The FBI's Internet Crime Complaint Center (IC3) consistently ranks Business Email Compromise (BEC) as the most expensive type of cybercrime — and within BEC, real estate is one of the top three targeted industries. The mechanics are well-known by now: an attacker compromises a mailbox somewhere in the transaction (escrow agent, title company, listing agent, buyer's agent, lender), monitors the conversation for closing instructions, and then sends a doctored email at the last minute redirecting the buyer's wire transfer to an account they control.

By the time anyone realizes the wire didn't land where it was supposed to, the money has been moved through three or four mule accounts and is gone. Recovery rates are below 30%.

Why real estate is a target

Three factors make real estate uniquely vulnerable:

  • High dollar amounts. A single residential transaction often involves a $50K–$200K wire. Commercial deals run into the millions. The economics work for the attacker even with low success rates.
  • Many email parties. A typical residential closing involves the buyer, seller, both agents, escrow, title, lender, and sometimes a buyer's attorney. That's 7+ inboxes any one of which could be compromised.
  • Time pressure at closing. Wire instructions usually arrive in the final 48 hours. There's no time for the buyer to triple-check.

What gets stolen, and who pays

The buyer's funds are gone. The buyer often sues the agent, the brokerage, the escrow, and the title company. Even if the agent did nothing wrong, defense costs alone can run six figures — and that's where the policy form matters.

Many older E&O policies exclude "criminal acts" or "third-party fraud" outright. Even when E&O does respond, the question is whether the wire-fraud loss is "your" loss (covered by the brokerage's Cyber policy as a 1st-party loss) or the client's loss (covered by E&O as a 3rd-party negligence claim). The right answer is usually both, and brokerages need both policies in force.

Coverage components that matter

  • Social engineering / fraudulent instructions coverage. Specifically for instructions that turn out to be fraudulent, even when the brokerage acted in good faith. Often a sub-limit on Cyber policies — make sure it's high enough.
  • Funds transfer fraud. Covers the brokerage's own funds when an attacker tricks an employee into wiring money from a brokerage account.
  • Breach response and forensics. Covers the cost of figuring out which mailbox was compromised, notifying clients, and credit monitoring.
  • 3rd-party liability. When the brokerage gets sued by the buyer for the lost wire, this is what defends the suit.

Operational controls that close the gap

Insurance is the backstop. The first line of defense is operational. PBI Group's strongest brokerage clients all do most or all of these:

  1. Two-factor authentication on every email account. Mandatory, no exceptions, including for non-licensed staff. This single change prevents the majority of mailbox compromises.
  2. Wire instructions never sent or changed via email. Document this in writing in the engagement letter. When wire instructions are needed, they're shared via a secure portal or read aloud over the phone after voice verification.
  3. Verbal verification on every wire over a threshold. Before the buyer wires anything, they call the title company directly using a phone number from the title company's website — not from any email. Then they confirm the routing and account numbers verbally.
  4. Train every quarter, not annually. Phishing simulations every 90 days. The agents who fall for them get re-trained immediately. The training itself is short — 15 minutes — but the cadence is what builds the muscle memory.
  5. Pre-closing wire-fraud reminder to the buyer. A simple email from the agent 72 hours before closing: "If you receive any email asking you to change wire instructions, call us first. We never change wire instructions by email." This works.

What PBI Group policies cover

PBI Group's Cyber Liability coverage — written through specialty cyber carriers — includes social engineering as a primary coverage, not a sub-limit afterthought. The most common loss we see settled in our book is wire fraud loss to a client where the brokerage is named as a defendant; our policies include both the 1st-party social engineering loss and the 3rd-party liability defense in one form.

If you're a brokerage with more than ~10 agents, or a property management firm handling tenant deposits, or anyone whose business involves moving client funds — the right answer is to carry both E&O and Cyber. The two policies cover different things and the modern claims environment requires both. Talk to us if you'd like a coverage review.