1031 Wire-Fraud Prevention Checklist for Qualified Intermediaries
Security Assessment

1031 QI Wire-Fraud Prevention Checklist

Wire fraud is the single largest financial threat to a 1031 exchange. Evaluate your controls across twelve questions, expose the critical gaps, and guard your clients' funds.

Answer 12 questions to see how your current controls hold up. Nothing you enter is stored or sent anywhere.

As a Qualified Intermediary, you hold exchange proceeds in escrow so the taxpayer never takes constructive receipt. That makes you a prime target for Business Email Compromise, where fraudsters spoof or hijack email to slip fake wire instructions into a closing and divert the proceeds to their own account. Real estate is one of the most heavily targeted sectors because the dollar amounts are large, many parties email each other, and deadlines create pressure.

Why 1031 exchanges are a prime target

The danger concentrates in the window between the Day 45 replacement-property identification deadline and the Day 180 completion deadline. That is when wiring details for replacement properties get sent and changed, which is exactly when BEC actors strike. These handoff points, where money and instructions move between QI, title, escrow, lender, and buyer, are where controls tend to be weakest. The five categories below are the controls that close those gaps.

Category 1: Out-of-band wire verification

This is the highest-leverage control you have. Before sending any new or changed wire instruction, call the requester back on a phone number you already have on file, never a number taken from the email or request itself. The callback must be mandatory and documented for every wire, with no exceptions carved out for "urgent" or "last-minute" requests, because urgency is the attacker's favorite lever. Email-based confirmation fails here: if the inbox is compromised, the confirmation is compromised too.

Category 2: Inbox authentication on role accounts

Email authentication stops spoofed messages from reaching your team in the first place. Three records work together:

  • SPF declares which servers may send mail for your domain.
  • DKIM cryptographically signs your messages so recipients can verify they were not altered.
  • DMARC tells receiving servers what to do with mail that fails SPF or DKIM, and reports back on abuse.

The common failure is leaving DMARC at p=none (monitor-only), which detects spoofing but does nothing to stop it. Set DMARC to enforcement (quarantine or reject), and apply all three records to shared role mailboxes like wires@, exchanges@, and closings@, the exact accounts attackers impersonate.

Category 3: Escrow signer separation (dual control)

No single person should be able to move client money alone. Releasing a wire should require two different people, one to initiate and a separate person to approve and release. Wire-approval authority and dollar-threshold limits should be documented in writing, so the rule does not bend under deadline pressure or a convincing email.

Category 4: Exchange-document portal access review

Stale access is silent risk. Review who can reach your exchange-document portal on a fixed schedule, quarterly at minimum, and deactivate accounts for former employees, clients, and vendors promptly when access is no longer needed. Every dormant account with live credentials is an unguarded door into your transaction data.

Category 5: Audit trail and E&O readiness

If a wire is ever questioned, you need proof your controls actually ran. Keep a log for every wire that records who placed the callback, when, what number was used, and who confirmed. A complete audit trail both deters internal error and supports your errors-and-omissions position if a loss is ever disputed. Controls you cannot evidence are controls a court and an insurer will treat as if they did not exist.

What to ask before you hand a QI your funds

If you are an investor rather than a QI, the same checklist becomes a vetting tool. Before wiring proceeds to any intermediary, ask:

  • How is my money held, in a segregated qualified escrow or trust account, or commingled?
  • Does releasing a wire require two people (dual control)?
  • Do you enforce callback verification on every wire, including urgent ones?
  • What fidelity bond and E&O coverage do you carry, and at what limits?

A QI who answers these crisply is protecting your funds. One who hesitates is a risk. This is the operational backbone of the 1031 Specialist Standard, and it is why investors compare us against the field on how QI firms are chosen.

If you've already sent a fraudulent wire

Speed is everything. The financial fraud kill chain works best inside the first 72 hours:

  1. Call your bank immediately and request a wire recall and account freeze.
  2. File with the FBI Internet Crime Complaint Center (IC3) at ic3.gov, which can trigger the kill chain to freeze funds at the receiving bank.
  3. Notify every party to the transaction and your insurer, and preserve all email headers and logs as evidence.

Frequently asked questions

Why are 1031 exchanges a target for wire fraud?

A Qualified Intermediary holds large exchange proceeds in escrow, many parties email each other during a deal, and strict deadlines create pressure to move money fast. That combination of big dollar amounts, multiple participants, and urgency is exactly what Business Email Compromise attackers exploit.

What is the single most effective control against wire fraud?

Out-of-band callback verification. Before sending any new or changed wire, call the requester back on a phone number you already have on file, never a number taken from the email itself. Make it mandatory for every wire with no exceptions for urgent requests.

What is Business Email Compromise (BEC)?

BEC is a fraud where an attacker spoofs or hijacks a legitimate email account to insert fraudulent wire instructions into a real transaction, diverting funds to an account they control. In real estate it typically strikes during the closing and funding window.

What should I do if I have already sent a wire to a fraudulent account?

Act immediately. Contact your bank to request a recall or freeze, file a report with the FBI Internet Crime Complaint Center (IC3), and notify all parties. Recovery odds are highest within the first 72 hours through the financial fraud kill chain.

How should investors vet a Qualified Intermediary's security?

Ask how funds are segregated, whether wire releases require dual control, whether the QI enforces callback verification on every wire, and what fidelity bond and errors-and-omissions coverage they carry. A QI that cannot answer these crisply is a risk to your funds.

JH
Reviewed by Jon Hilley, Managing Partner, 1031 Specialists

This tool and article are for informational and planning purposes only and do not constitute legal, financial, or security advice. Threats and best practices evolve; consult qualified security and legal professionals for your specific situation. Nothing entered into the assessment is stored or transmitted.

1031 Specialists

The 1031 Exchange Specialists

(631) GET-1031
info@1031specialists.com

company

about usJoin Our TeamRefer & EarnPartnersVideo

legal

Privacy PolicyTerms of Use

resources

1031 Bible1031 Masterclass1031 eligibility1031 Specialists Standard1031 BlogFAQ

TOOLS

1031 Exchange CalculatorDepreciation Recapture CalculatorForm 8824 WorksheetPartial 1031 (Boot) Calculator45-Day Identification ValidatorCapital Gains vs. 1031 Exchange Comparison1031 Exchange Deadline Tracker1031 QI Wire-Fraud Prevention Checklist

This is not legal, investment, nor tax advice. Seek the counsel of a qualified attorney, investment advisor and / or accountant.

© 2024 1031 Specialists. All rights reserved.