Title companies are ground zero for wire fraud. You handle the largest financial transactions in most people's lives, with wire instructions flowing between multiple parties. Criminals know this—and they're watching your email.
$350M+
lost annually to
real estate wire fraud
$150K
average wire
fraud loss
1 in 20
real estate transactions
targeted
The Attack Pattern: Hackers compromise email accounts (yours, the buyer's, or the realtor's), monitor for upcoming closings, then send fraudulent wire instructions that look exactly like the real thing. By the time anyone realizes, the money is gone—usually overseas and unrecoverable.
Wire Fraud Prevention (Critical)
Escrow Wire Security
- NEVER send wire instructions by regular email
- Secure portal for all wire instruction delivery
- Verbal verification required for all incoming wires
- Callback on verified number (not from email)
- Wire instruction changes require new phone verification
- Dual authorization for wires over $25,000
- Positive pay implemented with your bank
Buyer/Seller Communication
- Wire fraud warning in ALL written communications
- Warning at contract, at opening, and before closing
- "We will NEVER change wire instructions" language standard
- Buyer callback number collected at opening
- Instructions to always call to verify
Email Security (Your Biggest Risk)
Email Protection
- MFA on ALL email accounts (mandatory)
- Advanced threat protection enabled
- DMARC/DKIM/SPF fully configured
- External email warning banners enabled
- Look-alike domain monitoring active
- Email login monitoring and alerts
- Suspicious login detection enabled
Email Compromise Signs: Unusual login locations, auto-forwarding rules to external addresses, emails marked as read that you didn't read. Check email rules regularly—hackers often set up silent forwarding.
Title Production System Security
TPS/Core System Protection
- MFA on title production system
- Role-based access controls implemented
- Audit logging enabled and reviewed
- TPS vendor security verified (SOC 2)
- TPS data backed up independently
- Terminated employee access removed immediately
Document & Data Protection
- Secure document upload portal for buyers
- Documents encrypted in transit and at rest
- HUD-1/CD documents protected
- Recording information secured
- Document retention policy implemented
- Secure destruction of closed files
ALTA Best Practices Alignment
Pillar 3: Privacy & Information Security
- Written information security program
- Employee security training completed
- Third-party vendor due diligence
- Incident response plan documented
- Physical security measures in place
- Annual security assessment performed
Escrow Account Protection
- Escrow account reconciled daily
- Positive pay/ACH filters with bank
- Multi-person authorization for disbursements
- Bank account access MFA protected
- Fraud alerts configured with bank
- Out-of-band transaction verification
Insurance Note: Most E&O and cyber policies now require specific wire fraud controls. Document your procedures—you may need to prove compliance to get a claim paid.
Save this checklist: Press Ctrl+P (Cmd+P on Mac) to save as PDF