FinCEN: Most Victims Targeted in Real Estate BEC Scams Involved in Closing Process

April 12, 2023

The Financial Crimes Enforcement Network (FinCEN) recently issued a Financial Trend Analysis on patterns and trends identified in Bank Secrecy Act (BSA) data relating to business email compromise (BEC) in the real estate sector in 2020 and 2021. The report contains relevant information for the public, particularly individual homebuyers and the multiple entities involved in real estate transactions.

“FinCEN’s analysis indicates that individual homebuyers suffer disproportionately from incidents of business email compromise in the real estate sector,” said FinCEN Acting Director Himamauli Das. “This analysis is just another example of how BSA filings make a difference in the lives of many, many people by providing crucial information that helps to alert the regulatory and law enforcement communities to trends in illicit activity, making our communities safer.”

According to the report, the most common victims of impersonation were individuals and entities involved in the title and closing processes within a real estate transaction.

Through BEC, scammers target businesses and financial institutions that routinely conduct large wire transfers and rely on email for communication regarding the wires. Perpetrators of BEC in the real estate sector may obtain unauthorized access to networks and systems to misappropriate confidential and proprietary information. The sector remains a target for BEC attacks exploiting the high monetary values generally associated with real estate transactions and the various communications between entities involved in the real estate title and closing processes (e.g., title companies, title agents, closing agents, escrow companies, and other individuals and entities involved in the title and closing processes).

FinCEN’s analysis of BEC incidents specific to the real estate sector revealed the following:

  • Money mules were often involved in the movement of funds following these incidents.
  • Nearly 88% of all incidents involved initial transfers of fraudulent funds to accounts at U.S. depository institutions as opposed to accounts outside the United States.
  • Fraudsters engaged in multiple types of fraud and used the same accounts to receive funds from these acts as the accounts used to receive funds from real estate BEC scams
  • In several incidents, illicit funds quickly moved from bank accounts to online payment platforms, or were used to purchase convertible virtual currencies, most commonly in the form of bitcoin.

The report emphasized the critical role of timely reporting of a cyberattack to enable FinCEN and law enforcement to interdict, freeze and recover funds. FinCEN urges victims of cyber-enabled crimes, or victims’ financial institutions, to file a complaint with law enforcement to initiate the process. Since the inception of FinCEN’s Rapid Response Program in 2014, it has aided in the identification and freezing of more than $1.3 billion for U.S. victims of fraud.

To report business email compromise, contact the Federal Bureau of Investigation’s IC3 ( or contact the nearest U.S. Secret Service field office

Contact ALTA at 202-296-3671 or [email protected].