black, red and white dart board with yellow dart stuck in the middle

Real Estate Hackers Pivot Target from Title Company Employees to Homebuyers

The Growing Wire Fraud Threat in Real Estate – A Targeted Shift Toward Homebuyers

Over the past several years, the real estate industry has watched as the sector’s wire fraud has exploded, increasing exponentially year over year. Unfortunately, the scams with which title companies and real estate agents are slowly growing familiar continue to morph and modify themselves, producing new and innovative ways to stay ahead of the curve.

Business Email Compromise (BEC) has been on the FBI’s radar since 2010, when the Bureau began receiving complaints regarding these scams. Over the last eight years, hackers have started to focus on real estate transactions as a simple way to defraud people of hundreds of thousands of dollars. According to the American Land Title Association (ALTA), “Importantly to the title and settlement services industry, Business Email Compromise (BEC)/Email Account Compromise (EAC) was the top crime in 2017 with the highest reported total loss at more than $675 million.”

Scott S. Smith, the Assistant Director of the FBI’s Cyber Division, released via the FBI’s 2017 Internet Crime Report that the Internet Crime Complaint Center (IC3) “received a total of 301,580 complaints with reported losses exceeding $1.4 Billion.”

So, how are things changing? How are the hackers evolving? They’re shifting focus from title company employees who are now on high alert and looking for signs of scams, to the more vulnerable homebuyers, who are barely aware that these scams exist.


As stated by ALTA, “Criminals impersonating as sellers, Realtors, title companies or law firms during a real estate transaction are one of the most common BEC schemes identified by the FBI.” Cybercriminals have narrowed down their targets; they all know that real estate transactions involve transferring large amounts of money via wire, that title companies maintain large escrow accounts, and those involved in real estate transactions (specifically buyers) are often harried and overwhelmed.

Previously, scammers hacked into the email accounts of title companies and real estate agencies. From there, they would gather intel: closing dates, times, property addresses, seller names, and sensitive personal information about customers. Then, they would email or call the title company pretending to be the property seller, and provide their own wire transfer instructions. The title company would then wire the closing funds out of their escrow accounts, straight into the hacker’s account, which may even have been opened in the property seller’s name. Often that money was then immediately withdrawn and transferred into a second account, never to be seen again.

Similarly, hackers have also been taking advantage of money mules and their mule accounts. Often, foreign-born hackers will enlist the help of an American who has access to an American bank account. Once the money has been wired to this American bank account, the mule then transfers the funds directly to the foreign bank account, where it’s difficult to trace.

When title companies, real estate agents, and the FBI started to catch on to these specific BEC crimes, the hackers evolved. They started to change their scams in small ways so that they were still tapping into the real estate market, but stealing the monies from a different side of the transaction.

Now they are targeting homebuyers. Because title companies have started to take preventative measures, including in-depth education of employees, hackers have set their sights on the unassuming and innocent homebuyers. And although the buyer is typically sending less money than the title company is wiring, thanks to a mortgage, hackers have discovered that buyers are much less educated about the process than title companies, and much easier to scam. In addition, the title industry is largely educated on this issue, while the 5.5 million homebuyers each year are not.

According to the BuyerDocs’ market surveys, 52.2 percent of recent homebuyers are completely unaware of wire fraud in real estate. On top of that, 74 percent of recent homebuyers believe that their title company or bank can recover funds that are wired to the wrong account.

So, after hacking into title company and real estate email accounts, fraudsters are turning to social engineering to successfully trick property buyers into wiring their money to the wrong accounts. By copying email signatures and using realistic-looking fake email addresses (think [email protected] instead of [email protected]), hackers are having an easy time of tricking naïve homebuyers into wiring their money to the wrong account. And, again, the outward bound money is immediately withdrawn or transferred to a second account, making it difficult to reverse the transaction. Remember, for the hacker, it doesn’t matter which account they hack (Realtor, title company, lender, etc.), it only matters that they get the information. So, a title company could have the most robust email security in the world, but if the Realtor is hacked, it doesn’t matter. The chain is only as a strong as the weakest link.

If you think your title company and Realtors are secure from a hacker infiltration, you might be surprised by some of the stats recently shared by ValueWalk. Approximately seven out of 10 people use the same passwords for their social media accounts as for their corporate email. If a hacker can get into your employee’s Facebook or Twitter account, it’s extremely likely he can then log in and gain access to your email system. Along that same note, in 2015 more than 160,000 Facebook accounts were compromised each day. Over the last few years, 160 million LinkedIn accounts have been hacked, and 71 million Twitter accounts have been infiltrated.

In addition to vulnerabilities due to employee social media accounts, businesses haven’t been near vigilant enough when it comes to internet security enforcement. Despite most attacks against small to medium business being web-based, 59 percent of businesses polled have zero visibility or access into their employee password practices. To make matters worse, 65 percent of these businesses have a password policy – which they don’t bother to enforce.

Even though hackers are attacking unsuspecting homebuyers more frequently, all hope is not lost. There is still plenty of action the real estate world can take in order to protect this industry from escalating BEC and social engineering attacks. You may not be able to educate and train each homebuyer extensively, but you can be proactive and teach them to stay on the offensive. Continue to educate your employees – the more they know, the more knowledge they can pass on. Obtain the services of a company (e.g. BuyerDocs) whose purpose is to protect title companies and homebuyers from social engineering and email hackers.

Here are some examples of policies to follow:

  • Implement a password policy and then back it up
  • Use dual-factor authentication for password updates
  • Use your email client’s audit logging features so you can track any data breaches which do occur
  • Employ the services of a company which can monitor the dark web and alert you if your employees’ identities or credentials are stolen
  • Use firewalls, anti-malware software, phishing detection, and a secure internet gateway.

These easy-to-implement and relatively inexpensive steps will allow you to protect your company even when the ball is in the homebuyers’ court. By taking the initiative and arming yourself with the proper knowledge and business tools, the hackers’ ever-evolving schemes will become a thing of the past, while your brain and business can rest easy.

Author Abigail White is the cofounder and VP of Business Development BuyerDocs, the world’s first secure method exclusively for sharing wire transfer instructions.