How To Prevent Wire Fraud

In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.

How To Prevent Wire Fraud

In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.

A person holding up their hand signaling stop.How To Prevent Wire Fraud
Written by:

Tom Cronkright

Read time:

6 mins

Category:

Fraud Prevention

Published on:

Jul 19, 2021

Wire fraud is a growing problem for real estate professionals and consumers alike. Fraudsters stole $446 million via business email compromise in the real estate nexus in 2023 (FBI IC3). While there's no silver bullet solution, you can better protect yourself and limit its impact by educating customers and adopting preventative measures. This requires a layered approach with four key practices:

  1. Teach workers and people involved in transactions about wire transfer fraud, signs to look for, and ways to stop it;
  2. Institute preventive measures such as limiting publicly available information, using strong spam filters and perimeter security, and setting up two-factor authentication; 
  3. Set up stringent and secure identity verification practices for employees and transaction participants; and 
  4. Ensure you share uncompromised wire instructions and contact details with the person receiving funds.

However, even with the best security protocols, fraud can happen. We'll teach you the right strategies to prevent wire fraud from ruining your business.

How real estate wire fraud works

Most commonly, we’ve seen that fraudsters will: 

  • Target anyone involved in the transaction using publicly available information; 
  • Target participants with spear-phishing emails to gather email account details;
  • Obtain account access to get private details about a transaction and the participants involved;
  • Use the compromised email address or a spoofed address to send emails containing fake wiring instructions; and
  • Wire to other bank accounts or withdraw the cash once the money is in the fraudster’s account.

Armed with the right information and access, fraudsters can easy take advantage of a transaction. In the age of social media, where information is actively shared, that makes it easy.

You should set up measures to limit their access to your PPI (private personal information). Let's explore a few ways to ensure your information can't be used against you.

How to stop fraudsters from accessing sensitive information

A woman securing her phone with a passcode.

Fraudsters will exhaust every available resource to gain leverage against you. Here are a few tactics to help limit their access.

1. Limit Publicly Available Information

Though running a business requires that certain information be public, you can protect sensitive data by:

  • Updating your privacy settings on social media accounts so that sensitive information isn’t public;
  • Removing your email address and phone number on social media accounts; and
  • Googling yourself and your employees to see what information you find and removing anything that could be compromising.

Train your employees and yourself to think like a hacker and minimize the ammunition you give them.

2. Use Strong Spam Filters

An effective email filtering system is a top method to shield employees from encountering phishing emails. Products like MimeCast and SpamBully provide solutions that filter these emails.

Preventing criminals from emailing your employees reduces the chance of them stealing account information and lowers the risk of fraud.

3. Try To Hack Your Employees

Many businesses are hiring companies to perform phishing tests. They create a phishing email, send it to your staff, and see who falls for it. These tests raise employee awareness and help them avoid repeating the same mistake.

You can also perform your own tests with products like CoFense and Sophos. They imitate real phishing attacks and provide analytics and reporting to find weaknesses.  

We recommend Google‘s phishing test if you’re looking for a free solution. It provides a great set of emails that show how to identify phishing emails.

A screenshot of Google's Phishing test.

3. Real-time system monitoring

Perimeter security—such as a firewall, web-content filtering, malware protection, and geolocation blocking—helps keep your organization's network threat-free.

By monitoring all web activity that enters and exits the network, perimeter security identifies unusual patterns or abnormal behavior and takes action to stop it.

4. Secure Your Accounts with Two-Factor Authentication

Two-factor authentication (2FA) is another way to secure accounts. 2FA requires account owners to enter both a password and an additional piece of information, like a unique code, to log in. Even if a hacker knows an account’s username and password, they can’t log in without the third authentication detail.  

Most social networks and email providers make it easy to turn on 2FA. Google Account, Facebook, LinkedIn, and Instagram all allow users to turn on 2FA using a variety of methods, including SMS, call verification, security keys, prompts, and third-party apps.

One final step is to educate your customers and referral partners about the benefits of 2FA.

Always verify identities

A laptop with a warning sign on top of the keys.

We can’t take anyone’s identity for granted when wiring money. Scammers thrive on exploiting trusted relationships and target people who don’t use identity verification methods. But if identities are confirmed properly, trust is never breached and fraud never occurs.

There are practical ways to confirm identities and educate your employees, referral partners, and customers on the importance of identity verification. 

Gather and Share Contact Information Early In The Transaction Cycle

Title companies, escrow providers, financial institutions, attorneys, and real estate agents must work together to gather and share transaction participants’ identity information securely. The earlier this occurs, the better protected buyers and sellers will be. 

Gathering data early gives more time to create trusted communication pathways before the closing date. Agents have time to securely store the contact information and educate buyers on the risk of wire fraud. Everyone is better off, and the real estate transaction can run as safely as possible.

Have a Process For Sending and Receiving Wire Transfers

A well-defined internal process for receiving and sending wire transfers provides consistency and allows employees to spot behavior that could be fraudulent.

Proper education and clear instructions for customers can save them from losing their life savings. Most people are not familiar with wiring funds because they only do it during a real estate transaction. Transaction instructions should include how you will share wiring instructions and who is authorized to give wiring details. 

Educate Customers and Staff About What a Scam Looks Like

Ensure that everyone in your organization and your customers know how to spot cybercrime. Here are some common red flags to look out for in phishing emails: 

  • Grammatical errors and strange word choices: Fraudsters will often make basic grammatical errors, such as not capitalizing proper nouns, not using the correct tense, or misspelling words. They will also commonly choose words that sound unnatural. They may be overly formal, generic, or robotic sounding. Wire transactions are a formal process, and legitimate communications surrounding them will reflect that.      
  • Urgent requests: Another common red flag is when emails have a heightened sense of urgency. Fraudsters may ask you to immediately confirm when the wire transfer has been sent. Trusted lenders and title agencies won’t ask you to confirm the release of a wire transfer the minute it takes place.
  • Last-minute changes: Wire instructions rarely change during the transaction. It’s possible a third confirmation will have to take place before funds are transferred, but trusted parties won’t switch wiring instructions and details in the middle of a transaction.

Authenticate Wiring Details and Identity

Whether you validate transfers over the phone, in person, or using software like CertifID, you need a proven way to authenticate wiring details and identities. Using these precautions will stop fraudsters in their tracks. 

Real Estate Wire Fraud is Preventable

With these strategies, your organization will be protected from wire fraud, benefiting you, your employees, and your clients.

Learn more about what steps to take if you fall victim to wire fraud.

Frequently Asked Questions

What specific steps can individuals take if they fall victim to wire fraud?

If you fall victim to wire fraud, take these four actions:
1. Immediately contact your bank.
2. Inform the police about the incident.
3. Consider reaching out to the FBI if you are in the US.
4. Additionally, notify any other parties involved in the transaction or your business about the situation.

Also, consider reporting the fraud to the FTC for help and to prevent future scams. For more, read our blog post

How effective are different two-factor authentication (2FA) methods, and which ones are recommended for the best security?

Generally, not all 2FA methods offer the same level of security. For instance, SMS and call verification are less secure due to vulnerabilities like SIM swapping attacks. More secure methods include the use of authenticator apps (such as Google Authenticator or Authy) that generate time-based one-time passwords (TOTPs), or even more securely, the use of physical security keys that adhere to the Universal 2nd Factor (U2F) or FIDO2 standards. These keys provide robust protection against phishing and account takeover attacks.

Tom Cronkright

Co-founder & Executive Chairman

Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.

Wire fraud is a growing problem for real estate professionals and consumers alike. Fraudsters stole $446 million via business email compromise in the real estate nexus in 2023 (FBI IC3). While there's no silver bullet solution, you can better protect yourself and limit its impact by educating customers and adopting preventative measures. This requires a layered approach with four key practices:

  1. Teach workers and people involved in transactions about wire transfer fraud, signs to look for, and ways to stop it;
  2. Institute preventive measures such as limiting publicly available information, using strong spam filters and perimeter security, and setting up two-factor authentication; 
  3. Set up stringent and secure identity verification practices for employees and transaction participants; and 
  4. Ensure you share uncompromised wire instructions and contact details with the person receiving funds.

However, even with the best security protocols, fraud can happen. We'll teach you the right strategies to prevent wire fraud from ruining your business.

How real estate wire fraud works

Most commonly, we’ve seen that fraudsters will: 

  • Target anyone involved in the transaction using publicly available information; 
  • Target participants with spear-phishing emails to gather email account details;
  • Obtain account access to get private details about a transaction and the participants involved;
  • Use the compromised email address or a spoofed address to send emails containing fake wiring instructions; and
  • Wire to other bank accounts or withdraw the cash once the money is in the fraudster’s account.

Armed with the right information and access, fraudsters can easy take advantage of a transaction. In the age of social media, where information is actively shared, that makes it easy.

You should set up measures to limit their access to your PPI (private personal information). Let's explore a few ways to ensure your information can't be used against you.

How to stop fraudsters from accessing sensitive information

A woman securing her phone with a passcode.

Fraudsters will exhaust every available resource to gain leverage against you. Here are a few tactics to help limit their access.

1. Limit Publicly Available Information

Though running a business requires that certain information be public, you can protect sensitive data by:

  • Updating your privacy settings on social media accounts so that sensitive information isn’t public;
  • Removing your email address and phone number on social media accounts; and
  • Googling yourself and your employees to see what information you find and removing anything that could be compromising.

Train your employees and yourself to think like a hacker and minimize the ammunition you give them.

2. Use Strong Spam Filters

An effective email filtering system is a top method to shield employees from encountering phishing emails. Products like MimeCast and SpamBully provide solutions that filter these emails.

Preventing criminals from emailing your employees reduces the chance of them stealing account information and lowers the risk of fraud.

3. Try To Hack Your Employees

Many businesses are hiring companies to perform phishing tests. They create a phishing email, send it to your staff, and see who falls for it. These tests raise employee awareness and help them avoid repeating the same mistake.

You can also perform your own tests with products like CoFense and Sophos. They imitate real phishing attacks and provide analytics and reporting to find weaknesses.  

We recommend Google‘s phishing test if you’re looking for a free solution. It provides a great set of emails that show how to identify phishing emails.

A screenshot of Google's Phishing test.

3. Real-time system monitoring

Perimeter security—such as a firewall, web-content filtering, malware protection, and geolocation blocking—helps keep your organization's network threat-free.

By monitoring all web activity that enters and exits the network, perimeter security identifies unusual patterns or abnormal behavior and takes action to stop it.

4. Secure Your Accounts with Two-Factor Authentication

Two-factor authentication (2FA) is another way to secure accounts. 2FA requires account owners to enter both a password and an additional piece of information, like a unique code, to log in. Even if a hacker knows an account’s username and password, they can’t log in without the third authentication detail.  

Most social networks and email providers make it easy to turn on 2FA. Google Account, Facebook, LinkedIn, and Instagram all allow users to turn on 2FA using a variety of methods, including SMS, call verification, security keys, prompts, and third-party apps.

One final step is to educate your customers and referral partners about the benefits of 2FA.

Always verify identities

A laptop with a warning sign on top of the keys.

We can’t take anyone’s identity for granted when wiring money. Scammers thrive on exploiting trusted relationships and target people who don’t use identity verification methods. But if identities are confirmed properly, trust is never breached and fraud never occurs.

There are practical ways to confirm identities and educate your employees, referral partners, and customers on the importance of identity verification. 

Gather and Share Contact Information Early In The Transaction Cycle

Title companies, escrow providers, financial institutions, attorneys, and real estate agents must work together to gather and share transaction participants’ identity information securely. The earlier this occurs, the better protected buyers and sellers will be. 

Gathering data early gives more time to create trusted communication pathways before the closing date. Agents have time to securely store the contact information and educate buyers on the risk of wire fraud. Everyone is better off, and the real estate transaction can run as safely as possible.

Have a Process For Sending and Receiving Wire Transfers

A well-defined internal process for receiving and sending wire transfers provides consistency and allows employees to spot behavior that could be fraudulent.

Proper education and clear instructions for customers can save them from losing their life savings. Most people are not familiar with wiring funds because they only do it during a real estate transaction. Transaction instructions should include how you will share wiring instructions and who is authorized to give wiring details. 

Educate Customers and Staff About What a Scam Looks Like

Ensure that everyone in your organization and your customers know how to spot cybercrime. Here are some common red flags to look out for in phishing emails: 

  • Grammatical errors and strange word choices: Fraudsters will often make basic grammatical errors, such as not capitalizing proper nouns, not using the correct tense, or misspelling words. They will also commonly choose words that sound unnatural. They may be overly formal, generic, or robotic sounding. Wire transactions are a formal process, and legitimate communications surrounding them will reflect that.      
  • Urgent requests: Another common red flag is when emails have a heightened sense of urgency. Fraudsters may ask you to immediately confirm when the wire transfer has been sent. Trusted lenders and title agencies won’t ask you to confirm the release of a wire transfer the minute it takes place.
  • Last-minute changes: Wire instructions rarely change during the transaction. It’s possible a third confirmation will have to take place before funds are transferred, but trusted parties won’t switch wiring instructions and details in the middle of a transaction.

Authenticate Wiring Details and Identity

Whether you validate transfers over the phone, in person, or using software like CertifID, you need a proven way to authenticate wiring details and identities. Using these precautions will stop fraudsters in their tracks. 

Real Estate Wire Fraud is Preventable

With these strategies, your organization will be protected from wire fraud, benefiting you, your employees, and your clients.

Learn more about what steps to take if you fall victim to wire fraud.

Frequently Asked Questions

What specific steps can individuals take if they fall victim to wire fraud?

If you fall victim to wire fraud, take these four actions:
1. Immediately contact your bank.
2. Inform the police about the incident.
3. Consider reaching out to the FBI if you are in the US.
4. Additionally, notify any other parties involved in the transaction or your business about the situation.

Also, consider reporting the fraud to the FTC for help and to prevent future scams. For more, read our blog post

How effective are different two-factor authentication (2FA) methods, and which ones are recommended for the best security?

Generally, not all 2FA methods offer the same level of security. For instance, SMS and call verification are less secure due to vulnerabilities like SIM swapping attacks. More secure methods include the use of authenticator apps (such as Google Authenticator or Authy) that generate time-based one-time passwords (TOTPs), or even more securely, the use of physical security keys that adhere to the Universal 2nd Factor (U2F) or FIDO2 standards. These keys provide robust protection against phishing and account takeover attacks.

Tom Cronkright

Co-founder & Executive Chairman

Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.

Getting started with CertifID is easy.

Request a Demo