Cybercriminals

Is someone out there pretending to represent your business to make money? Don’t laugh. It happens. Business identity theft is a growing concern for many companies across the US. According to a recent study by Dun & Bradstreet, business identity theft, also called commercial or corporate identity theft, was up 46 percent in 2017.

The CEO, Mary Ellen Seale, of The National Cybersecurity Society (NCSS) said, “Small business identity theft – stealing a business’s identity to commit fraud, is big business for identity thieves.” However, too few businesses, especially smaller businesses, are aware of the issue. In 2018, the NCSS published “Business Identity Theft in the US” to help publicize the problem, and to provide guidance on how companies can help protect themselves.

Which Types of Businesses Are Targeted by Business Identity Theft?

Corporate identity theft is not just a problem for large corporations or companies operating in a particular industry. It is a crime which can affect any-sized business from tiny Mom and Pop shops on Main St. USA to multinational companies who are involved in any commerce:

  • Small companies are usually the initial victims of identity theft since these companies tend to have more lax security in place and are less likely to realize their information is at risk. However, that doesn’t mean that larger companies are immune from having a criminal steal their identity. Plenty of larger businesses have their identities stolen each year.
  • Corporate identity thieves use the name and legitimate business information of customers of large vendors’ customers to trick them into fulfilling orders. Busy vendors who fail to put into place procedures to verify whether an order is genuine can end up losing millions of dollars a year to these scams.
  • Criminals masquerading as a legitimate business deceive financial institutions to open credit card accounts, establish lines of credit, send or receive wire transfers, and secure loans.
  • The list of victims of corporate identity theft even extends to the US government when criminals use stolen company credentials to claim tax refundable tax credits or to exploit other government benefits for corporations.

How Do Thieves Steal a Corporation’s Identity?

Criminals who steal the identities of businesses have a wide range of methods ranging from very simplistic to highly sophisticated. Many lower level identity thieves focus on email phishing scams which target employees of the company in an attempt to gain confidential information such as database passwords or HR records. Other simple scams use spoofed email accounts of company executives to trick vendors and clients of a company into believing they are communicating with someone from the company. Slightly more advanced scams can include setting up an unsecured WiFi network in near a company in hopes that employees will use it to conduct business and then stealing the data.

More sophisticated scams can include dozens of people, building fake websites, using shelf companies, social engineering and even renting office space at the same location as the targeted company. The goal of these higher level scams is typically to create a plausible “Proof of Right” which the thieves can then use to secure fraudulent loans, masquerade as the company in a business deal, or even sell company assets.

How Can You Protect Your Company From Identity Theft?

While there is no way to protect your company completely from identity theft, you can make it harder for cybercriminals by maintaining proper data protection procedures.

  • Train your staff. Teach your staff how to recognize phishing scams and how to verify when an email is from a legitimate source. Establish procedures on how to handle data correctly, and have a data loss prevention plan in place including a ‘clean desk’ policy.
  • Secure your network. Add additional security to your networks and ensure that everyone is using secured servers. Avoid using a ‘master account’ which allows access to your entire network to limit data breaches. Require two-factor authentication.
  • Monitor your financial information. Check your company’s credit report regularly to ensure that there aren’t any unexpected changes such as credit applications or new accounts.
  • Consider hiring a company to help prevent corporate identity theft. An outside security company is one of the best ways to protect your corporate identity from scammers.