Corporate identity theft is becoming more common, with small and medium-sized enterprises (SMBs) being targeted due to greater lines of credit. Mechanisms for theft vary by country, including submitting authentic documents to make substantial changes to an organization or creating a fake website. Prevention measures include instituting a company policy, updating security systems, and regularly reviewing business credit reports.
While many associate the term identity theft with stealing a person’s identity, corporate identity theft, in which the identity of a company or business – even small and medium-sized enterprises (SMBs) – is stolen – is increasingly becoming more common. In some cases, the theft is so stealthy that executives don’t learn about the problem until much damage has been done. SMEs may be more attractive than people to identify thieves due to greater lines of credit and fewer qualms about how it is used.
The exact mechanisms of corporate identity theft may vary by country, depending on the laws and mechanisms for changing information. For example, in the UK, upon submitting documents that appear authentic to a business registration service, an identity thief could make substantial changes to an organization. This is the mechanism to appoint new administrators, change the administrator or change the registered address. With these types of changes, the current directors will not be notified and, in effect, the new directors will have taken over the company.
Another approach is to create a fake website that appears to match a corporate identity (called spoofing). Through this website, people are hired for jobs with a title such as “Account Coordinator” and set up with facilities to collect payments from “customers”. The real job is to be a money mule for scammers.
Information that enables corporate identity theft can be acquired by fraudsters in a variety of ways. The loss of any computer, laptop, netbook or mobile device with company data is a potential invitation to corporate identity theft. Working in public without a privacy screen is another problem. Displaying a business license on your wall may be the law, but when it includes your business license number and tax ID, if those items are legible or someone can take a photograph and enlarge them, the information on it can be stolen. Considering this when placing your license is a good plan.
Steps to prevent corporate identity theft include the following tips. First, institute a company policy regarding sensitive information and how it is handled. Secondly, make sure that security systems are up to date, that computer networks have firewalls, and that all anti-spyware and anti-virus and anti-spam software are involved. Make reviewing your business credit report a regular part of your expense review. Invest in a good paper shredder and shred all business documents before disposing of them. Also, anyone using a Social Security number as an EIN (employer ID number), should substitute it to reduce the risk.
Protect your devices with Threat Protection by NordVPN
