Sign Up for Updates


Not all real estate transactions look the same but, in many cases, you may find upwards of ten people working together on the same deal. The sheer number of parties involved—attorneys, lenders, agents, title companies, sellers, and buyers, combined—make real estate transactions all-the-more vulnerable to attack.

These parties come together to form a chain which, like any chain, is only as strong as its weakest link. If even one person unknowingly falls for a bad actor’s trick, the entire transaction could be at risk.

According to the FBI, in 2020, Email Account Compromise, or EAC, ranked as the number one reported type of real estate fraud. 1 In EAC schemes, bad actors insert themselves into an email conversation between a client and their real estate professional to initiate wire fraud. The bad actor poses as the real estate professional and sends an email to the unsuspecting buyer. This is called spoofing. The spoof email includes new wire instructions that route the funds to the bad actor’s bank account.

Unfortunately, according to Proofpoint, one in four people do not realize that emails can be spoofed. 2 Spoofed emails can result in non-public information being exposed or, worse, changed wire instructions. If undetected, unwitting customers can send their down payment straight into the hands of a fraudster.

Protecting Your Clients

A Close Call

Many real estate professionals know the horror of wire fraud firsthand. In a daunting statistic, the American Land Title Association (ALTA) reported that fraudsters attempted to intercept funds in one-third of all 2020 real estate transactions.

When Brian Jensen checked his email on November 4th, he immediately sensed that something was amiss. In his inbox, Brian found two emails from the same person, Mary Michaels; but, these two emails contained conflicting information.

In the first email, Mary, his First American escrow officer, confirmed the down payment Brian would need to wire to close on his new home—$166,812.74. Mary then asked Brian to call her office and verify wiring instructions before initiating the wire.

In the second email, Mary again asked Brian to wire $166,812.74 but she informed him that, due to a recent audit, Brian needed to wire payment to a new, different bank account. This time, Mary did not ask Brian to call before initiating the wire.

From his conversations with Mary, Brian knew that First American’s wiring instructions should never change, especially not at the last minute. Brian picked up his phone, searched for Mary’s contact, and called her office to get to the bottom of things.

It is not all bad news, though. ALTA went on to report that homebuyers and real estate professionals were able to spot and stop over 90% of these attempts. Brian Jensen was one of these homebuyers. He and his family were days away from closing on their dream home when a fraudster’s scheme could have cost them everything.

A Close Call

What happened here? Most likely, the fraudster gained access to just one person’s email account. They silently watched emails sent and received, learning the details of the Jensens’ transaction. Once they knew enough, they sent an email to Brian Jensen, spoofing his First American escrow officer. According to Mary Michaels and her team:

Brian was surprisingly calm when he called our office. He had received an email from Mary, but the wiring instructions differed from those we previously discussed. When he forwarded the suspicious email to us, we immediately saw the spoof: the fraudster copied our email addresses but changed to

The email looked real, using Mary’s name, photo, and email signature. The only difference was a few letters in the email address.

Communication is Key

Because Mary and her team proactively discussed wire fraud red flags with Brian, he knew what to look out for and spotted the suspicious email.

As a real estate professional, you have a responsibility to your clients. You must not only watch for fraud yourselves, but you must also teach your clients to spot the signs, as the reality is you may not be privy to the emails where the bad actor inserts themself. 3

Communication is Key
  • Keep cybersecurity top of mind.

    Most real estate professionals discuss the importance of hypervigilance with their clients, but their clients may forget as most are infrequently involved in real estate transactions. It is important to combat this forgetfulness and ensure that cybersecurity remains a priority for your clients. From the very start, educate your clients on wire fraud red flags and keep the conversation going throughout the transaction. Remind your clients to be wary of changing wire instructions and to always report anything suspicious.

  • Establish secure methods for communication.

    Ensure your clients know how to reach you and establish protocols for sharing confidential information and transferring money. When communicating, remind your clients to use independently verified contact information. Bad actors’ schemes often rely on tricking your clients by spoofing your email account or phone number.

  • Stay vigilant when transferring money.

    When wiring money, the person initiating the wire should pick up the telephone and call the intended recipient of the wired funds immediately prior to sending the funds to verify the wiring instructions. Ensure that your clients call the intended recipient at a verified number; otherwise, it could be the bad actor on the other end of the line.

  • Consider data security.

    Most real estate businesses store sensitive, personal information about their clients. While this information is necessary for a smooth transaction, it also means that you could be holding information that is valuable to bad actors. To help protect your clients, avoid storing their personally identifiable information, or PII, any longer than necessary. If you are sharing this information with others, ensure that you are sharing it securely and only with the appropriate parties. For more information, review the National Association of Realtor’s Data Security and Privacy Toolkit.

  • Ensure your clients know how to report fraud.

    If your client has even the smallest suspicion of fraud, encourage them to speak up, whether to you or an official organization. This may seem paranoid, but the majority of cyberattacks go undetected and unreported. 4 The smallest indicator, a single character missing from an email address, could be the difference between a new home and financial devastation.

  • Monitor your accounts thoroughly.

    Unfortunately, bad actors know that compromising your email account—whether through phishing or guessing your password—is an easy way to uncover the details of your client’s transaction. Visit our Tips for Your Technical Team to learn more about the settings you can enable for heightened email account security.

Secure Communication
with First American

At First American, IgniteRE is our mobile-friendly technology platform that enhances the residential real estate transaction experience for real estate professionals, buyers, and sellers. Within IgniteRE, Transactions is a secure portal to send and receive important messages. Contact your First American representative for more information about our secure communication channels.

ALTA Wire Fraud Tips Video

Communication Tips
for Your Clients

Discuss these tips from ALTA with your clients to ensure they know how to protect themselves from email and phone scams. (Opens ALTA video in new window on YouTube)

Email Security Tips

The following security tips can help you identify a compromised email account and prevent further exploitation.

Protect Your Email Account

  • Change your password often. Make it complex and avoid using personal information.
  • Enable two-factor authentication for account access. A quick Internet search will show how to set this up for most major email providers.
  • Maintain and routinely update an anti-virus/malware program.
  • Scrutinize email content and avoid anything that looks suspicious.
  • Before you click, hover your cursor over the sender’s email address along with any URLs in the message to be sure they are legitimate.
  • If you suspect the “From” address is fraudulent, you can check it with a header analyzer such as this one from Google.
  • Review your account activity records for suspicious logins.
  • Periodically check your Sent folder to be sure emails aren’t being sent or forwarded without your knowledge.
  • Periodically check your email configuration to ensure automatic forwarding has not been enabled without your knowledge. A quick Internet search will show how to configure forwarding for most major email providers.

Watch out for:
Email Forwarding Rules

A top trick bad actors use is email forwarding: once inside your account, the bad actor will set up forwarding or other rules so they can monitor your account without staying logged in. This allows them to silently watch your transaction until the right moment for their attack.

Indicators That An Email Account Has Been Compromised

  • You are unable to login, indicating password has been changed.
  • Activity records show suspicious login times or unknown locations.
  • Account configuration is set to forward emails to an unknown address.
  • Friends and/or colleagues are receiving “spam” messages from your account.
  • You receive replies to emails you did not send.

Tips To Recover A Compromised Email Account

  • Change your password immediately.
  • If possible, make the account disconnect or sign out of other web sessions.
  • Check the message forwarding settings to ensure hackers are not being forwarded the incoming emails.
  • Report it to the account provider, such as your organization’s technical team or platform provider.
For Your Clients Safety

When Working with Us: For Your Clients’ Safety

First American will never ask you for passwords or your clients’ financial information via email. If you or your clients receive any email requests or instructions to change payments or wire instructions, please contact your First American representative directly.

Unfortunately, there is no guaranteed protection against cybercrime. The above tips can help reduce your risk of cyberattack, but this is not an exhaustive list of all cybersecurity best practices. Please remain vigilant and, for more information, review the references below.

Get CyberSmart

Sign up for Security and Privacy Insights.

Report Suspicious Activity

If you are a current First American customer, please report any suspicious activity directly to your First American representative through an independently verified telephone number.

If you are not a current customer, be cautious of:

  • Phishing emails or websites spoofing First American.
  • Unexpected phone calls from someone claiming to be a First American employee.
  • Questionable text messages about your First American account or activity.

If you encounter any of the above, please send us an email at so we can help you verify the message or website.

Nothing is too trivial to report. If you have any doubt about the legitimacy of a message from us, please report it.