Blog / Risk

Wire Fraud, Forged Documents, Seller Impersonation: Fraud-Proofing the Modern Closing

Fraud-Proofing Real Estate Closings: Wire Fraud & Forgery

Real estate transactions concentrate everything a fraudster wants: large one-time transfers, multiple parties who've often never met in person, time pressure, and a paper trail scattered across email. The FBI's Internet Crime Complaint Center has for years ranked business email compromise, the family of scams behind most real estate wire fraud, among the costliest cybercrime categories in America, with losses running into the billions annually across sectors, and real estate consistently called out as a target-rich environment. Meanwhile, seller-impersonation fraud, criminals posing as owners of unencumbered land or vacant properties and selling them out from under the true owners, has grown sharply enough that title underwriters and industry associations have issued repeated nationwide alerts.

For a US real estate or legal professional, this is no longer an IT topic. It's transaction management. The good news: the defenses are known, they're procedural more than technical, and modern document infrastructure makes several of them automatic. Here's the threat map and the playbook.

The three attacks that matter

1. Wire diversion (business email compromise)

The classic: criminals compromise or convincingly spoof an email account in the transaction, often an agent's or title company's, monitor the deal, and at the critical moment send the buyer "updated" wiring instructions. The money leaves, gets layered through mule accounts within hours, and is usually unrecoverable. The attack works because wiring instructions traditionally travel by the least authenticated channel in the whole transaction: email.

2. Seller impersonation

Criminals identify properties with absentee owners, vacant lots, unmortgaged land, second homes, pose as the owner using forged IDs, insist on remote everything, price aggressively for a fast close, and disappear with the proceeds. The true owner discovers the "sale" months later. Every party in the chain had a chance to catch it: the listing agent who never met the seller, the notary who took a fake ID at face value, the closer who noticed nothing odd about a rush sale of unencumbered land with proceeds wired out of state.

3. Document forgery and alteration

Forged payoff letters that redirect mortgage payoffs. Altered contracts where a figure or account number changed between the version reviewed and the version signed. Fake entity documents "authorizing" a signer. PDF editing tools have made competent forgery accessible to anyone; the defense can no longer be "it looked right."

The playbook

Verify identity like it's your money

  • Independently verify sellers you've never met: contact via the number on the tax roll, not the number they provided; compare signatures against recorded documents; be structurally suspicious of vacant-land, no-mortgage, remote-only, rush-close combinations, that cluster is the impersonation profile.
  • Use signing processes with real identity verification. This is where certificate-based digital signatures earn their place: identity is verified by a certification authority before signing, and the signature is cryptographically bound to both the verified identity and the exact document. A forged wet signature is an argument between handwriting experts; a certificate-based signature either validates or it doesn't.

Make documents tamper-evident

  • Cryptographically signed documents cannot be altered after execution without detection, the "figure changed between review and signature" attack fails mathematically rather than depending on someone noticing.
  • Keep the transaction file in a secure, centralized repository with access controls and audit logs, instead of scattered across inboxes. Most document fraud exploits the gap between versions and the ambiguity of email; a single source of truth eliminates both.
  • Run automated cross-checks on the file. Fraudulent documents are rarely perfectly consistent with the genuine ones around them: names that don't quite match records, figures that disagree across documents, dates that don't line up, descriptions that drift. VeriCasa's analysis, hundreds of AI-powered legal cross-checks per file, in seconds, was built to catch inconsistencies as an accuracy tool, and inconsistency is exactly what forgery produces. A file that cross-checks clean against authoritative records is a hard file to have infiltrated.

Treat wiring instructions as radioactive

  • Deliver instructions once, early, through an authenticated channel, never as a mid-transaction email "update."
  • Verify verbally at a known-good number before any transfer, and again for any change. Institute a hard rule that changed instructions equal a stopped transaction until verified.
  • Educate clients in writing at engagement: what you will never do by email, and what they must never act on without calling. Most successful wire fraud runs through the least-trained person in the transaction, usually the buyer.

Reduce the attack surface itself

Every email attachment, every "please print, sign, and scan back," every version floating in an inbox is surface area. Moving analysis, drafting, execution, and storage into one secured pipeline doesn't just save time, it removes the loose documents and ambiguous channels that fraud lives on. Security by workflow design beats security by vigilance, because vigilance has bad days.

What to ask your vendors

Your defenses inherit your platforms' weaknesses, so hold them to a standard:

  • Independent security certification, SOC 2 and ISO 27001 are the credible baselines.
  • Strong encryption for documents in transit and at rest (256-bit is the benchmark).
  • Certified digital signatures with genuine identity verification, not just click-to-sign.
  • Complete audit trails: who accessed, changed, sent, and signed what, and when.
  • Serious privacy discipline over party data, GDPR-grade handling is a good proxy even for US-only operations, because it means the vendor engineered for the strictest regime.

VeriCasa was built to that standard: SOC 2 certified, ISO 27001 aligned, 256-bit encryption throughout, certified digital signatures, centralized secure storage, and full audit trails, the same infrastructure that makes transactions fast is the infrastructure that makes them hard to attack.

The takeaway

Fraudsters attack the seams: unverified identities, unauthenticated channels, inconsistent documents, scattered files. The modern defense isn't paranoia, it's a workflow with fewer seams. Verify identity cryptographically, make documents tamper-evident, cross-check the file systematically, lock down the money channel, and centralize the record. Firms that do this don't just lose less to fraud; they close faster, because the same discipline that stops attackers also stops errors.

See VeriCasa on your own files

Hundreds of AI legal cross-checks, reports and contracts in minutes, certified digital signatures.

Book a demo
← All articles