Identity theft doesn't just affect individuals—it can happen to businesses, too. Business identity theft, also called corporate or commercial identity theft, happens when criminals pretend to be business owners, managers, or employees to commit financial fraud or open lines of credit with banks and suppliers. In short, it's the unauthorized use of a business's name or information for financial gain.
Cybercriminals use important information like the business's tax identification number (TIN) or the owners' personal details and try to access the company's bank accounts or credit cards. Criminals act quickly by opening lines of credit or taking out loans using the business's credit history, and the fraud isn't noticed by victims until bills and collection notices start showing up, leaving the company with debt, damaged credit, and a tarnished reputation.
On top of direct financial losses, businesses may also face legal problems, like having to defend their trademarks, copyrights, or patents in court. Once the fraud is discovered, it can take a lot of time and money to fix the damage done to the business's finances, credit, and reputation.
With more personal and business information accessible online than ever before, it's become easier for criminals to gather the data they need to impersonate a business.
In many countries, the law requires businesses to publish sensitive information online, including financial statements, stakeholder information, employee identification numbers, sales tax, business numbers, and other details. This information can be more than enough for a cybercriminal to commit fraud.
While no business is entirely immune to identity theft, understanding how these criminals operate can help you protect your own business.
1. Use Business Owner's Personal Information to Access Business Data.
Sometimes thieves use an owner's or employee's personal information leaked in breaches to get into the business's files. This is why it's better to secure personal and business data at the same time.
2. Steal Documents or Credit Cards
One misplaced document or company credit card can put your business at risk. Make sure to lock away sensitive paperwork and limit access to employees who need it. Avoid storing important files on servers that are not properly secured, and always track who has access to key information.
3. Exploit Data Breaches
Hackers may exploit weaknesses in your software or use weak passwords to break into your business's systems and steal sensitive information. Once inside, they can access everything from customer data to financial records.
Related: How to Check If Your Business Is Affected by a Breach (And What to Do if It Is)
4. Target you through Phishing Scams
A phishing scam might involve an email that looks like it's from your bank, tech support, or a supplier asking you to confirm your account details with fake logos and branding that seem legitimate. But if you click on links or open attachments, you could be taken to a fake website or install malware, allowing the thieves to steal your business's data.
Related: Top 10 Scams Targeting Very Small Businesses: How to Stay Safe and What to Do If You're Scammed
5. Use Fake Social Media Accounts or Websites
Fraudsters might create fake social media profiles or clone your business's website, scam customers or suppliers, redirect funds, or trick people into providing personal information.
Related: How to Secure Your Facebook Business Page from Hackers
6. Send you Counterfeit Invoices
Scammers can also send fake invoices that look like they're from your business. By mimicking your branding and layout, they trick your collaborators into making payments, thinking it's a legitimate transaction.
Related:
What Are Invoice Scams and How Small Business Can Stay Safe
CEO Scams: How to Identify, Avoid, and Protect Your Business
When criminals gather enough information, they can steal a business's digital identity and commit several types of fraud:
1. Financial Fraud
Thieves may open new lines of credit, take out loans, or apply for credit cards in the business's name. They may also file fraudulent financial statements, leaving the business liable for debts it didn't incur.
2. Trademark Ransom
Criminals may imitate an existing business by securing a mailing address that closely resembles the real one. They could also register the business's name or logo as a trademark and then demand a ransom to release it.
3. Tax Fraud
By using the business's federal employer identification number (EIN), criminals can file fraudulent tax returns and claim refunds from the government. Sometimes, fraudsters access business information like sales tax or business license numbers, then use it to pose as the company and steal tax refunds.
4. Apply for benefits and loans. Criminals might file fraudulent applications for government loans, grants, or unemployment benefits in the name of a company. They take advantage of these programs, often designed to help businesses in times of crisis, by impersonating the legitimate business owner, leaving the real business to deal with the consequences.
Related: Loan Scams Uncovered. Protect Your Identity and Money
5. Create Fake LLCs
In some cases, thieves create a Limited Liability Company (LLC) with a name similar or identical to an existing business and register it in a different state. This allows them to reroute company payments and mail to their fraudulent address, causing significant financial losses and security problems for the real business.
Businesses often find out they've been victims of identity theft when they encounter unexpected tax filing problems or receive strange letters from the IRS.
Warning signs can also include:
Real-life story
Gerri Detweiler, a journalist and financial expert, discovered she was a victim of business identity theft when she noticed an unfamiliar inquiry from "SBA ODA" on her credit report. Having previously covered the Economic Injury Disaster Loan (EIDL) program, she quickly realized that someone had likely used her company's identity to apply for a loan. This discovery came after she had already dealt with retail credit card fraud and multiple attempts to misuse her personal information during the pandemic.
Read the full story here.
Keep an eye out for suspicious activity, such as inquiries or new accounts that you do not recognize, as these may indicate you are a victim of identity theft. Since credit bureaus only share information with each other in very limited circumstances, it's essential to monitor your credit with each of the major consumer credit reporting agencies: Equifax, Experian, and TransUnion. Additionally, check with commercial credit agencies like Dun & Bradstreet, Equifax, and Experian.
Sign up for electronic notifications from your bank and creditors to stay informed about account activity in real-time.
2. Secure Your Business Information
Keep important documents, including your Employer Identification Number (EIN) and account numbers, secured and limit access to those who need it. Carefully review bills and account statements upon receipt, reporting any suspicious activity immediately.
Related: How Remote Employees Can Cause a Data Breach of Your Small Business Data (And How to Prevent It)
3. Educate Employees
Train your staff on cybersecurity best practices, such as creating strong passwords, avoiding phishing scams, and recognizing suspicious emails. Teach them to keep personal and business email accounts separate to avoid leaking business data.
4. Be on the lookout for scams
Watch out for phishing scams, such as emails or phone calls that try to trick you into revealing sensitive information. Check links to make sure they are safe (padlock in the URL) and that they match the site you think you're visiting. Better yet, log into accounts directly from the financial institution's app or website.
5. Invest in Cyber Liability Insurance
Cyber insurance can help cover legal fees, credit monitoring, and other costs related to identity theft, in case it happens to your business.
6. Strengthen Your Digital Identity Monitoring and Security
To safeguard your business, consider utilizing software that identifies and eliminates counterfeit websites, domains, and social media profiles and also helps you with monitoring the digital identities of institutions and of each employee.
Bitdefender Ultimate Small Business Security is here to help you with comprehensive protection specifically designed for small businesses. Here's what it offers:
Bitdefender Ultimate Small Business Security is an easy-to-use, all-in-one, affordable solution that protects your business.
I protect my identity as a business owner?
Monitor your business identity and credit reports regularly. You'll secure sensitive documents, educate employees on cybersecurity, and use strong, unique passwords. Additionally, consider investing in cybersecurity insurance to safeguard against potential financial losses.
How can I prevent identity theft in my business?
Implement robust cybersecurity measures, including strong network security, regular employee training, secure disposal of sensitive documents, and monitoring of public records. Establish clear protocols for handling sensitive information to minimize risks.
How do I check if my business identity is being used without my knowledge?
To detect unauthorized use of your business identity, regularly check your business credit reports and financial statements for unusual activity, such as unfamiliar credit inquiries or new accounts.
Additionally, use tools like Business Assets Exposure, which monitors key business information such as your email, credit cards, and social media accounts. If any of this data is compromised in a breach, you’ll receive an alert. With this tool, you can see if you, your employees, or your business have been part of any data leaks, including details on the breach, the platform affected, and what kind of information (like your email or username) was exposed.
What do I do if I suspect my business has been targeted?
If you feel your business has become a target for identity theft, act immediately by:
Why are businesses targeted by identity thieves?
Businesses are attractive targets for identity thieves because they are legally required to disclose certain sensitive details, such as financial statements, stakeholder information, Employer Identification Numbers (EINs), and sales tax numbers. This publicly available information provides cybercriminals with a wealth of data they can exploit.
tags
Cristina is a freelance writer and a mother of two living in Denmark. Her 15 years experience in communication includes developing content for tv, online, mobile apps, and a chatbot.
View all postsNovember 14, 2024
September 06, 2024