Real Estate Wire Fraud
Scammers intercept property sale communications and substitute fake wiring instructions to divert closing funds.
Last reviewed: 1 June 2026
What this scam is
Real estate wire fraud is one of the most financially devastating scams targeting individuals because the amounts involved — the cost of a home purchase or the proceeds of a sale — are typically among the largest transactions most people will ever make. The scam works by compromising the email communications surrounding a property sale and substituting fraudulent wiring instructions at the critical moment when funds are about to be transferred.
The mechanism is known as business email compromise (BEC) applied to real estate. Someone — typically the buyer, but sometimes the seller or a third party in the chain — receives an email appearing to come from their solicitor, conveyancer, escrow company, or settlement agent, providing wiring instructions for transferring funds. The instructions look professional and plausible. But the email came from a scammer who has been monitoring the transaction, and the account number given is controlled by the scammer, not the intended recipient.
Once a wire transfer is sent to the wrong account, the funds move quickly through a series of accounts — often across multiple countries — and recovering them becomes extremely difficult. Even with immediate action, recovery is not guaranteed. Many victims lose their entire down payment or the full proceeds of a home sale.
The scam targets buyers, sellers, real estate agents, solicitors, and settlement companies alike. Anyone in the email chain whose account is compromised can be the vector through which fraudulent instructions are introduced. Buyers are particularly vulnerable because they may not have a strong prior relationship with the parties they are communicating with and may not immediately notice if communication style or email details change.
How it works
The attack begins with the compromise of an email account belonging to one of the parties in the transaction — most commonly the buyer's or seller's email, the real estate agent's, or the solicitor or escrow company's. The compromise may happen through phishing, through credential theft in a broader data breach, or through other means.
The scammer then monitors the email thread silently — watching the transaction progress, learning the names and roles of all parties, noting the expected timeline for fund transfer and the approximate amounts involved. They wait for the moment just before funds are expected to move.
At the appropriate time, they send an email — either from the compromised account or from a very similar-looking address — to the buyer or other party who will be sending money. This email provides updated wiring instructions, citing a reason: the firm has changed banks, there is a new escrow account for security purposes, the previous details had an error. The message looks authoritative, uses the correct names and transaction details, and often requests confirmation that the wire was sent.
The victim, trusting the email because it appears to come from their trusted adviser, transfers the funds according to the fraudulent instructions. The money arrives in a scammer-controlled account and is moved rapidly to prevent recovery.
The fraud is often not discovered until the genuine settlement agent follows up to confirm payment was received — at which point the funds are already gone.
Why this scam works
This scam succeeds because the conditions of a property transaction create natural trust in email communication from legal and financial professionals. Buyers expect their solicitor or escrow company to provide wiring instructions by email. There is no unusual behaviour to question — receiving instructions this way is entirely normal.
The scammer's preparation makes the email compelling. They know the real names, transaction details, expected amounts, and timing. The only wrong thing is the account number — and there is no reason for most buyers to verify a bank account number through a separate channel before sending a large transfer.
A typical pattern
A buyer is completing on a property purchase. The week before completion, they receive an email that appears to come from their solicitor updating the bank details for the deposit transfer, citing a system migration at the firm. The email is professionally worded and uses the correct transaction references. The buyer transfers the funds. On completion day, the solicitor calls to advise the funds have not arrived. The buyer checks their transaction history and sees the funds were sent to a different account. By the time the fraud is identified, the funds have been moved through multiple accounts and recovery is only partial.
Common red flags
- Wiring instructions sent by email from a party you have not spoken to by phone
- Change in bank account details at any point during the transaction
- Email that cites urgency — wire today, completion at risk
- Sender email address differs slightly from previous correspondence
- Instructions provided in an email that did not follow any prior verbal discussion
- Request to keep the updated instructions confidential
- Email confirms the new details are 'for security purposes' or due to a system change
- Pressure to confirm via email reply rather than a phone call
- New contact name or slightly different firm name than previous correspondence
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Please note our banking details have changed for this transaction. Please use the following account for your transfer: [account details].
For security, we have moved completion funds to a new escrow account. Updated wiring instructions are below — please wire by [date].
Our accounts team has updated the payment details due to a system migration. The new details are [account details] — please confirm receipt of this email.
Final reminder: funds must be received by [date] to avoid delaying completion. Please use these updated instructions: [account details].
Due to a banking issue earlier this week, please disregard previous account details and use the following: [account details].
The previous sort code was incorrect — please use these corrected details for the transfer: [account details]. Please confirm by reply.
Common variations
- Buyer deposit fraud — down payment diverted at the point of transfer
- Seller proceeds fraud — sale proceeds redirected away from seller's account
- Solicitor BEC — solicitor's email compromised and used to issue fraudulent instructions
- Agent email compromise — real estate agent's account used as the vector
- Lookalike domain — email sent from near-identical domain (e.g. 'solicitors.co.uk' vs 'so1icitors.co.uk')
- Mid-transaction account change — instructions that change only the account number partway through a recognised transaction
How to verify before you act
This is the most critical guidance in this entire file: always verify wiring instructions by calling a known, independently confirmed telephone number before sending any funds — no matter how legitimate the email appears.
Do not use a phone number provided in the same email as the wiring instructions. Find the number independently: from previous correspondence before the transaction began, from the firm's official website, or from a business card received at a physical meeting. Call and confirm the exact wiring details verbally with a named person you recognise before initiating any transfer.
If the wiring instructions change at any point in the transaction — even slightly — treat this as a red flag and verify by phone immediately before acting.
Be suspicious of any urgency: 'Wire today or the completion cannot proceed' is a common pressure tactic used by scammers who know the window for discovery is narrow.
Do not confirm instructions only by reply email — the compromised mailbox will simply confirm whatever the scammer has sent. The verification must happen out-of-band: by telephone.
Payment methods used
- Bank/wire transfer
Who is usually targeted
- Property buyers transferring deposits or completion funds
- Sellers receiving sale proceeds
- Real estate agents and solicitors whose email has been compromised
What to do immediately
- If funds have been sent to the wrong account, contact your bank immediately — within hours — to request a recall
- Alert your solicitor, agent, and escrow company by phone that a fraud may have occurred
- Report to your national fraud authority and to your bank's fraud team as a priority
- Preserve all emails in their original form — do not delete anything
- Contact law enforcement — real estate wire fraud is a serious criminal matter
- Notify all parties in the transaction so they can check for further compromise in their own accounts
- If the property completion is affected, your solicitor can advise on next steps and any obligations to the seller
How to prevent it
- Always verify wiring instructions by calling a known independent phone number before transferring any funds — this is the single most important step
- Establish a verbal verification protocol with your solicitor or agent at the outset of the transaction
- Treat any change in wiring details as a fraud alert until confirmed by phone through a number you sourced independently
- Check the sender's email address carefully against previous correspondence — look for character substitutions
- Do not rely on email confirmation of account details — the compromised mailbox will confirm whatever the scammer has set
- Enable multi-factor authentication on all email accounts involved in property transactions
- Ask your solicitor what their standard process is for notifying clients of wiring details — know what to expect in advance
- Be especially cautious of any urgent deadline framing around a transfer
Evidence to preserve
- The fraudulent email in full, including headers (do not delete)
- All prior wiring instructions for comparison
- Your bank transfer records and the account details you sent to
- All other emails in the transaction chain for comparison
- Record of who in the chain you contacted and when
- Any telephone numbers used by the fraudulent party
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Why must I verify by phone rather than by reply email?
If the scammer has compromised the email account or is sending from a lookalike address, a reply email goes back to them — not to the genuine party. They will confirm the fraudulent details. Only an out-of-band phone call to a number you sourced independently can confirm authenticity.
How do I find the right phone number to call?
Use the phone number from previous correspondence received before the transaction began, from the firm's official website found independently (not via a link in the suspicious email), or from a business card you received in person. Do not use the number in the email containing the wiring instructions.
What if my solicitor's email has been compromised?
A compromised solicitor mailbox is particularly dangerous because the email comes from a genuine address. The phone verification step is equally essential in this case — the fraudulent email may look completely authentic. Your solicitor's firm also has legal and professional obligations if their systems are breached.
Is my bank obliged to recover the funds?
Banks are required to make efforts to recall funds, and in some jurisdictions there are frameworks that oblige the receiving bank to freeze and return fraudulent transfers. However, speed is critical — funds moved rapidly, and there is no guarantee of full recovery. Act within hours, not days.
What is business email compromise (BEC)?
BEC is the technique by which a scammer gains access to or impersonates a business email account to conduct fraud. In real estate, it is used to monitor transactions and introduce fraudulent instructions at the optimal moment. It is one of the highest-value fraud types globally.
Should I use a special secure channel for transferring funds?
Some solicitors and settlement companies now offer secure client portals specifically to reduce wire fraud risk. If your service provider offers this, using it is advisable. Even then, the phone verification principle applies — confirm the portal details by phone before using a new system for the first time.
Could the scammer have been watching my emails for weeks?
Yes. This is a key feature of the attack. Scammers who compromise an account typically monitor passively for an extended period to gather intelligence before acting. They may know the names of all parties, approximate transaction value, and expected dates before sending a single fraudulent message.
What should I tell my solicitor about protecting this transaction?
Ask them what their standard process is for communicating wiring details and whether they offer a secure portal. Tell them you will always call to verify before transferring. Ask them to call you directly before expecting any large transfer, rather than relying solely on email.