Real Estate Wire Fraud at All-Time High — Buyers Losing Entire Down Payments to Fake Wiring Instructions
The FBI’s IC3 reported that real estate wire fraud losses hit a record $446 million in Q1 2026. Attackers compromise real estate agent or title company email accounts and intercept closing communications, substituting fraudulent wiring instructions. One wrong wire transfer can cost a buyer their entire down payment with no recourse.
How Real Estate Wire Fraud Works
Real estate wire fraud, also called Business Email Compromise (BEC) targeting real estate transactions, follows a consistent pattern. Attackers first compromise the email account of a real estate agent, title company employee, or mortgage lender — typically through phishing or credential stuffing. They then monitor the compromised inbox silently for weeks, reading transaction communications to understand the timeline and parties involved. Shortly before closing, when the buyer is expecting wiring instructions, the attacker sends an email from the compromised account (or a convincing lookalike) with fraudulent wiring instructions directing the buyer to send their down payment to an attacker-controlled account. By the time the fraud is discovered, the money has been moved through multiple accounts and is typically unrecoverable.
The Scale of the Problem in 2026
The FBI’s Internet Crime Complaint Center (IC3) reported that real estate wire fraud losses reached $446 million in Q1 2026 alone — a 34% increase over Q1 2025. The average loss per victim was $178,000, representing the entire down payment for many buyers. Texas consistently ranks among the top five states for real estate wire fraud losses, with the San Antonio and Austin metro areas seeing significant activity. The FBI notes that less than 10% of wire fraud losses are recovered, as funds are typically moved internationally within hours of the fraudulent transfer.
Protecting Your Real Estate Business
Real estate professionals have both a business interest and an ethical obligation to protect their clients from wire fraud. Implement the following practices immediately: Enable MFA on all email accounts — this is the single most effective control against email account compromise. Establish a firm policy that wiring instructions will never be sent or changed via email alone — all wiring instructions must be verbally confirmed by phone using a number from the official company website. Use a secure transaction management platform with built-in fraud prevention rather than email for sensitive document exchange. Train all staff to recognize the signs of a compromised email account, including unusual login times, forwarding rules, or changes to email signatures.
What to Tell Your Clients
Every buyer should be educated about wire fraud at the start of the transaction, not just at closing. Provide clients with a written notice explaining that wiring instructions will never be changed via email, that they should always call the title company at a number from the official website to verify instructions before wiring any funds, and that they should be suspicious of any last-minute changes to wiring instructions. This education should be documented in the transaction file. If a client does fall victim to wire fraud, they should immediately call their bank to attempt a wire recall, contact the FBI’s IC3 at ic3.gov, and file a report with local law enforcement.
- Always verify wiring instructions by calling the title company at a number from their official website — never use contact info from an email
- Implement a policy: wiring instructions will NEVER be sent or changed via email alone
- Enable MFA on all real estate agent and title company email accounts immediately
- Train all staff to recognize the signs of a compromised email account sending fraudulent instructions
- Buyers should be educated at the start of every transaction about wire fraud risks
Need Help With This Threat?
Our San Antonio security team can assess your exposure, apply patches, and protect your business before attackers strike.
Stay ahead of the next threat
Get weekly security alerts — breaches, patch updates, compliance news, and threat intel — delivered free to your inbox every week.