CRE Lenders
July 6, 2026
CRE Lenders
July 6, 2026

In commercial real estate (CRE) lending, the riskiest document in your loan file is often the one that arrived by email. A borrower sends a financial statement, a draw request, or new wire instructions as an attachment. Someone on the team opens it, trusts it, and acts on it. That is exactly the opening fraudsters look for.
The scale is no longer abstract. The FBI's Internet Crime Complaint Center logged close to $2.77 billion in losses to business email compromise in 2024 alone, according to its 2024 Internet Crime Report. For lenders that still run borrower communication through the inbox, that figure describes their own attack surface, not a problem confined to other industries.
This article explains why email is the weak point in CRE servicing, and how leading lenders are closing it by redesigning their workflow, so verification is built in rather than added on. This is the approach Smart Capital Center was built on.
Business email compromise (BEC) is a scam in which a fraudster impersonates someone the target already trusts — a borrower, a vendor, or a colleague — to redirect a payment or slip a falsified document into the file. There is usually no malware or hacking in the technical sense. The attacker simply sends a convincing email.
A typical version looks like this. A message arrives that appears to come from a known borrower. It asks the team to update the wire instructions on an upcoming disbursement, or it attaches a “revised” financial statement with numbers that have been quietly altered. Nothing looks broken. The logo is right. The tone is right. The request is routine. And that is the point: BEC works because it targets trust, not technology.
That is why the conventional defenses fall short. Spam filters and antivirus tools look for malicious code. A well-crafted BEC email doesn't contain any malicious code. It looks like ordinary business correspondence, because that is what it is designed to be.

Most lenders still run borrower communication through email. Borrowers use it to submit financial statements, invoices, draw requests, escrow disbursement requests, insurance updates, covenant materials, and payment questions. Each one arrives as a loose attachment in someone's inbox.
Email is a poor system of record for four reasons.
Email is easy to fake and hard to track. When every submission lives in one monitored place, verification stops being optional and becomes structural.
— Laura Krashakova, CEO, Smart Capital Center
The point is simple: while email is the way borrowers reach the loan file, catching a fake or altered document depends on someone staying alert, not on the workflow itself.
The Numbers Behind the Risk
The data tells a consistent story. Email-based payment fraud is widespread, expensive, and concentrated exactly where teams operate.

The most effective way to prevent fraud is structural control. Move borrower communication out of email and into a secure borrower portal — one controlled environment where borrowers access their loan information and submit everything the relationship requires. That single change does most of the work, in three steps.
That third step is the difference between catching problems and preventing them. Manual review is periodic and document-by-document. Automated monitoring is continuous and looks across the whole file at once, so it surfaces the inconsistencies manual one-document-at-a-time reviews tend to miss. This is exactly what Smart Capital Center's fraud alert capability does: it watches submissions across documents and across time, then raises early warning signals rather than waiting for a loss to surface.
The same monitored environment that closes the fraud gap also drives the productivity gains documented with clients, because the structure that makes a workflow verifiable is the same structure that makes it fast.
The principle is simple: email fraud relies on borrower submissions arriving by email. Replacing emails with a secure borrower portal prevents fraud at the source.
A portal and AI monitoring are not a switch you flip. Three risks deserve attention.
When assessing a portal and monitoring layer, five tests separate production-ready systems from demos.
At the 2026 MBA CRE Servicing Solutions Conference, one panel noted that the industry already verifies roughly 95% of wire instructions, and that the remaining 5%, the trusted and familiar counterparties, is where attacks concentrate. (We cover the conference's full set of themes in our recap of the 2026 MBA CRE Servicing Solutions Conference. [Internal note: insert recap link once the post is published.]) Closing that last 5% comes down to one thing: a workflow where verification happens automatically.
Business email compromise is not a sophisticated technical attack. It is a confidence trick that works because lenders still trust the inbox. The fix is a workflow such as a borrower portal, where email is no longer the path: every borrower submission enters a secure, monitored environment, tied to the loan and watched continuously for anything that does not reconcile.
That is fraud prevention by design. It is how commercial real estate lenders turn verification from an optional step into a structural one.
See how Smart Capital Center makes verification structural across your lending operation. Book a demo today.
Q: What is business email compromise (BEC) in commercial real estate lending?
A: BEC is a scam in which a fraudster impersonates a trusted party — a borrower, vendor, or colleague — over email to redirect a payment or insert a falsified document into the loan file. It usually involves no malware. It succeeds by exploiting trust in routine correspondence, which is why ordinary email filters often miss it.
Q: How can lenders prevent wire fraud in loan servicing?
A: The most effective control is structural: move borrower communication and submissions out of email and into a secure portal with identity validation, permissions, and a complete audit trail. Smart Capital Center's borrower portal captures every submission as a structured record tied to the loan. It then checks wire instructions and disbursement requests against the loan record automatically, so a changed payment detail is verified before anyone acts on it. Employee training helps, but workflow design matters more, because it removes the openings impersonation relies on.
Q: Can AI detect business email compromise?
A: Yes, indirectly and effectively. The Smart Capital Center borrower portal compares each new submission against prior periods, loan agreements, and approved budgets, then flags anything inconsistent for a person to review. By analyzing the full document set at once rather than one file at a time, it surfaces the discrepancies a manual review tends to miss, and routes them to an analyst rather than replacing that judgment.
Q: Is employee training enough to stop BEC?
A: Training reduces risk but cannot carry the full load, because a well-crafted BEC email is designed to look completely normal. A trained employee can still be deceived by a convincing message at a busy moment. Pairing training with a workflow that verifies submissions automatically — as Smart Capital Center does — is far more reliable than relying on vigilance alone.
Q: How does a secure borrower portal reduce wire fraud risk?
A: A secure borrower portal moves loan submissions and borrower communication out of email, where most fraud risk concentrates, and captures them as structured, auditable records tied to the loan. Smart Capital Center validates who each submitter is, enforces permissions, and feeds existing servicing systems through integrations, so impersonation and misdirected attachments lose their entry point. The portal sits in front of your core servicing platform as a secure front door, rather than replacing it.
Q: How does Smart Capital Center help prevent wire fraud in loan servicing?
A: Smart Capital Center makes verification structural by moving borrower submissions into a secure borrower portal, tying every document to the loan with a complete audit trail, and running continuous AI monitoring that compares each submission against prior periods, the loan agreement, and approved budgets. Its fraud alert capability raises early warning signals across documents and over time, then routes them to an analyst for review. The result is fraud prevention built into the servicing workflow rather than bolted on after the fact. Book a demo to see it in action.