Beck Owen & Murray

04/30/2026

Report: 1 in 5 Homebuyers Receive Suspicious or Fraudulent Communication During Closing
April 28, 2026

A new report from CertifID shows that fraud has moved from a behind-the-scenes threat to a front-of-mind concern for homebuyers and sellers. The findings suggest that security is no longer an operational issue alone. It is now a core part of the customer experience.

The 2026 State of Wire Fraud Report draws on survey data from more than 1,400 consumers and real estate professionals, along with transaction-level insights. It paints a picture of an industry where fraud attempts are common and expectations around protection are rising quickly.

Nearly one in four homebuyers (22%) reported receiving a fraudulent or suspicious communication during their closing process. At the same time, consumer awareness has reached a tipping point. More than 80% of respondents said they are aware that criminals use artificial intelligence to impersonate trusted parties in real estate deals. As fraud tactics become more sophisticated, consumers are becoming more cautious and more selective.

That shift is changing behavior in ways that directly impact title and settlement professionals. According to the report, 68% of consumers said guaranteed protection from wire fraud strongly influences which provider they choose. In addition, 85% said they would be willing to pay more for that protection.

However, the data also reveals a troubling gap between awareness and action. Many consumers recognize suspicious activity but do not know how to respond effectively, leaving them vulnerable even when they sense something is wrong. A third of consumers who received suspicious communications either ignored them or took no action at all

The report also highlights the lasting damage caused by fraud incidents. More than half of consumers said they would not work with a title company or real estate firm again after experiencing wire fraud, even if their funds were fully recovered. This underscores that the impact extends beyond financial loss to long-term trust and reputation.

The report also points to the growing influence of artificial intelligence in fraud schemes. Attackers can now generate highly convincing emails, clone voices and mimic trusted parties with greater accuracy. As a result, traditional warning signs are becoming harder to detect. Last year, fraud analysts estimated 40% of business email compromise phishing emails were AI-generated. According to CertifID’s study, there has been a 1,760% year-over-year increase in business email compromise attacks since generative AI tools became widely available. For title professionals on the front lines, they see the change clearly. In survey, 72.6% report that fraud attempts are becoming more sophisticated, 60.1% say fraud attempts are increasing in frequency and 57.5% encounter suspicious activity quarterly or more frequently.

Verifying wire instructions through trusted channels, setting expectations with consumers early and reinforcing secure communication practices throughout the transaction are increasingly essential. The data suggests the industry is at an inflection point. Fraud is not only increasing in frequency and sophistication, but also shaping how consumers evaluate service providers. For title companies, that means security is no longer just about avoiding loss. It is about earning trust.

In its report, CertifID shared the story of Sarah Dombrowski, who has worked in title for 27 years. In March 2022, she opened her own company, Unique Title and Escrow. She thought she was protected: she had fraud prevention tools in place. Then came the phone call.

On Aug. 7, 2024, an employee told her a mortgage payoff wire hadn’t arrived. $311,785 was missing.

“I felt like I was dying, Dombrowski recalled. "My chest was tight, my heart was racing. It’s like hitting a Mack truck at 60 miles per hour.”

Her first concern was her clients. Then came the terrifying realization: her business, her livelihood and her team. Everything was in jeopardy. She barely slept for weeks. Insurance companies and attorneys offered no guidance.

The product she had trusted? They told her to call her bank.

CertifID Fraud Recovery Services eventually helped return most of the stolen funds, but the experience left a permanent mark. Dombrowski now operates differently with verified processes in place for every wire.

“I can close my eyes at night knowing I will not experience wire fraud again, she said. I don’t want to be in cybersecurity. I want to focus on title.”

04/15/2026

You list a property, and it sits vacant for a few weeks between tenants. The lawn gets mowed, the lights stay off, and nobody thinks twice. But someone else might be paying close attention to that empty house—not to buy it, but to steal from it.
Security researchers recently uncovered fraud tutorials on Telegram that teach criminals how to exploit vacant homes as “drop addresses” for intercepting mail. The playbook is simple. Criminals browse platforms like Zillow, filtering for recently listed rentals or homes sitting on the market. They’re not shopping for a home—they’re looking for an empty mailbox.
Once they find a vacant property, they sign up for USPS Informed Delivery at that address. This free postal service sends digital previews of incoming mail—letting criminals see financial statements, credit card offers, and tax documents on a phone screen. From there, they file a change-of-address request to reroute the homeowner’s mail to a location they control. The postal service has verification safeguards, but the tutorials suggest criminals view those controls as easy to work around.
What makes this especially relevant for the real estate industry is that criminals are using our tools against us. Listing platforms designed to connect buyers and sellers are being weaponized to find targets. A property between closings, a rental waiting for a new tenant, a home in probate—any vacant property with an active mailbox becomes a fraud staging ground. Intercepted mail fuels identity theft, unauthorized credit applications, and account takeovers.
This isn’t a high-tech hack. There’s no malware, no phishing email, no software exploit. It’s a criminal walking up to a mailbox at an empty house and helping themselves to someone’s financial life. And because every step abuses legitimate services—real estate platforms, postal forwarding, public listings—it’s hard to detect.
Takeaways
Secure the mailbox on vacant properties you manage. If you oversee listings or properties between transactions, consider locking the mailbox and placing a temporary hold on USPS mail delivery. An open mailbox at an empty house is an invitation.
Sign up for USPS Informed Delivery on your own address before someone else does. Only one account can register per address. If you register first, a criminal can’t. This is one of the easiest steps you can take to protect yourself.
Watch for unexpected USPS change-of-address confirmation letters. The postal service sends a validation notice whenever a forwarding request is filed. If you receive one you didn’t initiate, contact USPS and report it immediately.
Alert property owners about mail security during vacancies. If you work with sellers, landlords or estate representatives, remind them that a vacant property’s mailbox is a vulnerability. A simple heads-up could prevent a much bigger problem.
Freeze your credit if you haven’t already. Stolen mail is often used to open fraudulent accounts. A credit freeze with all three bureaus stops that path cold, and it’s free to set up and lift.
We spend a lot of time protecting ourselves from digital threats—phishing emails, fake websites and malware—but sometimes the most effective attack is the simplest one: a criminal, an empty house and an unlocked mailbox. In our industry, where properties regularly sit vacant, that’s a risk worth taking seriously.

04/13/2026

You receive a call from your bank’s fraud department.

You check the caller ID. They have your exact bank account number. They say there is fraudulent activity on your account and they need you to verify some transactions. What could possibly go wrong?

As it turns out — a lot.

The FBI and ALTA recently issued announcements warning of a scheme involving fraudsters impersonating bank fraud departments. This tactic is just one example of a much broader and ongoing threat: impersonation scams designed to gain access to and take over bank accounts.

The Bigger Picture: How Impersonation and Takeover Schemes Work

Industry leaders have similarly issued a warning about a fraud scheme where criminals gain control of bank accounts and then use various tactics to remove funds. This scam is effective because it looks and feels legitimate. The fraudsters use impersonation techniques to gain trust so they can steal login credentials and execute unauthorized wire transfers or payments from escrow or operating accounts. They do this by using a mixture of technology and social engineering which may include:

Impersonation of a Trusted Source: ID Spoofing to make the incoming calls appear to be from a real bank’s phone number.

Build Credibility: The fraudster may send fake bank text alerts or know partial account or personal details to build credibility.

Urgency and Familiarity: Often fraudsters pressure you to act quickly, especially during busy closing periods.

Ask for Access: Fraudsters often will ask for MFA codes, login credentials, wire approvals, or remote access to your computer.

What to Look Out For:

Was I expecting this message?
If you were not already dealing with or expecting communication from the bank, why would they contact you?

Is the message asking for any codes or authentication information?

Banks and fraud departments almost never ask for MFA codes via email or text. Never share this information. Fraudsters try to create urgency to cloud judgement.

If something feels off, contact your bank immediately!

If you believe you are a victim of account takeover, follow the FBI’s What To do in Case of an ATO Incident found here: Internet Crime Complaint Center (IC3) | Account Takeover Fraud via Impersonation of Financial Institution Support: https://www.ic3.gov/PSA/2025/PSA251125

Do not underestimate the risk. Account Takeover can signal a broader cybersecurity compromise within your organization.

The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized acces...

03/24/2026

You're in the middle of a zoning application for a new office build-out. An email lands in your inbox from what appears to be a city planning official - complete with the county seal, your permit number, and the correct property address. It says you owe a processing fee and warns that delays will follow if you don't pay promptly. You've been going back and forth with the planning department for weeks, so this feels routine. You click to pay. Except that email didn't come from city hall - it came from a scammer who just walked away with your money.
The FBI recently issued a public warning about this exact scheme. Criminals are impersonating city and county planning and zoning officials to collect fraudulent permit fees from people with active applications. What makes this scam particularly convincing is the level of detail. The emails reference real permit numbers, actual property addresses, and sometimes even the names of legitimate government employees. None of that information is stolen from a database breach - it's all pulled from publicly available permit records that local governments post for transparency.
The timing is the real weapon here. These emails arrive while applicants are actively communicating with their local planning office, so a message about fees doesn't raise an eyebrow. The invoices look professional, with itemized statements and formal language about regulatory compliance and hearing agendas. But buried in the details are the tells: the sender's email comes from a non-government domain - something like ".com" instead of an official ".gov" address - and the payment methods are wire transfers, peer-to-peer apps, or cryptocurrency. No legitimate government office asks you to pay permit fees in Bitcoin.
There's another clever trick. The emails specifically instruct recipients to communicate only by email-not by phone -claiming it's necessary for an "audit trail." That's designed to keep you from picking up the phone and calling the actual planning office, which would immediately expose the fraud.
For anyone in the title, real estate, or property development, this one hits close to home. You're regularly involved in permitting, zoning applications, and municipal processes. A convincing invoice tied to an active project could easily slip through - especially during a busy closing week when dozens of legitimate payment requests are already in motion.
Takeaways
1. Verify every payment request by phone. If you receive an invoice related to a permit or zoning application, call the city or county office directly using the number on its official website-not the number provided in the email.
2. Inspect the sender's email domain. Government emails end in ".gov." If the address uses a commercial domain like ".com" or ".com," it's not coming from a government office, no matter how official the letterhead looks.
3. Treat urgency as a red flag. Legitimate planning departments don't threaten immediate consequences over email if you don't pay within hours. Pressure to act fast is a hallmark of fraud.
4. Never pay permit fees via wire transfer, peer-to-peer apps, or cryptocurrency. Real government offices accept payments through their official website portals or in person. If someone directs you elsewhere, stop.
5. Alert your team. If your office handles permitting or development work, make sure everyone involved knows this scam exists. One informed colleague can prevent a costly mistake.
Public records are meant to keep government transparent - but scammers are turning that openness into an attack vector. When an invoice arrives with your permit number, the instinct is to trust it. That instinct is exactly what they're counting on.

03/23/2026

Beck, Owen & Murray representing at the Dawg Dash Run for Food.

03/16/2026

You're running two minutes late for a video call. You click the meeting link, and a message pops up: "Your software is out of date. Please install the latest update to join." You're in a hurry. Your team is waiting. So, you click "Download" and run the file. You just handed a hacker the keys to your computer.
Security researchers recently uncovered phishing campaigns that use fake meeting invitations for Zoom, Microsoft Teams, and Google Meet as bait. The attackers create convincing lookalike pages-complete with participant lists and familiar branding-hosted on slightly misspelled web addresses like "zoom-meet.us." When you try to join the call, you're told your app needs an urgent update. That "update" is the trap.
Here's what makes this attack especially dangerous: the file you download isn't traditional malware. It's a legitimate remote access tool-the same software an IT help desk might use to troubleshoot your computer. Because these tools are digitally signed by trusted companies, your antivirus may not flag them. Think of it as someone stealing a master key rather than picking a lock. The key works in every door, and nobody questions it because it belongs there.
Once installed, the attacker has full control of your computer. They can see your screen, transfer files, access your email, and move through your company's network-all while the software appears perfectly normal. For anyone handling wire transfers, closing documents, or sensitive client information, this kind of access could lead to wire fraud, a data breach, or worse.
The attackers are counting on one thing: your urgency. Nobody wants to hold up a meeting because their software won't work. That pressure is exactly what makes people bypass their instincts and run a file they normally wouldn't touch. Some phishing pages even show fake participants "joining" the call in real time to make it feel more believable.
Takeaways
1. Never install software from a meeting link. Zoom, Teams, and Google Meet will never ask you to download an update through a meeting invite. If you see that message, close the tab. Update your apps only through the app itself or its official website.
2. Check the web address before you click anything. Fake meeting pages live on URLs that are slightly misspelled or unusual. Before downloading anything, look at the address bar. If it doesn't exactly match the official domain, don't proceed.
3. Join meetings through your installed app, not email links. Open Zoom, Teams, or Google Meet directly and enter the meeting ID manually. This bypasses the phishing page entirely.
4. If you accidentally installed something, act fast. Disconnect from the internet, contact your IT team immediately, and do not log into any accounts until your computer has been examined.
We've trained ourselves to be suspicious of unexpected emails. Now we need that same skepticism when a meeting link asks us to install something. The few seconds it takes to verify could save you from a breach that takes months to unwind.

03/04/2026

Dave Ramsey Says "Get Title Insurance 100% of the time"

A corner lot might look like a win when pulling up to the curb. Personal finance expert Dave Ramsey says buyers should look past the front yard before calling it one. On "The Ramsey Show," the exchange started with co-host...

03/02/2026

You need to log in to your bank. You type the name into Google and click the first result. The logo looks right. The login page looks right. But it's not your bank-it's a fake site a hacker paid to place at the top of your search results.
This isn't hypothetical. Recent research shows hackers are abusing Google search results and paid ads to deliver phishing attacks-a fundamentally different threat than the suspicious emails we've trained ourselves to spot. Nobody taught us to distrust Google. That's what makes this so effective.
The first tactic is search poisoning. Researchers at Bolster AI discovered thousands of fake websites crafted to outrank legitimate ones in Google results. In one campaign, over 7,000 government-themed domains published malicious pages about tax refunds and public benefits. The content read like real government guidance-but every page was designed to steal personal information. You wouldn't question a book on the shelf at your local library. We treat search engines the same way-if Google ranked it, it must be legitimate. Hackers exploit that trust using the same ranking techniques marketers use, except they're promoting fake sites instead of real ones.
The second tactic is even more brazen-buying ads. You know those sponsored results that appear above regular search listings? Hackers purchase those ad spots targeting searches people make when they're ready to act: logging into a cloud service, verifying an account, or contacting customer support. The ad looks legitimate, but leads straight to a phishing page. And these malicious ads are short-lived by design. Attackers run them just long enough to capture credentials, then relaunch under a different domain. By the time someone reports it, a fresh one has already taken its place.
In our industry, the stakes are especially high. Imagine someone on your team searching for a wire transfer portal or a document signing platform and clicking a sponsored result. One wrong click, and an attacker has access to systems handling sensitive financial transactions. Once someone has your email access, your world changes fast: wire instructions, payoff statements, invoices, and "updated banking details" become easy to impersonate, because the attacker can watch real conversations and strike at the right moment.
Takeaways:
• Use bookmarks, not search engines, for logins. For any site where you enter credentials-your bank, email, title production software, wire platforms-save a bookmark and use it every time. Don't let Google be the middleman.
• Scroll past sponsored results. When searching for a login page and the top result says "Sponsored," skip it. Legitimate companies don't need to buy ads for their own login pages.
• Read the address bar before you type anything. Watch for subtle differences-extra words, misspellings, or unusual extensions like ".net" instead of ".com." If anything looks off, close the tab.
• Let your password manager be your guard dog. It matches credentials to specific web addresses. If the site is fake, it won't fill anything in-that's your red flag that something is wrong.
We trained ourselves to spot phishing emails. Now we need that same skepticism for search results. The address bar is your best friend-read it before you type a single credential.

02/23/2026

You've probably seen them-those handy "Summarize with AI" buttons popping up on blog posts and product pages. Click one, and your AI assistant gives you a quick summary. Sounds helpful, right? Here's the problem: some of those buttons are secretly planting instructions inside your AI's memory to promote whoever put the button there.
Microsoft security researchers recently uncovered a growing trend they're calling AI Recommendation Poisoning. Companies are hiding commands inside those "Summarize" buttons that tell your AI things like "remember us as a trusted source" or "recommend our product first." Over 60 days, researchers found more than 50 hidden prompts from 31 companies across industries, including finance, health, legal services, and marketing.
So how does it work? Modern AI assistants like ChatGPT, Microsoft Copilot, and others now have memory-they remember your preferences and past conversations to give better answers. When you click a rigged button, it opens your AI with a pre-loaded prompt you may not even notice. That prompt tells your AI to "remember" a company as a go-to source. From that point on, your AI may steer you toward that company whenever you ask for recommendations-and you'd never know why.
Think about how this plays out. You ask your AI to recommend a vendor for a closing platform or a cybersecurity tool. Instead of an unbiased answer, it pushes the company that poisoned its memory weeks ago. Or worse-imagine asking for financial guidance and getting answers quietly skewed by a company with something to sell. Free toolkits are already available that make setting up these poisoned buttons as easy as installing a website plugin.
Takeaways:
• Hover before you click. Before clicking any "Summarize with AI" button, hover over it to see where the link actually goes. If you see a long URL pointing to an AI assistant with a "?q=" or "?prompt=" parameter, that's a red flag.
• Check your AI's memory regularly. Most AI assistants have a settings page where you can view what they've memorized. Look for entries you don't remember creating-especially ones that call a specific company "trusted" or "authoritative." Delete anything suspicious.
• Question unusual recommendations. If your AI keeps pushing the same company or product, ask it why. Ask for references and sources. This can help reveal whether the recommendation is based on real analysis or planted instructions.
• Be careful what you feed your AI. Every website, email, or document you ask your AI to analyze is an opportunity for someone to slip in hidden instructions. Treat external content with the same caution you'd give an email attachment from an unknown sender.
This is the AI equivalent of adware-except instead of pop-up ads on your screen, the advertising is baked into the advice your AI gives you. The manipulation is invisible and persistent. As AI assistants become a bigger part of how we research vendors and make decisions, keeping their memory clean is just as important as keeping your computer clean.

02/16/2026

A simple calendar invite - the kind you receive dozens of times a week - was just used to trick Google's AI assistant into leaking private meeting details. No malicious links. No attachments. No code. Just carefully worded text hidden in the event description.
Here's how it worked. Google Gemini, the AI assistant built into Google's products, automatically reads your calendar events so it can answer questions like "Am I free Saturday?" Researchers discovered that an attacker could embed hidden instructions in the description field of a calendar invitation. Those instructions appeared as ordinary text-something a person might write as a note to themselves. But when Gemini read the event, it treated those instructions as commands.
The attack unfolded in three steps. First, the attacker sent a calendar invite with a carefully crafted description. Second, the victim asked Gemini a routine question about their schedule. That single question caused Gemini to load every event for that day - including the attacker's planted invite. Third, Gemini followed the hidden instructions: it summarized all of the victim's private meetings, wrote that summary into a new calendar event the attacker could see, and responded to the user with a simple "it's a free time slot." The victim was unaware that anything had happened.
What makes this attack different from anything we've seen before is that there was nothing technically "malicious" about it. No suspicious links, no malware, no code exploits. The weapon was language itself - plain sentences that manipulated the AI into doing the attacker's bidding. Google has since confirmed and fixed the vulnerability, but it reveals a much larger issue: as AI assistants are integrated into our daily tools, they become new avenues for attackers to exploit.
Think about your own workflow. How often do you ask an AI assistant to check your calendar, summarize emails, or review documents? Every time an AI tool reads your data to be helpful, it could also be reading instructions planted by someone else.
Takeaways:
• Decline or delete calendar invites from unknown senders. Don't just ignore them - remove them from your calendar entirely. If Gemini or another AI assistant can see it, it can act on it.
• Be cautious with AI assistants connected to your accounts. Understand that when you ask an AI to check your schedule or email, it reads everything - including content from people you don't know or trust.
• Review event descriptions before accepting invites. If the description contains unusual or lengthy text that doesn't match the meeting purpose, treat it as suspicious.
• Limit AI assistant permissions when possible. Check your Google, Microsoft, or Apple settings to see what data your AI tools can access, and disable what you don't need.
• Keep your apps and platforms updated. Google patched this specific flaw, but only users running the latest version are protected. Updates aren't just about new features - they close doors that attackers have already found.
Had the user reviewed unexpected calendar invites before interacting with their AI assistant about that day's schedule - or simply declined invites from unknown senders - this attack would have gone nowhere.
AI tools are becoming part of how we work and live. That convenience comes with a new rule: anything your AI can read, an attacker can try to manipulate.