• Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
• Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
• Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.

$52,660.57.

It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at FrugalBeautiful.com and now, after her experience, at Realestatewirefraud.com. You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.

WHAT TO DO IF YOU’RE VICTIMIZED

If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.