What Is Business Identity Theft

Identity theft doesn't just affect individuals—it can happen to businesses, too. Business identity theft, also called corporate or commercial identity theft, happens when criminals pretend to be business owners, managers, or employees to commit financial fraud or open lines of credit with banks and suppliers. In short, it's the unauthorized use of a business's name or information for financial gain.

Cybercriminals use important information like the business's tax identification number (TIN) or the owners' personal details and try to access the company's bank accounts or credit cards. Criminals act quickly by opening lines of credit or taking out loans using the business's credit history, and the fraud isn't noticed by victims until bills and collection notices start showing up, leaving the company with debt, damaged credit, and a tarnished reputation.

On top of direct financial losses, businesses may also face legal problems, like having to defend their trademarks, copyrights, or patents in court. Once the fraud is discovered, it can take a lot of time and money to fix the damage done to the business's finances, credit, and reputation.

How Criminals Get Business' Information for Identity Theft

With more personal and business information accessible online than ever before, it's become easier for criminals to gather the data they need to impersonate a business.

In many countries, the law requires businesses to publish sensitive information online, including financial statements, stakeholder information, employee identification numbers, sales tax, business numbers, and other details. This information can be more than enough for a cybercriminal to commit fraud.

While no business is entirely immune to identity theft, understanding how these criminals operate can help you protect your own business.

1. Use Business Owner's Personal Information to Access Business Data.

Sometimes thieves use an owner's or employee's personal information leaked in breaches to get into the business's files. This is why it's better to secure personal and business data at the same time.

2. Steal Documents or Credit Cards

One misplaced document or company credit card can put your business at risk. Make sure to lock away sensitive paperwork and limit access to employees who need it. Avoid storing important files on servers that are not properly secured, and always track who has access to key information.

3. Exploit Data Breaches

Hackers may exploit weaknesses in your software or use weak passwords to break into your business's systems and steal sensitive information. Once inside, they can access everything from customer data to financial records.

4. Target you through Phishing Scams

A phishing scam might involve an email that looks like it's from your bank, tech support, or a supplier asking you to confirm your account details with fake logos and branding that seem legitimate. But if you click on links or open attachments, you could be taken to a fake website or install malware, allowing the thieves to steal your business's data.

5. Use Fake Social Media Accounts or Websites

Fraudsters might create fake social media profiles or clone your business's website, scam customers or suppliers, redirect funds, or trick people into providing personal information.

6. Send you Counterfeit Invoices

Scammers can also send fake invoices that look like they're from your business. By mimicking your branding and layout, they trick your collaborators into making payments, thinking it's a legitimate transaction.

CEO Scams: How to Identify, Avoid, and Protect Your Business

Types of Business Identity Fraud

When criminals gather enough information, they can steal a business's digital identity and commit several types of fraud:

1. Financial Fraud

Thieves may open new lines of credit, take out loans, or apply for credit cards in the business's name. They may also file fraudulent financial statements, leaving the business liable for debts it didn't incur.

2. Trademark Ransom

Criminals may imitate an existing business by securing a mailing address that closely resembles the real one. They could also register the business's name or logo as a trademark and then demand a ransom to release it.

3. Tax Fraud

By using the business's federal employer identification number (EIN), criminals can file fraudulent tax returns and claim refunds from the government. Sometimes, fraudsters access business information like sales tax or business license numbers, then use it to pose as the company and steal tax refunds.

4. Apply for benefits and loans. Criminals might file fraudulent applications for government loans, grants, or unemployment benefits in the name of a company. They take advantage of these programs, often designed to help businesses in times of crisis, by impersonating the legitimate business owner, leaving the real business to deal with the consequences.

5. Create Fake LLCs

In some cases, thieves create a Limited Liability Company (LLC) with a name similar or identical to an existing business and register it in a different state. This allows them to reroute company payments and mail to their fraudulent address, causing significant financial losses and security problems for the real business.

Signs Your Business May Be Targeted

Businesses often find out they've been victims of identity theft when they encounter unexpected tax filing problems or receive strange letters from the IRS.

Warning signs can also include:

Receiving unfamiliar bills or collection notices for lines of credit you didn't open.
Discovering fraudulent credit card charges or accounts on your credit report.
Not receiving your business's mail or bills, indicating a possible address change.
Clients receiving fake invoices, emails, or notices claiming to be from your business.

Real-life story

Gerri Detweiler, a journalist and financial expert, discovered she was a victim of business identity theft when she noticed an unfamiliar inquiry from "SBA ODA" on her credit report. Having previously covered the Economic Injury Disaster Loan (EIDL) program, she quickly realized that someone had likely used her company's identity to apply for a loan. This discovery came after she had already dealt with retail credit card fraud and multiple attempts to misuse her personal information during the pandemic.

Read the full story here.

Take These Steps To Protect Your Business from Identity Theft

Regularly Check Your Personal and Business Credit Reports

Keep an eye out for suspicious activity, such as inquiries or new accounts that you do not recognize, as these may indicate you are a victim of identity theft. Since credit bureaus only share information with each other in very limited circumstances, it's essential to monitor your credit with each of the major consumer credit reporting agencies: Equifax, Experian, and TransUnion. Additionally, check with commercial credit agencies like Dun & Bradstreet, Equifax, and Experian.

2. Secure Your Business Information

Keep important documents, including your Employer Identification Number (EIN) and account numbers, secured and limit access to those who need it. Carefully review bills and account statements upon receipt, reporting any suspicious activity immediately.

3. Educate Employees

Train your staff on cybersecurity best practices, such as creating strong passwords, avoiding phishing scams, and recognizing suspicious emails. Teach them to keep personal and business email accounts separate to avoid leaking business data.

4. Be on the lookout for scams

Watch out for phishing scams, such as emails or phone calls that try to trick you into revealing sensitive information. Check links to make sure they are safe (padlock in the URL) and that they match the site you think you're visiting. Better yet, log into accounts directly from the financial institution's app or website.

5. Invest in Cyber Liability Insurance

Cyber insurance can help cover legal fees, credit monitoring, and other costs related to identity theft, in case it happens to your business.

6. Strengthen Your Digital Identity Monitoring and Security

To safeguard your business, consider utilizing software that identifies and eliminates counterfeit websites, domains, and social media profiles and also helps you with monitoring the digital identities of institutions and of each employee.

Bitdefender Ultimate Small Business Security is here to help you with comprehensive protection specifically designed for small businesses. Here's what it offers:

Phishing and Email Protection: Stops phishing scams and fraudulent emails before they reach your inbox.
Malware Defense: Keeps your Windows PCs, Macs, iPhones, Android phones, and Windows servers safe from malware, including ransomware.
Password Manager: It helps you create strong passwords and keeps them secure.
VPN: Provides unlimited VPN traffic for you and your employees to keep all your remote connections safe.
Scam Copilot: Uses AI to help your team spot scams and avoid threats while boosting your cybersecurity skills.
Business Assets Exposure keeps an eye on your important business info like your email, credit cards, and social media accounts. If any of this information gets caught up in a data breach, you'll get a notification. Once you've set it up, you can check if you, your employees, or your business have been part of any data leaks. You'll learn about the breach, the service it happened on, and what kind of information was exposed (like your email or username).
Easy to Use: Features a straightforward dashboard that anyone can manage, with no IT expertise needed.

Bitdefender Ultimate Small Business Security is an easy-to-use, all-in-one, affordable solution that protects your business.

FAQs

I protect my identity as a business owner?

Monitor your business identity and credit reports regularly. You'll secure sensitive documents, educate employees on cybersecurity, and use strong, unique passwords. Additionally, consider investing in cybersecurity insurance to safeguard against potential financial losses.

How can I prevent identity theft in my business?

Implement robust cybersecurity measures, including strong network security, regular employee training, secure disposal of sensitive documents, and monitoring of public records. Establish clear protocols for handling sensitive information to minimize risks.

How do I check if my business identity is being used without my knowledge?

To detect unauthorized use of your business identity, regularly check your business credit reports and financial statements for unusual activity, such as unfamiliar credit inquiries or new accounts.

Additionally, use tools like Business Assets Exposure, which monitors key business information such as your email, credit cards, and social media accounts. If any of this data is compromised in a breach, you’ll receive an alert. With this tool, you can see if you, your employees, or your business have been part of any data leaks, including details on the breach, the platform affected, and what kind of information (like your email or username) was exposed.

What do I do if I suspect my business has been targeted?

If you feel your business has become a target for identity theft, act immediately by:

Reporting the theft to your local authorities
Contacting your banks and credit providers to notify them of the theft
Placing fraud alerts on your business accounts
Reaching out to any creditors where fraudulent accounts were opened and requesting copies of all documentation used to access those accounts
Consulting with an attorney about your options

Why are businesses targeted by identity thieves?

Businesses are attractive targets for identity thieves because they are legally required to disclose certain sensitive details, such as financial statements, stakeholder information, Employer Identification Numbers (EINs), and sales tax numbers. This publicly available information provides cybercriminals with a wealth of data they can exploit.