Alert: New Fraud Scheme Targets Settlement Companies by Impersonating Bank Fraud Departments

December 31, 2025

Settlement companies and real estate law firms are facing a dangerous and increasingly sophisticated wire fraud scheme that exploits trust in banking institutions and multi-factor authentication (MFA) procedures.

Industry professionals have detected a growing number of incidents in which fraudsters pose as bank fraud departments in order to steal login credentials and execute unauthorized wire transfers from escrow and operating accounts.

If you are contacted by your bank for any reason—including possible fraud—and are asked for any part of your login credentials or MFA information, hang up immediately. Instead, companies should contact the bank’s fraud department directly using a known-safe phone number, such as one listed on official bank documentation or the institution’s verified website.

How the Scam Works

The scheme is notable not just for its potential effectiveness, but for how convincingly criminals may impersonate legitimate financial institutions. Here are the tactics:

• The “caller ID” phone number is often spoofed and will appear as the bank’s true phone number.
• In some cases, the call is preceded by a text message that looks like a legitimate bank fraud alert, reinforcing the credibility of the follow-up phone call.
• Fraudsters often possess partial but convincing internal information, such as the names of authorized account users, partial login credentials or even fragments of Social Security numbers.
• There appears to be a trend of targeting companies that bank with smaller or local financial institutions, but this could occur no matter what bank is used.

This combination of urgency, familiarity and apparent verification creates the perfect conditions for social engineering, particularly in busy closing environments where staff are accustomed to responding quickly to potential banking issues.

What to Do If an Incident Occurs

If a settlement company or law firm believes it has been targeted—or has already experienced unauthorized account activity—take these immediate steps:

• Follow ALTA’s Wire Fraud Incident Response Protocol, available through ALTA’s Rapid Response Worksheet, and contact appropriate parties
• Preserve all communications, including call logs, texts and emails related to the incident

Fast response is critical. In some cases, prompt action may help limit losses or improve the chances of recovering funds.

“As wire fraud schemes continue to evolve, this latest tactic underscores a broader industry challenge,” said ALTA President David Townsend Esq, NTP. “The use of MFA and credential theft shows that fraudsters are adapting as companies strengthen traditional safeguards.

“For title agencies and real estate law firms, ongoing staff education, strict credential policies and clearly defined escalation procedures are essential. Everyone—from front-desk staff to escrow officers and attorneys—must understand that no legitimate bank inquiry requires sharing login or MFA information. Any such request should be treated as a red flag.”

Contact ALTA at 202-296-3671 or communications@alta.org.

Agent Alert: 1099-S Filing Summary Chart

As the end of the year approaches, Form 1099-S filing season will begin. The Form 1099-S, along with the appropriate Form 1096 transmittal, must be submitted to the Internal Revenue Service no later than February 28,2026, if filing by paper, or by March 31, 2026, if filing electronically.

Transferor copies should be mailed by February 17, 2026, unless you already provided one at the time of the closing.

Here are important dates to keep in mind:

Optimizing Professional Communication with Custom Domains


Using a custom domain provides companies with significant advantages that relate to security, branding, and overall professionalism. Having a custom domain can signal to clients and recipients a sense of legitimacy since people are more likely to trust forms of communication from a domain that aligns with your company’s name. Besides the branding and marketing benefits of a custom domain, the security upsides cannot go unnoticed.

Specifically, when you have full control of your domain, you can establish the security measures of:

• SPF (Sender Policy Framework).
• DKIM (DomainKeys Identified Mail).
• DMARC (Domain-based Message Authentication, Reporting & Conformance).

Each of these layers to email security are of equal importance, because they can drastically reduce domain spoofing and unauthorized use by forcing the verification of the sender’s identity. These security defenses for your email domain are imperative, especially with these frightening statistics:

• Over 90% of cyberattacks start with an email via phishing techniques.
• 94% of malware is still delivered via email.
• 91% of targeted, baiting phishing emails are sent from newly created Gmail accounts.

In taking the security, branding, and professional points into consideration, while free email providers, such as Gmail, Yahoo, etc., are easy and convenient, they lack the credibility and protection you could be getting with a custom domain. By creating a tailored domain for your company, you will increase the inbox placement of your email, as legitimate, security-aligned domains reach roughly 83%-85% of inboxes. In today’s competitive business landscape, first impressions matter more than ever, so making a switch to a custom domain can be an impactful choice.

Article provided by Holly Mendez, CATIC, Senior Security Engineer

CATIC Academy Webinars

CATIC Academy is pleased to present a timely two-part webinar series addressing a major expansion of federal Anti–Money Laundering (AML) regulations that will significantly impact residential real estate transactions. All CATIC agents and their staff are invited to attend.

Effective March 1, 2026, FinCEN’s new Residential Real Estate Reporting Rule replaces prior Geographic Targeting Orders and eliminates both geographic limitations and dollar thresholds. The Rule now requires reporting of certain non-financed residential real estate transfers to entities or trusts, creating new compliance obligations for settlement agents and other professionals involved in closings.

This webinar series will walk participants through:

• When a transaction is reportable under the new Rule

• Who is responsible for reporting, including the cascading reporting order and designation agreements

• What information must be collected, including beneficial ownership data

• When and how to file reports using the FinCEN BSA E-Filing System

• Penalties for non-compliance and practical steps to prepare your office and staff

Whether you are a settlement agent, attorney, or real estate professional, these sessions will help you understand what’s changing, what’s required, and how CATIC can support your compliance efforts.

DATES: 

Part 1: What you need to know NOW was held on January 21st. If you missed the webinar, please click here to watch the recorded webinar on CATIC Academy. Note: You will need to enter your CATIC credentials.

Part 2: What you need to know for MARCH 1st.

February 4, 2026 | 10:00 A.M. - 11:00 A.M. 

CLE/CE ELIGIBLE: Each session is eligible for 1 CLE/CE credit in: CT, NH, NY & VT

Please visit CATIC’s FinCEN in Focus page to access helpful resources to share with clients, realtors, and lenders. Note: You do not need CATIC credentials to view these resources.

CATIC Academy has dozens of online courses to help you fulfill your CLE requirements on-demand and on your own schedule. All CATIC Academy CLE Webinars are approved for Vermont CLE. Explore CATIC Academy to see our full library of offerings here. Don't have access? To access CATIC Academy, all you need is a CATIC agent login. Click here to create one today and start enjoying all the Academy has to offer.

Heads Up—Good Stuff Coming Your Way!

Social Media

Follow us on Facebook, LinkedIn, and Instagram!