Real estate closings have always been a magnet for fraud. They combine large, time-sensitive wire transfers, multiple parties who often never meet in person, and a flurry of last-minute email instructions. For years the dominant threat was business-email-compromise (BEC): an attacker quietly monitors a transaction, then sends spoofed payoff or closing instructions that redirect funds to a mule account. Generative AI has now removed the last safeguard that many practitioners relied on—the human voice. When a title agent or buyer "confirms" wiring instructions by phone, they may be talking to a synthetic clone of someone they trust.
How Deepfakes Supercharge Wire Fraud
The traditional callback was the backstop. If an email looked suspicious, the closer would call the lender, seller, or attorney to confirm. Voice cloning has eroded that control. With a short sample of speech—often scraped from a webinar, voicemail greeting, or social media video—an attacker can generate audio that reproduces a person's cadence and tone closely enough to pass a casual phone check. Real-time video deepfakes raise the stakes further: a fraudster can join a Zoom or Teams closing posing as a buyer, seller, or notary, complete with a convincing face and lip-synced speech.
The mechanics layer on top of existing BEC tradecraft. The attacker compromises or spoofs an email account, inserts altered wiring instructions, and then uses cloned audio or video to "verify" the change when a counterparty pushes back. Because the impersonation now defeats the verification step itself, the fraud feels confirmed rather than caught. Title companies, escrow agents, and lenders are especially exposed because they sit at the funds chokepoint and handle dozens of files simultaneously, making any single anomalous instruction easy to miss.
Verification Controls That Still Work
The defense is not to abandon callbacks but to harden them so a synthetic voice cannot satisfy them. Several controls remain effective against AI-enabled impersonation:
- Independently sourced callback numbers. Never call a number provided in the email or document requesting the change. Use a number obtained at the start of the engagement, from the original engagement letter, or from a verified directory. Cloned audio is useless if the attacker is not the one who answers.
- Out-of-band, multi-channel confirmation. Confirm any change to wiring instructions through a second, separate channel—for example, a phone call to a pre-established number plus a confirmation through a known secure portal. Do not let a single compromised channel both request and confirm the change.
- Shared secrets and challenge phrases. Establish a code word or transaction-specific reference at onboarding that legitimate parties can state on a call. A deepfake of someone's voice will not know a secret that was never spoken aloud online.
- No same-day instruction changes without escalation. Treat any last-minute change to account numbers, routing details, or payoff amounts as presumptively suspect, requiring sign-off from a supervisor and re-verification.
- Lock down the funds flow. Where possible, pre-validate beneficiary accounts, use wire-verification services, and prefer known, prior-validated accounts over newly supplied ones.
It is equally important to train staff that confidence on a call is not proof of identity. The persuasiveness of a deepfake is precisely the point; procedure, not instinct, must govern whether funds move.
When Prevention Fails: Incident Response
If a fraudulent wire goes out, the first hours are decisive. Immediately contact the originating bank and request a SWIFT recall or wire reversal, and ask the receiving institution to freeze the funds. In the United States, report the incident to the FBI's Internet Crime Complaint Center promptly, as rapid reporting can trigger financial fraud recovery mechanisms that improve the odds of clawback. Preserve everything: the original and altered emails with full headers, call logs, any recorded video sessions, and the metadata around them.
That evidence matters not only for recovery but for attribution and litigation. Determining how the account was compromised, whether the impersonation used synthetic media, and which party's controls failed will shape liability among buyers, sellers, lenders, title agents, and their insurers. A disciplined forensic preservation effort early on protects every downstream legal option.
How Law & Forensics Helps
Law & Forensics works with real estate attorneys, title companies, and lenders to harden closing workflows against AI-enabled fraud—designing out-of-band verification protocols, assessing where deepfakes can defeat existing callbacks, and training closing teams. When a fraudulent transfer occurs, our forensic and incident-response teams move quickly to preserve evidence, trace funds, analyze suspected synthetic media, and support recovery and litigation efforts. To discuss securing your transactions, contact us at +1 (855) 529-2466 or info@lawandforensics.com.