EXECUTIVE SUMMARY:
In the way that the identity of a person can be stolen, the identity of a business can also be subject to theft. Once a business identity theft scheme is uncovered, a business must allocate time and resources to resolving the situation. It’s critical to implement preventative security mechanisms and controls in order to quickly identify and fight this type of fraud. Keep reading to learn more.
Business identity theft, also known as corporate or commercial identity theft, occurs when cyber criminals masquerade as a businesses’ owners, executives or employees in order to illegally transact in the name of a given business. The typical objective is financial gain.
Thieves can steal a businesses’ identity via access to commercial bank accounts and credit cards, or through the theft of sensitive corporate information, such as the businesses’ tax identification number (TIN).
With these ‘weapons’ thieves can open lines of credit or take out business loans. They cash out ahead of detection and in most cases, the bills and collection notices arrive before a compromised business even realizes that anything is amiss.
What business identity theft can look like…
Business identity theft schemes come in many different varieties and can pan out in an assortment of different ways. Cyber criminals may:
- Scam a businesses’ employees to access financial details
- Set up temporary office space in a businesses’ name
- Create merchant accounts in a businesses’ name
- Purchase merchandise or services with stolen credit card information
- Purchase merchandise or services using fake bank details in the name of a victimized business
- Parse through an organization’s trash and recycling containers for sensitive data that could be used for financial compromise purposes
- File fraudulent forms with the appropriate government office in order to formally change the businesses’ registered address or the names of key individuals affiliated with the business
Preventing business identity theft
Business identity theft prevention measures include:
- Monitoring your organization’s credit profile
- Securing both paper and electronic documents
- Establishing data security policies
- Leveraging a Zero Trust model to limit access to sensitive information
- Shredding business records ahead of placing them in waste bins
- Encouraging privacy screens for phones, laptops and personal devices when employees are traveling
- Omitting sensitive business information from public filings
- Investing in business insurance coverage that applies to potential business identity theft loss
If your business becomes a victim…
Should your business become a business identity theft victim, act fast in order to limit liability and corresponding fallout.
As a first step, tell your bank, credit card issuers and other creditors that you may be a victim of business identity theft and inquire as to whether they have received any recent or unusual charges or orders from someone using your businesses’ name.
If thieves fraudulently opened or accessed your accounts, request copies of documents or emails issued by the thieves. If the criminals manipulated business information that was on-file with a government agency, obtain certified copies of fraudulent filings.
Report the problem. Notify law enforcement agencies as needed. Lastly, discuss legal actions with your insurer and your legal counsel.
For more strategic insights into cyber security and fraud prevention, we encourage you to explore these expert-led podcasts. To receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.