Real Estate Wire Fraud in California: How to Prevent It

Real estate wire fraud in California happens when a criminal compromises an email account in a transaction, then sends spoofed wire instructions just before closing so the buyer's down payment lands in the thief's account instead of escrow. It is one of the most damaging scams in real estate because the money moves once, moves fast, and is often gone within hours. California is a top target for a simple reason: with some of the highest home prices in the country, a single intercepted closing can mean a six- or seven-figure payout for the attacker. Brokers, agents, title and escrow officers, and especially buyers are all in the crosshairs, and everyone in the chain shares responsibility for stopping it.

The good news is that this fraud is highly preventable. It almost always relies on a single weak email account and a victim who trusts written instructions without verifying them by phone. Below is how the scam works, the red flags to watch for, and the concrete steps both your firm and your clients can take to keep closing funds safe.

How the scam actually works

Most real estate wire fraud starts with business email compromise (BEC). An attacker gains access to an email account belonging to someone in the transaction, often a real estate agent, escrow officer, title company, or attorney, usually through a phishing email or a reused password. Once inside, they quietly read messages for days or weeks, learning the timeline, the parties, the closing date, and the tone people use.

When the closing date approaches, they strike. The attacker sends an email that looks exactly like it came from the escrow or title company, complete with the right logos, signatures, and references to the specific property. The message contains one critical change: new wire instructions with the criminal's bank account. The classic move is a last-minute change of instructions, an email that says the original account had a problem and the funds need to go to a different bank. The buyer, eager to close on their new home, wires hundreds of thousands of dollars straight to the thief.

The FBI's Internet Crime Complaint Center (IC3) tracks BEC as one of the costliest cybercrimes in the country, with billions in reported losses across all sectors year after year. You can review the latest figures directly in the FBI IC3 annual reports, and the bureau's specific guidance on real estate wire fraud is published as part of its public service announcements on business email compromise.

Red flags that should stop a wire

Wire fraud has a recognizable pattern. Any one of these signals should freeze the transaction until someone verifies by phone:

• Changed bank details. Any change to wire instructions, especially a "corrected" or "updated" account, is the single biggest warning sign. Legitimate escrow accounts rarely change mid-transaction.
• Urgency and pressure. Messages that insist the wire must go out today, or that closing will fall through without immediate action, are designed to bypass your judgment.
• Email-only contact. A sudden preference for handling everything by email, or excuses for why the sender "can't take a call right now," is a tactic to avoid voice verification.
• Slightly wrong email addresses. A lookalike domain such as escrow-company.net instead of escrowcompany.com, or a reply that quietly drops the real party off the thread.
• Grammar or tone that feels off. Subtle shifts in writing style from someone you've corresponded with before.

How your firm prevents wire fraud

For a brokerage, title office, or escrow team, prevention is about hardening the email systems attackers exploit and building habits that don't rely on any single person catching a fake. The core controls are well within reach for any California firm:

• Multi-factor authentication (MFA) on every account. The pattern we see most often is that a compromised email started with a stolen or reused password. MFA on all email and cloud accounts blocks the overwhelming majority of these takeovers.
• Email security and DMARC. Properly configured SPF, DKIM, and DMARC records make it far harder for criminals to spoof your domain, and advanced filtering catches phishing before it reaches an inbox.
• Verified callback procedures. Adopt a firm-wide rule that no wire instructions are ever sent, changed, or accepted without a phone call to a known, pre-established number, never a number from the email itself.
• Staff training. Everyone who touches a transaction should be able to spot a phishing email and know the verification rule cold. Ongoing training matters more than a one-time session.

These same controls protect client data and your firm's reputation well beyond closings. Cobrix builds them into a single managed program for real estate businesses, which you can read about on our real estate IT and security page and our cybersecurity services overview. For a deeper operational walkthrough, see our guide on wire fraud prevention for real estate teams. We work with firms across California, including dedicated programs for agents in Irvine and Newport Beach.

How your clients prevent wire fraud

Buyers are the ones who actually push the money, so they need a simple, unbreakable rule. Give every client this guidance in writing at the start of the transaction, before any wire is on the table:

• Always verify by phone on a known number. Before wiring a single dollar, call the escrow or title company using a number you confirmed in person or from official paperwork, not a number or link in any email.
• Never trust emailed changes. Treat any email that changes wire instructions as fraudulent until proven otherwise by a live phone call. Legitimate instructions will survive a verification call; a scam will not.
• Confirm the wire landed. Within a few hours of sending, call escrow to confirm they received the funds. The faster a misdirected wire is caught, the better the odds of recovery.
• Be skeptical of urgency. No real closing depends on wiring money in the next ten minutes without a phone call.

The FTC offers plain-language consumer guidance on this exact scam that you can share with buyers; see the FTC's article on mortgage closing scams and how to protect yourself.

What to do if it happens

Speed is everything. A wire can sometimes be clawed back, but the window is measured in hours, not days. If you suspect a fraudulent wire:

• Call the sending bank immediately and ask them to issue a recall and to initiate the FBI's "Financial Fraud Kill Chain," a process that can freeze funds if reported fast enough.
• File a complaint with the FBI's IC3 right away at ic3.gov. The IC3 coordinates with banks to attempt recovery, and prompt reporting dramatically improves the outcome.
• Notify all parties in the transaction, including escrow, the receiving bank, and your local FBI field office.
• Preserve everything. Keep the fraudulent emails, headers, and wire records; do not delete anything.

Wire fraud and its more advanced cousins, like voice-cloned phone calls, are evolving quickly. For a look at how attackers now use AI to impersonate executives and what to do about it, read our deepfake wire fraud playbook.

Protect your closings before the next transaction

Real estate wire fraud in California is preventable, but only if the controls and verification habits are in place before a closing is underway, not after a wire goes missing. If you run a brokerage, title, or escrow operation and want your email, accounts, and procedures hardened against business email compromise, Cobrix can help you build a defense that protects your clients and your reputation. Book a free consultation and we'll review where your transactions are exposed.