top of page

The Latest Evolution of Real Estate Wire Fraud

Most articles about real estate fraud have focused on the same scenario: hackers breaking into professionals’ email accounts to learn about upcoming transactions, then emailing the buyer to wire money to the hacker’s account. In reality, there are many other ways hackers insert themselves into communications, such as tricking the real estate professional into installing malicious software on their computer or phone, or changing escrow instructions (or other disbursements) at the office of the real estate professional via email. Hacking can also be done by less sophisticated methods, including phone, fax or inter-office memo. The latest evolution of the scam, however, is truly insidious.

1. A hacker obtains a REALTOR®’s transaction management/e-signature system login credentials by using a phishing email that looks like it’s from the transaction management system.

a. The user first types their credentials into the fake transaction management website, then are forwarded to the real one where their credentials work. They never even notice they’ve been phished. They just think they mistyped a password the first time.

2. The hacker logs into the transaction system to identify target transactions and collect information to fool participants.

3. If the agent uses the same credentials for both email and the transaction system, the hacker now has access to the agent’s email.

a. The hacker may set up an email-filtering rule so emails from the client “skip the inbox” and go right to the hacker.

b. Emails to clients can now be sent from the agent’s real email address. It’s not a spoofed email (which only looks like it’s from the agent’s account).

c. Changing their email password may help, but at this point, the hacker only needs to spoof future emails—and unless the agent notices the filtering rule, the hacker still has access to those email conversations.

4. Because the hacker has information about the mortgage and title company from the transaction system, they can spoof an email from those parties, too. When a client receives a (spoofed) email from multiple parties that confirm each other’s message, they’re more likely to trust each of those emails.

5. From that point, it’s a typical wire fraud scenario: At the appropriate time, the client is told to wire funds to an account the hacker has access to.

This is only one variation of many that Clareity has seen “in the wild.”

Clareity Consulting has written a paper that more thoroughly explains the wire fraud issue and provides concrete guidance on how to reduce the risk. It includes examples of steps taken by franchises, brokers, title companies and attorneys, as well as a draft company policy focusing on wire fraud. Download the paper by visiting

Matt Cohen is chief technology officer at Clareity Consulting.

For more information, please visit

Recent Posts


Follow Us

  • Grey Facebook Icon
  • Grey Twitter Icon
  • Grey LinkedIn Icon
bottom of page