Blog post: Online security
Hello and welcome to Scam Or Reliable!
Blog post: Online security
Buying or selling a property often involves fast-paced email exchanges, sensitive documents, and large bank transfers. Scammers know this: they try to slip into the conversation by posing as a professional (notary, estate agent, solicitor/attorney, developer) to get you to pay into a fraudulent bank account. The trap is particularly dangerous because it looks like a normal step in the process, and it tends to arrive precisely when pressure and urgency are rising. Understanding how it works and applying a few simple rules is usually enough to avoid a major financial loss.
Email payment diversion, in the context of a real estate transaction, means tricking you into sending money to the wrong beneficiary by replacing legitimate bank details with fraudulent ones. This scam is sometimes described as a “fake bank details” fraud or a “bank account/IBAN change” fraud, but the principle is the same: the victim believes they are paying a real party involved in the file, when in fact they are transferring funds to an account controlled by criminals. This type of attack often fits within identity impersonation or email compromise tactics, where “everything looks normal” is used as the primary weapon. In property transactions, it typically targets a deposit, an escrow payment, a funds call, or the final balance—at the exact moment when you think “finalise” rather than “be suspicious”.
Real estate transactions combine three ingredients that favour fraud: large sums, tight deadlines, and multiple parties. The more messages, document transfers, and cross-communication a file involves, the easier it becomes to create confusion about “who asked for what” and “which account to use”. On top of that comes a human factor: many people buy or sell property only rarely in their lives, and they do not have a verification routine. Scammers exploit that lack of habit, along with the assumption that “if it’s administrative, it must be reliable”.
In practice, the scam also feeds on the pace of a file: viewings, offer, contracts, financing, appointments, deeds, insurance, banking delays. When a deadline is approaching, a payment request sent “at the right time” feels natural—especially if it uses the right names and the right references. That is precisely why the payment phase must be treated as its own moment, with specific checks, even if everything else in the transaction has gone smoothly.
The scenarios are similar: an email says that certain bank details must be used to pay a sum related to the sale, sometimes with an attachment presented as an official document. The message can be very short, very neutral, and perfectly written, because the goal is not to persuade you with long explanations, but to trigger an “automatic” action. Some scammers even manage to insert themselves into an existing email thread if an account has been compromised, which strengthens the illusion of legitimacy.
The key takeaway is that the scam does not need to look “weird”. In many cases there are no obvious mistakes, no aggressive tone, and no absurd promise. The attack is procedural: it presents itself as a standard step in your file. That is why the right reflex is not to analyse the writing style, but to verify the instruction through an independent channel.
This is the best-known variant: you receive an email stating that the bank details have changed, often for a plausible reason (update, migration, previous error, new escrow account, “temporary account”). The message may quote real elements from the file to inspire trust: the property address, the seller’s name, internal references, the appointment date. In some cases, a very credible PDF is attached, with an administrative layout that makes it look like a standard instruction.
Here, the victim has already seen an IBAN/bank account number before, which should protect them. Scammers get around this by claiming that the first document is no longer valid, or that the beneficiary must be “corrected” to avoid a rejection or delay. This variant plays on a simple psychological mechanism: if you think the mistake is yours (typing, reference wording, formatting), you rush to “fix” it rather than verify the request. It also targets people who want to avoid being the reason a signing is postponed.
In some files, the scammer sends an email that looks like an internal exchange forwarded in copy, as if the agency, the office, or an administrative service is confirming the change. The goal is to create artificial consensus: “everyone agrees, I’m just following procedure”. The presence of multiple recipients or a highly administrative tone can, paradoxically, reassure—while it is sometimes used to hide the main issue: a bank account that should not be there.
There are two main routes: impersonation (making you believe they are a legitimate contact) and compromise (actually gaining access to a mailbox or an ongoing exchange). In the first case, a similar-looking name and a very close email address can be enough—especially if you’re reading on a phone or acting in a hurry. In the second case, the fraud becomes more dangerous, because the scammer can rely on accurate information, reply in the right thread, and pick the perfect moment.
This point is crucial: seeing true details does not prove a payment instruction is genuine. A compromised email account can reuse a signature, a message template, a file reference, and the usual formatting. That realism is exactly what lowers vigilance. Protection must therefore rely on a rule that is independent of the content: any bank instruction must be validated outside of email.
Most victims realise afterwards that there were clues, but that they seemed too minor at the time. That is normal: scammers aim for small anomalies, not blatant contradictions. Bank details can legitimately change in real life, and an urgent request can be plausible if a signing is near. The right approach is therefore to identify “high-risk” situations and automatically trigger a verification, even if the message looks credible.
With this type of scam, the best protection is a fixed procedure applied to every significant payment. The goal is not to suspect every professional, but to treat any change of bank details as an exceptional event that requires independent validation. If you adopt a clear rule from the start, you greatly reduce the effect of urgency, because you know what to do even under pressure.
The most effective rule is this: never approve a change of IBAN/bank details based on email alone. A legitimate professional will understand a verification, because these frauds affect many sectors, not only property transactions. In practice, that means calling using a number you already have or that you find yourself on an official source, and confirming the details verbally, or requesting confirmation through a known secure channel. This simple step, which takes only a few minutes, stops most attempts.
When it’s time to pay, you naturally focus on the amount, the date, and the fear of delaying the transaction. Scammers exploit that stress: they know the victim wants to “do the right thing” quickly. In a fake bank details fraud, the amount and the context are often consistent; the only difference is the beneficiary. That calls for targeted vigilance: the right check is not “does the email look nice?”, but “do these bank details come from an independent source?”.
If you have to enter an IBAN/bank account number, treat it as a dedicated step, without rushing. If someone pressures you, treat that as a risk signal, not an instruction. Finally, if something bothers you and you can’t explain why, stop and verify: scammers mostly succeed when the victim doesn’t want to “bother” anyone or “slow down” a file.
As soon as you have doubts, avoid staying inside the suspicious email exchange. If a contact’s mailbox has been compromised, continuing to talk by email may mean you are effectively talking to the scammer. The right reflex is to switch to an independent channel: a phone call, an in-person meeting, or contact via an official page. Also warn the professional concerned, because one attempt can target several parties in the file, and other payments may be in progress.
When a transfer has been made to a fraudulent account, speed is decisive. Funds can be moved very quickly, which reduces the chances of recovery. That does not mean you should panic, but it does mean you should act in order of priority, with concrete steps. The first step is still your bank: depending on the execution status, it may attempt a recall or start an appropriate fraud procedure.
Next, it is important to notify the professional involved in the transaction (notary, solicitor/attorney, agency, developer) to secure the rest of the file. A fraud attempt can also indicate email compromise: you must then avoid further bank instructions circulating without control. Finally, reporting through official channels helps you get the right guidance and formalise the situation.
Many victims say afterwards that “everything seemed normal”. That is exactly the strength of this type of fraud: it relies on real details and an administrative appearance. A copied signature, identical formatting, or a professional tone does not prove the sender’s identity. If an email account has been compromised, the scammer can even reply in the usual thread, which neutralises one of the most reassuring cues.
The only useful proof, in a payment request, is validation through an independent channel. It is a simple rule, but it prevents you from falling into the “it looks like usual” trap. In real estate, where amounts are high, that discipline is common-sense protection.
A property transaction is already complex enough: the goal is therefore a short checklist that you can apply effortlessly, especially when you are rushed. If you treat these points as non-negotiable rules, you greatly reduce the risk of being caught off guard. This checklist is deliberately general, so it remains valid regardless of the country or the professional involved.
Email payment diversion in property transactions is not a “crude” scam, but a trust-based fraud that blends into a real file at the most sensitive moment: payment. Protection depends on a few stable rules, especially verifying any change of bank details through an independent channel, and refusing to act under pressure. If you have doubts, it is better to slow down and confirm than to “save time” and lose a large sum. And if a transfer has already been executed, the urgent step is not to argue by email, but to contact your bank immediately and report the situation through official channels.
Scam Or Reliable: The independent and free reference for evaluating the reliability, effectiveness, and safety of online products. Our team of experts helps you form an objective opinion through rigorous analysis and authentic testimonials.
Its goal: Contribute to protecting consumers from online scams and misinformation by providing rigorous analyses and objective evaluations of products and services based on real, reliable testimonials from consumers.
Disclaimers: The information presented on this blog is for information purposes only. It is not a substitute for professional recommendations and should not be used to diagnose or treat specific problems. For specific advice, consult a qualified expert. We are not responsible for errors or inappropriate use of the information provided on this site. If you spot an inaccuracy, please notify us.