FinCEN Analysis of Business Email Compromise in the Real Estate Sector Reveals Threat Patterns and Trends

Immediate Release

WASHINGTON—Today, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis on patterns and trends identified in Bank Secrecy Act (BSA) data relating to business email compromise (BEC) in the real estate sector in 2020 and 2021. The report contains relevant information for the public, particularly individual homebuyers and the multiple entities involved in real estate transactions.

“FinCEN’s analysis indicates that individual homebuyers suffer disproportionately from incidents of business email compromise in the real estate sector,” said FinCEN Acting Director Himamauli Das. “This analysis is just another example of how BSA filings make a difference in the lives of many, many people by providing crucial information that helps to alert the regulatory and law enforcement communities to trends in illicit activity, making our communities safer.”

Through BEC, scammers target businesses and financial institutions that routinely conduct large wire transfers and rely on email for communication regarding the wires. Perpetrators of BEC in the real estate sector may obtain unauthorized access to networks and systems to misappropriate confidential and proprietary information. The sector remains a target for BEC attacks exploiting the high monetary values generally associated with real estate transactions and the various communications between entities involved in the real estate title and closing processes (e.g., title companies, title agents, closing agents, and escrow companies, and other individuals and entities involved in the title and closing processes).

FinCEN’s analysis of BEC incidents specific to the real estate sector revealed the following:

  • The most common victims of impersonation were individuals and entities involved in the title and closing processes within a real estate transaction.
  • Money mules were often involved in the movement of funds following these incidents.
  • Nearly 88% of all incidents involved initial transfers of fraudulent funds to accounts at U.S. depository institutions as opposed to accounts outside the United States.
  • Fraudsters engaged in multiple types of fraud and used the same accounts to receive funds from these acts as the accounts used to receive funds from real estate BEC scams
  • In several incidents, illicit funds quickly moved from bank accounts to online payment platforms, or were used to purchase convertible virtual currencies, most commonly in the form of bitcoin.

Today’s report emphasizes the critical role of timely reporting of cyber-enabled crime to enable FinCEN and law enforcement to interdict, freeze, and recover funds stolen through cyber-enabled fraud, such as BEC, through FinCEN’s Rapid Response Program (RRP). FinCEN urges victims of cyber-enabled crimes, or victims’ financial institutions, to file a complaint with law enforcement to initiate the RRP process. Since the inception of the RRP in 2014, the program has aided in the identification and freezing of more than $1.3 billion for U.S. victims of fraud. FinCEN administers the RRP in close partnership with the Federal Bureau of Investigation, the U.S. Secret Service, Homeland Security Investigations, and the U.S. Postal Inspection Service and counterpart foreign Financial Intelligence Units.

To report business email compromise, contact the Federal Bureau of Investigation’s IC3 ( or contact the nearest U.S. Secret Service field office through Contact Treasury’s Office of Foreign Assets Control at if there is any reason to suspect the cyber actor may be sanctioned or otherwise have a sanctions nexus. Financial institutions reporting BEC incidents should refer to FinCEN’s resource page on advisories, at