Ask the Underwriter: What are some practical steps to reduce the risk of wire fraud in my real estate closing practice?

Wire fraud isn’t “if” for closings – it’s “when.” Real estate closings are a perfect storm – big dollar amounts, tight deadlines, multiple parties, and a steady stream of emails and PDFs flying back and forth. That is why wire fraud – often driven by Business Email Compromise (“BEC”) – has become an ever-present risk for Alabama and Tennessee lawyers handling funds. 

The FBI’s Internet Crime Complaint Center (“IC3”) reported 21,489 BEC complaints with adjusted losses over $2.9 billion in 2023. Even when the theft is not “your” fault, clients and counterparties often look first to the closing lawyer for answers, and recovery windows close fast.

How the Scam Actually Works

Most wire fraud losses do not start with Hollywood-level hacking. They start with social engineering – someone gains access to or convincingly impersonates an email account used in the transaction and waits for the right moment. The scammer compromises or spoofs an email account, watches the deal progress, then sends “updated” wiring instructions that look authentic. The timing is intentional – right before closing, when everyone is moving quickly and least likely to slow down to verify.

Common Red Flags Include:

• “Updated” or “corrected” wiring instructions, especially late in the process

• Subtle domain changes (e.g., “.co” instead of “.com”)

• Requests to “keep this confidential” or bypass normal steps

• A new phone number inserted into the email thread for “verification”

This is Not Just a Client Problem – It Can Become an Ethics and Liability Problem

Even if the criminal is the wrongdoer, the lawyer’s process is what gets scrutinized. Disciplinary history in Alabama includes at least one matter where an attorney received a private reprimand for violating Rule 1.1 (Competence) and Rule 1.15 (Safekeeping Property) after a client’s email was spoofed and the attorney unknowingly released funds to a fraudulent account. In wire fraud scenarios, “We didn’t know” often gets followed by, “What verification steps did you have and did you follow them every time?”

The Anti-Wire Fraud Protocol Every Closing Practice Should Have and Follow

At its core, your protocol should reduce reliance on email, verify out-of-band communications, and document the verification. 

A baseline might look like this:

1. Never rely on emailed wire instructions even if they look right. Email is where BEC lives. IC3 specifically recommends verification procedures outside of email communication, including calls to a known, verified number – not the number provided in the email.

2.  Build a “known numbers only” verification step. Use phone numbers collected at intake, from prior known contacts, or from trusted public sources. Do not accept last minute “here’s my cell” changes by email.

3.  Treat any change as hostile until proven otherwise. Even “small” edits (bank name, routing number, beneficiary, etc.) should trigger a re-verification. 

4.  Add friction on purpose. Dual approvals for outgoing wires. Mandatory call-back scripts. A checklist that must be initialed.

5.  Train staff and standardize scripts. The best protocol fails if the newest team member is embarrassed to “slow the deal down.”

Where Technology Can Help: Closinglock and CertifID

Protocols and training are essential – but firms are adding specialized platforms like Closinglock and CertifID to remove wire instructions from email and add structured verification and proof. 

Closinglock helps firms move the most targeted parts of the closing – wiring instructions and sensitive communications – out of standard email and into a secure, purpose-built portal. CertifID combines bank account verification workflows with insurance options and recovery support – aimed at reducing the likelihood of a fraudulent wire and improving outcomes if something goes wrong. 

It is important to note that tools like Closinglock and CertifID are risk controls, not magic shields. Firms should still do vendor diligence, understand coverage terms, and integrate the platform into a written procedure with no “optional” use. 

If It Happens: The First Hour Matters

Treat suspected wire fraud like a fire drill:

• Call the bank’s wire/fraud team immediately.

• Notify the receiving bank (if known).

• Report to IC3 as quickly as possible. Rapid reporting can help freeze and return funds in real estate BEC situations.

• Preserve evidence (emails, headers, wiring details, call logs, portal logs). 

• Notify your professional liability and cyber liability carriers IMMEDIATELY per policy conditions.