Skip to content
Case Study

The $91,000 Wire Transfer
That Almost Went Through

📅 March 2026 ⏱ 3 min read 📨 Email Security ⚠️ Names changed for privacy

A real estate agency nearly wired $91,000 to a fraudster who had been silently intercepting emails between their agent and a buyer for three weeks. This is how it happened — and how we made sure it could never happen again.

📋 Company Profile

Company
Harborview Realty Group (fictional)
Industry
Residential Real Estate — 16 agents
Attack Type
Business Email Compromise (BEC) — wire fraud attempt
Amount at Risk
$91,000 closing funds nearly wired to fraudster account
Email Security Before
Basic Microsoft 365 defaults — no advanced filtering or MFA
Outcome
Full email security overhaul — zero incidents in 6 months since

🚨 The Incident

Three weeks before closing on a residential property, a fraudster compromised the email account of one of Harborview's agents through a phishing link clicked on a personal device. Rather than immediately acting, the attacker silently monitored the inbox — reading every email exchanged between the agent, the buyer, and the title company.

On closing day, with perfect timing, the attacker sent an email to the buyer appearing to come from the agent. The email contained updated wire transfer instructions — a different account number than the real title company — and referenced specific details from prior conversations to appear completely legitimate. The buyer, seeing familiar names and deal-specific language, prepared to send $91,000.

The transfer was stopped only because the buyer called the agent directly to confirm — a step most buyers never take. The agency had been minutes away from a loss that would have devastated their client and their reputation.

🔒 What We Deployed

🔐
MFA on Every Account
Multi-factor authentication enforced across all 16 agent accounts — stolen passwords alone can no longer grant inbox access.
🛡️
Microsoft Defender for Office 365
Advanced threat protection with Safe Links and Safe Attachments — every URL and attachment scanned in real time before delivery.
📋
DMARC / DKIM / SPF Configuration
Email authentication records properly configured — prevents fraudsters from spoofing the agency's domain to impersonate agents with clients.
🚨
Suspicious Login Alerts
Real-time alerts triggered by logins from new devices, locations, or outside business hours — the 3-week silent intrusion would have been caught in hours.
🎓
Agent Security Training
All 16 agents trained on phishing recognition, wire transfer verification procedures, and how to identify spoofed email addresses.
📜
Wire Transfer Verification Policy
Mandatory phone verification protocol for all wire transfer instructions — no exceptions regardless of how legitimate the email appears.
❌ Before the Upgrade
  • No MFA — one phishing click = full inbox access
  • No advanced threat protection on email
  • Domain spoofing possible — no DMARC configured
  • No alerts for suspicious logins or access
  • No agent training on BEC or wire fraud
  • No wire transfer verification procedure
✅ After the Upgrade
  • MFA enforced — compromised passwords useless
  • Every link and attachment scanned before delivery
  • DMARC blocks domain spoofing attempts entirely
  • Suspicious login alerts trigger within minutes
  • All agents trained and phishing-aware
  • Mandatory call-back verification on all wire transfers
$91K
wire transfer intercepted before funds were lost
0
security incidents in the 6 months following the full upgrade
3wks
the attacker had silent inbox access before being detected — new monitoring cuts this to hours

The Outcome

The full email security upgrade was deployed across all 16 agent accounts within four days. Every agent went through a one-hour security briefing covering BEC tactics, phishing identification, and the new wire transfer verification protocol. The agency also notified their title company and buyer clients of the attempted fraud and the steps taken to prevent recurrence.

Six months later the agency has recorded zero security incidents. More importantly, their agents now communicate with clients from a position of confidence — and every buyer is informed of the verbal verification procedure before closing day arrives.

Key Takeaways

  • Real estate is one of the highest-risk industries for email fraud — large wire transfers and deadline pressure make it a prime target
  • Default email settings are not security — Microsoft 365 and Google Workspace require deliberate hardening to be truly protective
  • Attackers who gain inbox access rarely act immediately — silent monitoring for days or weeks makes the eventual attack far more convincing
  • MFA alone would have prevented the original compromise — it is the single highest-impact security step any business can take
  • Technical controls and human procedures work together — the best email security in the world cannot replace a simple phone call to verify wire instructions

Is your business email actually secure?

We audit and upgrade email security for real estate agencies and small businesses — MFA, advanced threat protection, domain authentication, and staff training. One upgrade can prevent a loss that no insurance policy fully covers.

Get Free Email Security Audit → Contact Us