FightCybercrime.org

Recognize, report and recover from cybercrime.

Business Identity Theft

Learn about the different types of business identity theft and how to protect your company from fraud.

Get Started Report Cybercrime
Home » Scams » Business Scams » Business Identity Theft

The Basics of Business Identity Theft

Business identity theft is a type of fraud that involves using someone else’s business information for personal gain. This can include opening new accounts in the business’s name or using the business’s credit line to make purchases.

Identity theft is a serious problem for businesses of all sizes, as it can lead to financial loss and damage to the business’s reputation. If you suspect that your business has been a victim of identity theft, it’s important to act quickly to minimize the damage.

Common Types of Business Identity Theft

There are a few different ways that criminals can steal your business’s identity, and it’s important to be aware of all of them. Here are some of the most common types of business identity theft:

  • Application fraud: A scammer uses your business information to apply for credit in your name. They may use your business address and EIN, as well as other information, to fill out the application. This can damage your business’s credit score and make it difficult for you to get loans or lines of credit in the future.
  • Tax identity theft: Someone uses your business information to file a false tax return in your name. They may use your EIN to file the return and claim a refund that they are not entitled to. This can cause problems with the IRS and result in fines or penalties for your business.
  • Bank fraud: A fraudster uses your business information to open a bank account in your name. They may use your EIN and business address to open the account and then use it to commit fraud. This can damage your business’s reputation and make it difficult to get future loans or lines of credit.
Common Tactics Used in Business Identity Theft

Here are some of the most common tactics used in business identity theft:

  • Phishing scams: Scammers will send an email or other communication to a business, posing as a legitimate company or organization. The communication will often request personal or financial information, or ask the recipient to click on a link that leads to a malicious website.
  • Hacking into business systems: Thieves gain access to a business’s computer systems, usually by exploiting security vulnerabilities. Once inside, the thief can access sensitive data such as customer records or financial information.
  • Stealing business documents: A thief will physically steal important business documents, such as invoices, checks or tax returns. The thief can then use this information to commit fraud or apply for credit in the business’s name.
  • Dumpster diving: Thieves rummage through a business’s trash, looking for documents or other information that can be used to commit identity theft.
  • Impersonating a business owner or employee: A thief will pose as the owner or an employee of a business, in order to gain access to sensitive information or commit fraud.

Step 1:Recognize

Red Flags of Business Identity Theft

Business identity theft is a serious problem that can have far-reaching consequences for businesses of all sizes. Although it can be difficult to detect, there are some warning signs that businesses should be aware of:

  • Unexpected changes or discrepancies in financial records
  • Unexplained increases in fees or charges from financial institutions
  • Unexpected or unexplained changes in credit scores or reports
  • Sudden decrease in available credit
  • Strange or unexpected calls or correspondence from creditors, debt collectors or government agencies

If you think your business has experienced identity theft, click the report tab to learn about reporting the incident, then head over to the recover tab and follow the immediate action steps.

Step 2:Immediate Actions

Business identity theft is a serious crime that can have devastating consequences for your business. If you suspect that your business has been the victim of identity theft, there are steps you can take to help mitigate the damage and protect your business going forward.

  • Contact the credit reporting agencies. If you suspect that your business’ information has been used to open fraudulent accounts or lines of credit, you’ll need to contact the three major business credit reporting agencies — Dun & Bradstreet, Equifax and Experian. You can do this by phone or online.
  • Place a fraud alert on your business’ credit file. When you place a fraud alert with the credit reporting agencies it means that businesses will have to take extra steps to verify your identity before extending credit. This can help prevent someone from using your information to open new accounts in your business’s name.
  • Close any fraudulent accounts. If you find that there are accounts or lines of credit that have been opened in your business’ name without your knowledge or permission, you’ll need to contact the financial institution and have the account closed.
  • File a police report. Business identity theft is a crime, so you’ll need to file a police report in order to help with the investigation and to protect your business going forward.
  • Keep detailed records. Keep detailed records of everything related to the identity theft, including any correspondence with financial institutions or credit reporting agencies. This will be helpful if you need to take legal action against the person who stole your business’s information.
  • Review your accounts and credit report regularly. Identity theft can have long-lasting consequences for your business, so it’s important to review your accounts and credit report regularly. This will help you catch any suspicious activity early on and take steps to mitigate the damage.

Step 3:Report

Reporting any type of cybercrime, including identity theft, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Report to FBI

Step 4:Recover

How to Protect Your Business from Identity Theft

There are a few key things you can do to protect your business from identity theft and other cyber threats. Here are some tips:

  • Keep your business information safe and secure. This includes things like your business name, address, contact information and tax ID number. Be careful about who you share this information with and make sure it is stored securely. If you dispose of any documents with this information on them, shred them first.
  • Monitor your business accounts closely. Regularly review your financial statements and look for any suspicious activity. If you see something that doesn’t seem right, contact your bank or credit card company immediately.
  • Protect your online information. Make sure your website and all online accounts are protected with strong passwords and authentication measures. Be cautious about phishing scams and other attempts to gain access to your sensitive information.
  • Keep all software up to date. Hackers often exploit vulnerabilities in old software versions to gain access to systems. By keeping software up to date, organizations can close these security holes.
  • Back up your data regularly. Store your backups offline, so they can’t be encrypted by ransomware.
  • Don’t open email attachments from unknown senders. Don’t click on links in email messages from unknown senders.
  • Don’t download software from untrustworthy websites. Only download software from websites you trust.
  • Use a security suite that includes anti-malware protection. A security suite can protect your computer from ransomware and other malware.
  • Educate your employees about cyber threats. Search for free cybersecurity training videos on YouTube.
  • If you have the budget, consider investing in cybersecurity training for your employees to educate them about threats, and what they can do to help protect themselves and the business from cyber attacks.
  • Instruct your employees to report anything suspicious to you or their supervisor.
  • Have a plan in place for what to do in the event of identity theft, so you can quickly contain the damage and minimize the impact on your business.

Take 5 Steps for Better Online Security

It’s important to strengthen your business’ online security to help avoid all cyber attacks. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Use a Password Manager or Create Strong Passphrases: A password manager is a software tool that securely stores all of your login credentials in one place, allowing you to create and manage strong, unique passwords for all of your accounts. If you are unable to afford a password manager, use strong passphrases. A passphrase is a combination of random words or a sentence that is much longer and more complex than a typical password. Using a passphrase instead of a password makes it much harder for hackers to guess or brute-force their way into your accounts.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Latest News

The latest and greatest from our blog.

> Business Identity Theft: 5 Warning Signs That Every Business Owner Should Know

Business Identity Theft: 5 Warning Signs That Every Business Owner Should Know

If you're a business owner, it's important to be aware of business identity theft. Learn five warning signs to watch out for.

Read Full Article

Branding