s 2019 Internet Crime Report informs that 2019 registered 11,677 real estate/rental fraud victims with a combined monetary loss of $221 million. 2018 had approximately 11,300 reported victims and $150 lost million which indicates that scammers look for bigger deals now. The same report highlights that phishing, a predominant assistant in email account compromise cases, has led to 114,702 reported victims in the past year.

Real estate industry is one of the most attacked one’s, alongside biotechnology and accounting, according to Sentinel’s Q2 2018 threat intelligence report key findings. $8 million in losses caused by this crime are reported monthly. In 2020 the US housing market’s combined value hit $33.6 trillion, giving hackers even more targets, and millions of transactions unprotected from hijacking. This only amplifies the fact that in case of failure scammers can just move to the next target. 

Even though home sales slowed down during the pandemic, the prices saw the biggest gain in two years due to a drop in the supply of households for sale. A lot of sellers pulled their listings and decided to wait out. 

As a result, in April home values rose 5.4% nation-wide, making real estate wire fraud even more lucrative for cybercriminals.

Real-Life Cases of Wire Fraud in Real Estate

Numbers alone don’t paint the picture as good as stories do, and there’s plenty of them to share when it comes to real estate wire fraud.

The case of Kevin and Nicole Noar serves as a good example. The young couple was hit by a scam on February 14th, failing to identify a difference in the sender’s email address. As the news item suggests, the original address was spoofed simply by replacing “.com” with “.corn”.

Failing to spot the difference was a $775,000 mistake for Noar’s. For reference, the median home listing price floats around the $300,000 mark. 

The casualties of wire fraud stated that a teller, a manager, or at least the money wiring department could have prevented the loss from happening. Ms. Noar added that the escrow company is to blame for the hack, as it has failed to follow the protocol to protect client funds. The couple then decided to set up a GoFundMe page to recoup some losses with the community’s help.

Gladly, not all scams pan out as well as cybercriminals hope. Jay Foard, a Ponte Vedra home buyer, was lucky enough to avoid wiring $20,000 to cybercriminals

Just like any other victim of the scam, Mr. Foard got an email from a pseudo-broker, containing wire instructions. The next day after Jay proceeded to pay, he got a note from the bank, informing him that the transfer was canceled because the company getting the money was a limo service out of Tennessee.

The bank stated that scammers operated with one billion dollars taken from transactions across the United States, breaking into email accounts of realtors and title companies. Jacksonville Vanguard Title & Escrow General Manager Angela Huggins shared that there were about ten canceled transactions a year thanks to the company modifying its wiring policy. It is simplistic full account information can not be received through a single communication channel.

Not all title companies are prepared or even educated enough to stifle email scams. 

You can find even more examples of wire fraud in real estate.

How To Get Money Back From Wire Transfer?

Many victims are not sure what they should do after they wire the funds to a fraudulent account. 

In some cases, actions taken quickly can help recover the stolen funds. For that to happen, victims of real estate wire fraud need to contact multiple entities, and of course the sides involved in the proceedings.

First of all, victims have to immediately contact their bank. If they react quickly there may be a slim chance to reverse the wire. 

A quick reaction is critical because you have a 30-minute window (at best) to approach the bank for cancellation. When someone initiates a wire transfer, they ask the bank to send the money immediately, and when the stolen money goes through money mule accounts, tracking them back becomes impossible. 

Most victims are oblivious that they have interacted with the criminals, so they decide to wait, thinking this is just a transfer delay on a busy workday. If the time window expires, the bank loses its ability to help the victims and can only initiate a fraud claim. 

As we have already mentioned, a lot of fraudsters are located outside of the United States, so they do not fall under US jurisdiction.

The specifics of wire transfers and complications related to their cancellations are one of the biggest reasons why real estate wire fraud continues to improve every year. Still, contacting a bank is the first thing victims should do. Apart from calling the bank, victims should report the fraud to the Federal Bureau of Investigation, so that the crime can be investigated and put on the record. It must be noted that if the transfer doesn’t exceed $50,000 or transpires domestically, the FBI may decide to stay aside.

Even if the investigation won’t bring the money back, that information will leave its mark on the statistics provided in studies, and give other individuals a heads-up. Filing within the first 24 hours provides the best chance of recovery.

The Importance of Wire Fraud Disclosure

Lack of awareness about one of the most prominent and fastest-growing cybercrimes is staggering. The United States has only a 15% wire fraud incidents report rate. 

Disclosure is critical to help catch a culprit that has scammed other people before. Aggregated information can help the Bureau to track down the fraudsters. Even if your loss is not big enough to warrant a submission, don’t ignore the incident.

You can file a complaint with the Internet Crime Complaint Center (IC3), providing more details on how you or other fraud victims were scammed. The complaint must contain a telephone number, address, email, name of the victim, headers from the malicious emails, and any other information you feel would be helpful.

You can also report the crime to the local police, who may have a better insight into the criminal activity in your area. At the very least, your information will educate other targets. Police reports are also required to recoup the losses from insurance companies.

Do not stay silent! 

Just accepting the loss is not going to help anyone but criminals, who will go unpunished and defraud many more home buyers and title companies. Educate others, and share your experience with colleagues if you are working in the industry. 

A good place to share information is to visit a stopwirefraud.org website.

Who Is Liable for Real Estate Wire Fraud?

If there’s no chance to return the money, and no chance to prosecute the fraudsters, victims move on to the next logical step a litigation process.

Vendors that do not receive the payment are not interested in accepting a loss on top of their bruised reputation and unfavorable coverage in the media.

For this reason, it’s crucial to understand the court-applied principles used to determine who’s responsible for a misdirected payment. Is it a compromised company or agent? Is it a home buyer that reacted to the scam and wired the funds without verifying the credentials with a recipient? What if it’s both?

Courts dwell on these decisions by relying on the more established principles, presented in the Uniform Commercial Code’s Article 2 (Sales) and Article 3 (Negotiable Instruments).

Business email compromise that leads to wire fraud in real estate is quite different from anything we faced before, since compromised email accounts may not implicate data belonging to a customer. Additionally, accusations of negligent maintenance of email systems are not applied because hacked businesses have no general duty to avoid the unintentional infliction of economic loss on the client.

This may be puzzling to victims, who think that title companies are getting off easy, but they are not completely immune from responsibility. 

Principles Used In Business Email Compromise Court Cases

Every other scam is different from another one. 

There are no concrete rules when it comes to resolving disputes, but most often Business Email Compromise cases rely on the next principles to determine the outcome of the case. 

  • The party who had the best position or the last chance to prevent the fraud bears the responsibility.
  • The party is more likely to bear the responsibility if it has ignored the so-called red flags. Those are requests made from a fake email account, requests that came out of the context, or any late-minute changes.
  • If a party’s email system was compromised because of the lacking security measures or protocols, the party can be accused of not exercising “ordinary care”. However, judges are aware that sophisticated hackers can be successful even when the required security standards are in place.
  • The party receiving a notice that a hacker is targeting a transfer must warn all parties involved in the operation. Failure of notification when having the information could make title companies responsible for the fraud prevention.
  • Parties are judged on the facts provided in the case, and forensic reports carried out after the fraud. The provided facts discussed in court are regularly disputed by both sides, so the judges don’t allocate losses before trial and take a considerable amount of time to carry out a verdict.

Overall, courts are more likely to leave the party that misdirected a payment with the loss, but it doesn’t mean that title companies are always getting it easy. It doesn’t end on identity theft alone.

In 2018, the jury found the real estate agent and broker guilty, clarifying that those parties were 85% responsible for the loss of $196,622 by the client. The broker and agents were deemed liable for the following reasons:

  1. Real estate agents should not have been involved in wire transaction instructions. Instead buyers and sellers should have interacted with the title company directly.
  2. If real estate agents serve as intermediaries, they bear the responsibility of the wire instruction accuracy.
  3. Real estate agent should have alerted other parties when they discovered an email account compromise. 

5 Tips To Curb Down The Real Estate Fraud 

One thing that all sides can agree on protecting business and clients should be a top priority for real estate companies. Doing so without developing and acting upon formal data security policies is practically impossible. 

Implementing a cybersecurity plan to protect the assets and clients may sound like an enormous challenge, but it’s not as bad as it sounds. The Federal Trade Commission has drawn out the major security points that have to be addressed when building a plan. They are presented in a useful guide for businesses called “Start with Security”. 

Not just building a plan, but maintaining a healthy cybersecurity posture is essential too. 

Anti-fraud foundations deliver clear and concise instructions specifically for wire fraud prevention, and we have highlighted the most common and practical advice given by industry professionals.

  1. Never exchange sensitive or personal and financial information via unencrypted email.
  2. Do not store emails on your hard drive.
  3. Do not react to unverified or suspicious-looking emails.
  4. Abstain from the use of public Wi-Fi while processing sensitive information.
  5. Use strong passwords, update them regularly, and store them securely.

The home buyers are advised to always double-check every request through an independent communication channel and ask industry leaders what they do to secure their email communication.

Apart from data protection, a lot of attention has to be dedicated to the document retention policy, where clients’ personally identifiable information that is no longer needed should be disposed of. 

Needless to say, the use of regular email is not compatible with such a requirement. The real estate industry needs an email security solution that would provide a secure, quick and delay-free working experience.

If you are interested in a solution to stop real estate wire fraud, please refer to the special offer page where StealthMail explains its approach to fighting real estate wire fraud and securing email communications.

Wire fraud can and should be opposed.


We use cookies to improve your experience