You lost $12 million. But you did everything by the book, right? Your client was refinancing its existing debt on a retail shopping center. You reviewed the title commitment. You noted that the existing $12 million mortgage needed to be paid off. You obtained payoff instructions from the bank with the wire instructions for the payoff. You called the bank and verified the wire instructions over the phone with a known contact at the bank. Your client emailed you the day before closing with a few minor revisions to the closing documents. Your client emailed you later in the day to remind you to send the $12 million by 2 p.m. on the day of closing. Your client attached the payoff wire instructions and instructed you to use these new wire instructions because, according to your client, “the payee bank had recently changed its instructions for payoffs.” You dutifully followed your client’s instructions. But when you wired the $12 million payoff, it was sent to a fraudster.
This scenario, unfortunately, is becoming more common and impacting well-trained attorneys and title companies. In the above scenario, despite appearances, the email was not from the client. It was from a cybercriminal who found a way to infiltrate your client’s email account, monitored exchanges regarding the upcoming transaction, and impersonated your client on the day prior to closing (and with frightening accuracy, at that).
Wire transfer fraud is increasing at an alarming rate. According to the FBI’s newly released 2024 Internet Crime Report, business email compromise (BEC) is a sophisticated scam through which cybercriminals target businesses or individuals working with businesses that routinely perform wire transfers. In 2024, the FBI reported that BEC scams totaled $2.7 billion in losses. Now consider that this figure accounts only for reported losses.
Fraudsters improve every day. Primarily, they find ways to compromise email accounts or other forms of communication, like phone numbers or virtual meeting applications. But they also exploit individuals through social engineering techniques; for example, they ask the person to perform an action (i.e., “click this link”) or otherwise coerce him/her to divulge private information, including passwords or authentication credentials.
In an interview with The Harvard Gazette, cybersecurity expert Bruce Schneier explained that it’s not just older adults falling victim to these cons. No matter your age, income level, education, and/or IQ, everyone is susceptible to scams. And, what’s more, technology allows cybercriminals to scale at a much faster rate.
Real estate attorneys handling high dollar closing transactions are prime targets for BEC scams. As a result, attorneys should change their outlook — stop thinking that wire transfer fraud will never happen to you and, instead, anticipate it!
Wire fraud can devastate attorneys and their clients: It not only victimizes two businesses, the one expecting payment and the one making it, but also potentially exposes the attorney to legal liability. In the case of our real-life scenario, that’s a $12 million mistake—at least.
Fraudsters are not going away. And as long as they exist, the digital world (in particular) will remain a vulnerable and dangerous space in which to conduct business. If it hasn’t yet, wire transfer fraud — or an attempt at it — will affect you and your clients.
There is no foolproof way to protect yourself, but you can take precautionary measures to lessen your chances of being duped. The FBI advises that before you click a link or make a payment, check email addresses and phone numbers to ensure that they are correct. Further, call a known contact and phone number at the payee institution to ensure that the email with any new wire instructions is authentic, and then wait to verify that the money arrives in the intended recipient’s account.
Specifically, as it relates to real estate transactions, last-minute changes to payment or wire instructions can be a telltale sign of fraud. If your client or vendor changes wire instructions during a transaction, alarm bells should go off in your head. Further, be wary of messages from your client’s email address that come across as too urgent, even if they lack typos or inconsistencies. Finally, trust your instincts and communicate over the phone with your client throughout the course of the transaction, and especially on the days leading up to the closing. Don’t merely rely on emails.
Steven C. Serio is a partner at Fishman Haygood, LLP where he practices in all aspects of real estate development for a diverse group of business clients. He may be reached via email at sserio@fishmanhaygood.com.
