For title and settlement offices
A forged wiring instruction can send a buyer's down payment to a criminal in minutes. I build the out-of-band verification that keeps a fake instruction from getting paid, and harden your email and identity so the forgery never looks real. The loss, the hard call to a family, and the liability all stay off your books.
Proof beneath: ALTA Best Practices Pillar 3, GLBA, controls-only wire defense.
A buyer is set to close Friday. Wiring instructions go out. Except a criminal sitting in a compromised email thread sends their own instructions first, and the down payment lands in an account that empties in minutes. Now you are explaining to a family, a lender, and possibly your underwriter how their money vanished on your watch.
This is the attack specific to your business, and it is common. The FBI's Internet Crime Complaint Center reported $16.6 billion in total losses in 2024, with business email compromise accounting for about $2.8 billion of it, much of it tied to real estate transactions (Source: FBI IC3 2024 Internet Crime Report). Victims over 60 alone lost $385 million to real estate and payroll wire fraud in 2024 (Source: FBI IC3 2024).
The exposure for a small office is concrete: the wired funds themselves, the dispute over who is liable, the cost and reputation hit of telling a client their down payment is gone, and a cyber-insurance claim that can be denied if you cannot show the controls you said you had. Spending a little on prevention is small next to any one of those outcomes.
Four controls, layered so a fraudulent instruction has to fail at several points instead of clearing at one.
Procedure
No change to wire or payment instructions is acted on until it is confirmed by phone to a number you already had on file, never a number from the email. ALTA Pillar 3 names a wire-verification process directly. This is the control that stops the fraud at the last step.
Email authentication
Your domain is set to reject mail that fails authentication, so a criminal cannot send convincing mail as your office and a spoofed closing instruction does not land in the buyer or lender inbox in the first place.
Identity
MFA across email and every account that can see or change funding instructions, set up to resist the prompt-bombing and token-theft that defeat basic text-code MFA. ALTA Pillar 3 names MFA as a wire-fraud defense. A stolen password alone goes nowhere.
Detection
The first thing a compromised closing inbox does is hide itself with a quiet auto-forward or a delete rule. Those changes are monitored and flagged, so a takeover is caught before the altered wire request reaches your buyer.
Pillar 3 is the information-security standard your underwriters and lenders ask you to attest to. Recent guidance names specific controls. Here is each one in plain terms, so you can see what an attestation is actually claiming (Source: ALTA, Best Practices Pillar 3).
| Pillar 3 control | What it means in plain terms |
|---|---|
| Written information security plan | A documented plan to protect nonpublic personal information. |
| Multi-factor authentication | A second login step, named directly as a wire-fraud defense. |
| Strong, unique passwords | Long and complex, not reused across accounts. |
| Wire-verification process | A vetted process to confirm wire instructions out of band, by phone to a known number. |
| Service-provider oversight | Vendors held to your security standard, not left unchecked. |
Yes. The word bank is misleading here. Title and settlement agents handle nonpublic personal information and hold and disburse buyer and seller funds, so the Gramm-Leach-Bliley Act safeguarding duties apply (Source: GLBA Title V, 15 U.S.C. 6801 et seq.). The FTC Safeguards Rule names real estate settlement services among covered businesses in 16 CFR 314.2(h), placing you in the same rule that covers tax preparers, mortgage brokers, and finance companies.
That is why your underwriters and lenders keep asking for an attestation: your security is now their liability. Attesting to controls you do not actually have is the kind of gap that surfaces at the worst possible moment, after a loss, when everyone is looking for who is responsible. The work here is to make the attestation true, then keep it true.
There is no third-party body that certifies you as Safeguards-compliant, and no honest provider guarantees compliance. Compliance is demonstrated by actually running the program the rule describes. See the FTC Safeguards program for that side, and the cyber-insurance readiness program for staying able to qualify, bind, and avoid a denied claim.
Written by Hammad Arain, founder of Arain Systems. CCNA, CompTIA Security+, Microsoft AZ-104. Updated June 2026. Educational, not legal advice.
I check how a forged wire instruction would move through your closing process today, where the gaps sit against ALTA Pillar 3, and give you written findings. No commitment, yours to keep.
Get my free review