No items found.

CRE Lenders

July 6, 2026

How to Prevent Email Fraud and Business Email Compromise in Commercial Real Estate Loan Servicing

Blog Details Image

In commercial real estate (CRE) lending, the riskiest document in your loan file is often the one that arrived by email. A borrower sends a financial statement, a draw request, or new wire instructions as an attachment. Someone on the team opens it, trusts it, and acts on it. That is exactly the opening fraudsters look for.

The scale is no longer abstract. The FBI's Internet Crime Complaint Center logged close to $2.77 billion in losses to business email compromise in 2024 alone, according to its 2024 Internet Crime Report. For lenders that still run borrower communication through the inbox, that figure describes their own attack surface, not a problem confined to other industries.

This article explains why email is the weak point in CRE servicing, and how leading lenders are closing it by redesigning their workflow, so verification is built in rather than added on. This is the approach Smart Capital Center was built on.

What Business Email Compromise Actually Is

Business email compromise (BEC) is a scam in which a fraudster impersonates someone the target already trusts — a borrower, a vendor, or a colleague — to redirect a payment or slip a falsified document into the file. There is usually no malware or hacking in the technical sense. The attacker simply sends a convincing email.

A typical version looks like this. A message arrives that appears to come from a known borrower. It asks the team to update the wire instructions on an upcoming disbursement, or it attaches a “revised” financial statement with numbers that have been quietly altered. Nothing looks broken. The logo is right. The tone is right. The request is routine. And that is the point: BEC works because it targets trust, not technology.

That is why the conventional defenses fall short. Spam filters and antivirus tools look for malicious code. A well-crafted BEC email doesn't contain any malicious code. It looks like ordinary business correspondence, because that is what it is designed to be.

Why Email Is the Weakest Link in CRE Servicing

Most lenders still run borrower communication through email. Borrowers use it to submit financial statements, invoices, draw requests, escrow disbursement requests, insurance updates, covenant materials, and payment questions. Each one arrives as a loose attachment in someone's inbox.

Email is a poor system of record for four reasons.

  1. It is unstructured. An attachment is not tied to the loan, the borrower, or the property. It is a file in a thread, and the connection to the loan record lives only in the reader's memory.
  1. It is easy to spoof. A display name and a familiar signature are simple to fake. The recipient has no reliable way to confirm the sender is who they claim to be.
  1. It is hard to govern. There is no enforced trail of who submitted what, when, whether it was revised, and who approved it. Reconstructing that history means digging back through threads.
  1. It is disconnected from the data. A new financial statement sits in an inbox with nothing automatically checking it against the prior period or the loan agreement. Errors and altered figures can sit in the file unnoticed, because nothing forces them to reconcile.

Email is easy to fake and hard to track. When every submission lives in one monitored place, verification stops being optional and becomes structural.

— Laura Krashakova, CEO, Smart Capital Center

The point is simple: while email is the way borrowers reach the loan file, catching a fake or altered document depends on someone staying alert, not on the workflow itself.

The Numbers Behind the Risk

The data tells a consistent story. Email-based payment fraud is widespread, expensive, and concentrated exactly where teams operate.

Metric Figure Source
Losses to business email compromise, 2024 ~$2.77 billion FBI IC3, 2024 Internet Crime Report
Organizations that experienced business email compromise in 2024 63% AFP 2025 Payments Fraud and Control Survey
Share of all 2024 IC3 losses driven by cyber-enabled fraud ~83% ($13.7B) FBI IC3, 2024 Internet Crime Report

How to Prevent Wire Fraud: Verification by Design

The most effective way to prevent fraud is structural control. Move borrower communication out of email and into a secure borrower portal — one controlled environment where borrowers access their loan information and submit everything the relationship requires. That single change does most of the work, in three steps.

  1. Make every submission a record, not an attachment. In a portal, a financial statement or disbursement request is tied to the right loan, borrower, property, timestamp, and workflow the moment it arrives. It is no longer a file floating in a thread.
  1. Build the audit trail in. The portal enforces identity validation, permissions, and document history. You know who submitted what, when, whether it was revised, who reviewed it, and who approved it. Spoofed emails and misdirected attachments lose their entry point.
  1. Let monitoring run continuously. This is where artificial intelligence (AI) earns its place. When a borrower uploads financials, the system compares them against prior periods. When a disbursement request comes in, it checks the request against the loan agreement, approved budget, and prior draws. Anything that does not line up is flagged for a person to review, before it becomes a risk.

That third step is the difference between catching problems and preventing them. Manual review is periodic and document-by-document. Automated monitoring is continuous and looks across the whole file at once, so it surfaces the inconsistencies manual one-document-at-a-time reviews tend to miss. This is exactly what Smart Capital Center's fraud alert capability does: it watches submissions across documents and across time, then raises early warning signals rather than waiting for a loss to surface.

The same monitored environment that closes the fraud gap also drives the productivity gains documented with clients, because the structure that makes a workflow verifiable is the same structure that makes it fast.

The principle is simple: email fraud relies on borrower submissions arriving by email. Replacing emails with a secure borrower portal prevents fraud at the source.

Risks to Consider Before Deploying

A portal and AI monitoring are not a switch you flip. Three risks deserve attention.

  1. Adoption is a change-management problem, not a technology problem. A portal only removes email risk if borrowers actually use it. Start with the highest-volume submission types, financials and draw requests, and make the portal genuinely easier than sending an attachment.
  1. Alert fatigue from poorly tuned monitoring. If variance thresholds are set too broadly, the system buries real signals under false positives. Calibrate thresholds to your portfolio's norms during a baseline period before turning on automated notifications.
  1. Traceability is non-negotiable. A monitoring system that cannot explain its own alerts creates work instead of removing it. Insist on a system where every flag links back to the source document and the data point that triggered it.

How to Evaluate a Fraud-Resistant Servicing Setup

When assessing a portal and monitoring layer, five tests separate production-ready systems from demos.

  1. Loan-record connectivity. Confirm that every submission is automatically tied to the loan, borrower, and property, not filed in a generic folder by hand.
  1. Audit trail completeness. Ask for a sample audit log. It should capture submission, revision, review, and approval, each with a timestamp and user identity. If any step happens outside the system, the trail has gaps.
  1. Cross-document intelligence. Submit a current financial statement alongside prior-period data and confirm the system flags meaningful variances, not just that a file was received.
  1. Source-level traceability. When something is flagged, an analyst should immediately see which documents were involved and where the triggering figure sits in the source.
  1. Identity and permission controls. Verify that the portal validates who a submitter is and what they are allowed to do, the controls that make impersonation hard in the first place.

At the 2026 MBA CRE Servicing Solutions Conference, one panel noted that the industry already verifies roughly 95% of wire instructions, and that the remaining 5%, the trusted and familiar counterparties, is where attacks concentrate. (We cover the conference's full set of themes in our recap of the 2026 MBA CRE Servicing Solutions Conference. [Internal note: insert recap link once the post is published.]) Closing that last 5% comes down to one thing: a workflow where verification happens automatically.

The Bottom Line

Business email compromise is not a sophisticated technical attack. It is a confidence trick that works because lenders still trust the inbox. The fix is a workflow such as a borrower portal, where email is no longer the path: every borrower submission enters a secure, monitored environment, tied to the loan and watched continuously for anything that does not reconcile.

That is fraud prevention by design. It is how commercial real estate lenders turn verification from an optional step into a structural one.

See how Smart Capital Center makes verification structural across your lending operation. Book a demo today.

FAQ: Preventing Email Fraud in CRE Loan Servicing

Q: What is business email compromise (BEC) in commercial real estate lending?

A: BEC is a scam in which a fraudster impersonates a trusted party — a borrower, vendor, or colleague — over email to redirect a payment or insert a falsified document into the loan file. It usually involves no malware. It succeeds by exploiting trust in routine correspondence, which is why ordinary email filters often miss it.

Q: How can lenders prevent wire fraud in loan servicing?

A: The most effective control is structural: move borrower communication and submissions out of email and into a secure portal with identity validation, permissions, and a complete audit trail. Smart Capital Center's borrower portal captures every submission as a structured record tied to the loan. It then checks wire instructions and disbursement requests against the loan record automatically, so a changed payment detail is verified before anyone acts on it. Employee training helps, but workflow design matters more, because it removes the openings impersonation relies on.

Q: Can AI detect business email compromise?

A: Yes, indirectly and effectively. The Smart Capital Center borrower portal compares each new submission against prior periods, loan agreements, and approved budgets, then flags anything inconsistent for a person to review. By analyzing the full document set at once rather than one file at a time, it surfaces the discrepancies a manual review tends to miss, and routes them to an analyst rather than replacing that judgment.

Q: Is employee training enough to stop BEC?

A: Training reduces risk but cannot carry the full load, because a well-crafted BEC email is designed to look completely normal. A trained employee can still be deceived by a convincing message at a busy moment. Pairing training with a workflow that verifies submissions automatically — as Smart Capital Center does — is far more reliable than relying on vigilance alone.

Q: How does a secure borrower portal reduce wire fraud risk?

A: A secure borrower portal moves loan submissions and borrower communication out of email, where most fraud risk concentrates, and captures them as structured, auditable records tied to the loan. Smart Capital Center validates who each submitter is, enforces permissions, and feeds existing servicing systems through integrations, so impersonation and misdirected attachments lose their entry point. The portal sits in front of your core servicing platform as a secure front door, rather than replacing it.

Q: How does Smart Capital Center help prevent wire fraud in loan servicing?

A: Smart Capital Center makes verification structural by moving borrower submissions into a secure borrower portal, tying every document to the loan with a complete audit trail, and running continuous AI monitoring that compares each submission against prior periods, the loan agreement, and approved budgets. Its fraud alert capability raises early warning signals across documents and over time, then routes them to an analyst for review. The result is fraud prevention built into the servicing workflow rather than bolted on after the fact. Book a demo to see it in action.

Author's photo

Written by

Masoom Desai

July 6, 2026