Coming soon: A new look

North American Title Insurance Co. has recently rebranded to Doma. You may see visual updates on NATIC University as we improve and deliver the Doma experience.

June 2022 Wire Fraud Scam Blog Header Image

You’ve Been Hit By a Wire Fraud Scam: Now What?

By Amy Tankersley

You’ve attended several industry seminars to learn about cybersecurity and wire fraud. You’ve implemented strict controls over your company’s email and information technology (IT) systems. You’ve trained your staff and customers on the red flags of business email compromise (BEC) and social engineering attacks. But despite your best preventive efforts, you have become a victim of wire fraud. What do you do?

The latest statistics from the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) tell us that cyberfraud is on the rise. Cyberfraud-related complaints to IC3 – and losses stemming from BEC, the most common source of wire fraud – have steadily climbed every year since 2017, when the IC3 first began tracking BEC scams as a single crime type.

202119,954$2.4 billion
202010,369$1.8 billion
201923,775$1.7 billion
201820,373$1.2 billion
201715,690$675 million


Other common types of cyber crimes tracked by the IC3 that may result in wire fraud include: Phishing, identity theft, credit card fraud, real estate/rental fraud, corporate data breaches, malware, ransomware, tech support fraud and elder fraud.

With these rising statistics, it’s not a matter of if, but when, a real estate transaction you’re involved in will be hit with a wire fraud attempt.

“Wire fraud is an ever-increasing problem. The people who commit fraud are constantly adapting their techniques, so we must always be vigilant,” said Chris McChesney, Doma’s Chief Claims Counsel. “Wire fraud scams can happen to anybody regardless of age, experience or education.”

Unfortunately, any party to the transaction is at risk for wire fraud. Buyers, sellers, borrowers, real estate agents, escrow officers and mortgage lenders are all possible targets.

“In a lot of wire fraud scams, the originating hack in the email system or in the wiring information happened outside the title agency,” McChesney said. “So it’s the buyer who gets hacked, or it’s the real estate agent who gets hacked. They may not know about all the threats of wire fraud. They may not know you’re not going to send them brand new wiring instructions the day before closing.”

Understanding the latest threats and training staff and clients are your best defense against wire fraud, but being able to rapidly respond to an attack is equally important, said David Schreiber, Senior Claims Counsel for Doma.

“The most important part of this rapid response plan is the word rapid,” Schreiber said. “You have a limited window to recover the funds. Fraudsters are not going to leave the funds in the bank where you wired them to, which makes recovery all the more difficult. In most instances, the money is unrecoverable within a matter of hours, or at most, two or three days.”

The following five-step guide is a template designed to be customized and expanded upon for each specific transaction. Remember: The goal is to have the comprehensive plan in place before it happens, so you’re ready to move quickly.

Step 1: Alert

Alert your team. This includes anyone who can help mitigate loss, recover funds and protect systems, such as the title agency owner or manager, and representatives from accounting, IT, legal, etc. Also include a list of critical response team members, their contact information and a procedure for contacting them quickly.

Step 2: Report

Report the incident. Initiate a SWIFT recall notice. This involves contacting the sending bank’s fraud department and requesting that a recall of the wire be sent to the receiving bank because of fraud.

“Have all the details of the wire ready – where it came from, where it’s going, account numbers, names, amounts, etc. And have your bank’s fraud numbers and emails in the plan so you’re not scrambling around, looking for this information,” Schreiber said. “If you’re doing this by email, make sure in the header of the email, it says, ‘URGENT FRAUD ATTACK – READ NOW TO PREVENT LOSS.’ That will generally get things moving faster.”

Also, call the receiving bank’s fraud department to notify the bank you have requested a recall of the wire because of a fraud. You’ll need all the details of the wire available for that bank. Typically, a bank will take instructions from the person who initiated the wire. Schreiber said fraudsters often divert the buyer’s funds, meaning the funds never go through the agent’s office. In this case, the buyer may have to contact the bank; however, title agents can be helpful by sharing the details of the wire with the buyer.

In the case of international wire transfer fraud, the FBI’s Financial Fraud Kill Chain (FFKC) can be implemented to help recover the stolen funds. This process utilizes federal law enforcement worldwide to stop the successful withdrawal of cybercrime funds by criminal actors.

The FFKC can be implemented for international wire transfers meeting the following criteria:

  • The wire transfer is international
  • The wire transfer is $50,000 or above
  • A SWIFT recall notice was initiated
  • The wire transfer occurred in the last 72 hours
Step 3: Inform

Inform all parties to the transaction. This includes the buyer, seller, real estate agents, broker, attorneys, underwriter, notary and others. This should be done using known and trusted phone numbers for verbal verification. Your insurance carriers should also be notified.

“Inform all the parties to review their emails and their email security, and update any passwords,” Schreiber said. “Also, let them know all future communications are going to be via telephone until you figure out where the fraud occurred, and you know email is secure again.”

Step 4: Secure Evidence

This is an important step in unraveling where the fraud occurred and is crucial for law enforcement, attorneys, the underwriter and others assisting with mitigating loss from the attack. Read email logs associated with the transaction and determine how and when email accounts were accessed.

“Save and sequester every email that was part of the transaction,” Schreiber noted. “And when I say all emails, I’m literally talking about every email for the transaction. It might not appear on its face as something to do with the fraud, but when you start looking at it closer, maybe it helps us figure out exactly where in the chain the fraudsters jumped in.”

As you’re reporting the fraud attack in Step 2 and informing parties in Step 3, log and secure that information. This entails logging all the phone calls and outreach efforts and documenting key information such as time of call, the number called, who you spoke with, additional contact information and the substance of the phone call.

Step 5: File a Complaint with the FBI

A complaint should be filed with the FBI’s Internet Crime Complaint Center (IC3), a centralized data collection center focused on analyzing and thwarting future attacks. Complaints can be filed, regardless of the amount of funds lost, here. You may also report the theft to your local FBI office. To find out where your local FBI field office is located, visit the FBI’s website.

Amy Tankersley is Industry Relations Manager for Doma. For other educational content and training materials related to cyberfraud, contact us at [email protected].