Hacker holding a torch and typing on laptop showing the effects of corporate identity theft on businesses
What Is Corporate Identity Theft? The Effects on Businesses Explained. by Peter Buttler, Cybersecurity Journalist and Tech Reporter at Privacyend

What Is Corporate Identity Theft? The Effects on Businesses Explained.

Personal identity theft is still quite a mess and can still take down innocent people blatantly. Business identity theft has risen in popularity, and holds the power to bring everything crashing down for a successful business.

Thieves make it possible by stealing the federal tax ID of businesses, employer identification number (EIN) and other important information to open lines of credit, file illegal tax returns.

Grab a drink, get cozy because it’s going to be a long ride. Hope you learn something new.

Defining corporate identity theft

Its definition is fairly simple, it involves the impersonation of a business. It can occur through theft of business identification documents and credentials. The main objective is to obtain more money illegally than the previous day.

Before I continue any further, I’d like to state that, addressing the topic as Corporate Identity Theft is misleading. It only enables you to see in a one-way direction and that is, corporations are the only business entities that are vulnerable to such risks. While the definition for both business identity theft and corporate identity theft are the same. The name can make a difference.

Reason: Corporations aren’t the only business entities that are victimized by thieves. Any type of organization whether small or large. Any entity with a Business Federal Tax ID, EIN, is at risk. Legal entities other than corporations include LLCs, sole-proprietorship, and many more. Schools, hospitals, for-profit, non-profit, you name them. Every single operating body comes under the category of business and hence the name, Business Identity Theft.

What really is Business Identity Theft?

Business Identity Theft refers to the process in which the guy with malicious intent, endorses his schemes under the name of a reputable organization. The perpetrator impersonates a business to use the resources of it, to fulfill his illegal goals. For example: Getting loans under the company name, maxing out the credit limits.

People tend to confuse business identity theft with security breaches and other cybercrimes. So here are some important points to keep in mind while learning about business identity theft.

Business identity theft is not an information security breach. Which refers to the loss of sensitive information which can belong to either a business or an individual.

Before you continue reading, how about a follow on LinkedIn?

Business identity theft is not employee theft. Which means a current or an ex-employee is plotting against the business, selling secrets.

Potential reasons that motivate perpetrators

The most obvious reason is money. If they target an individual like one of us, it’s obvious that the fraud money that the perpetrator will obtain will be far less than it would be if he were to target a business.

1.        Purchasing goods

Businesses are known to order products in bulk. This gives organizations dealing with such businesses reason to create a friendly relationship. Bulk purchases give businesses a flexible payment plan, they have to pay within a specified period (10 to 30 days). This gives the business identity thief a large enough time window to purchase goods under an organizations’ name and get away with it without the risk of early detection.

2.       Larger purchases can be made with less suspicion

We know that automated fraud screening systems were developed to find unusual spending patterns, purchases and even checking purchasing locations is not difficult as well. These systems can be easily worked around and if the purchases are under a company name, the suspicion is mitigated.

3.       Information easily available on the internet

Business identity thieves do not have to steal that much information that you’d think. Sometimes that information is available online for free. Some states require businesses to post documents that contain information that can uniquely identify businesses such as, sales tax number, business license number, etc.

You can read about other motivations of perpetrators by visiting this knowledge base specifically designed for business identity theft.

The major consequences of business identity theft

Building a business from the ground up is harsh. Sleepless nights and many other hardships are faced to get it recognized. Once success happens, you’ve already made rivals and enemies which means there’s a lot that you can lose.

Apart from the obvious consequence of income loss. Business identity theft can also cause the following:

  1. Late payments: If your business loses a lot of income, it can increase difficulties in paying employees and vendors that you had a contract with. As a result, you might have to let go of loyal employees or maybe cut some operating expenses.
  2. State and federal tax disputes: If your business identity is used to file a fraudulent tax return, you can expect a lot of backlash from the IRS. Business-tax IDs, profit margins and revenues are more easily accessible which is why they target businesses.
  3. Business reputation: If you keep good relationships with everyone, you’ll go far. We’ve all heard of that line at certain points of our lives. Similarly, in business relationships are everything. Reputation and respect are both hard-earned, it can negatively impact the cash flow of your organization.
  4. Personal liability: As a small business owner, any criminal breach to security can also put you at risk. Which is why it is important to be extra cautious while disclosing personal information. Small business owners are a prime target for identity thieves, as they’re the ones with less cybersecurity budget.

Business identity theft schemes

This section of the piece will help you arm yourselves with the knowledge required to not become the next victim of business identity thieves. If it was just mere one technique that was being used, there would be no risk.

1.      Fraudulent state business registrations and filings

The duties and authority of the office of the Secretary of State are predefined and established under the individual laws of each state there is. In most states, one of these duties includes business management which boils down to, business registration, formation and filing processes for entities operating within the States.

If your business does not review the business filing documents regularly, file your annual reports in a timely manner and not enroll in preventative measures that are provided by your state, you might end up attracting business id thieves.

Tactic: Illegal change of your business registration information – For about the cost of $10 to $20, which is the processing and filing fee in most states. Thieves may try to change your business address, or file changes to your business’ officers, directors or registered agent.

The danger: By essentially changing your business’ officers or directors in your business, the thieves are putting themselves further ahead and on top of the operation chain. For example: By making an accomplice or themselves in charge they can initiate the illegal sale of business assets, conduct transactions or even make purchases under your business name.

Tactic: Illegal reinstatement of a dissolved, closed or ‘dead’ business – A dissolved business entity is one that has had a unanimous decision to shut down company operations or has filed articles of dissolution with the Secretary of State or it has completely dissolved because it has failed to comply with the responsibilities it had under state law.

The danger: Criminals know that once an organization is dissolved, the previous owners won’t be monitoring the registration records which the criminals take advantage of. Since these records are available as a public record. Criminals can reinstate it by paying the filing fee and other fees within the reinstatement period. They may choose to not change the owner field can initiate a racket under the previous owners’ name.

2.      Address mirroring scheme

Dedicated criminals will go to huge lengths to make their scam successful. Another one of those methods is “address mirroring”. Business identity thieves closely mirror the physical address of the unsuspecting targeted business. The reason? To obtain credits, loans, cash advances, goods and services under the business name.

Criminals use address mirroring to take advantage of a weak or ineffective transaction and application review processes; and to exploit the weaknesses in address-based verification, authentication and fraud detection systems. These systems skip over the second address lines if the first one matches the information stored in the record.

How does the scam work?

Step 1: Identification of a suitable location and target company. The scam is often orchestrated and run in a multi-floor office building or large business complex with many business tenants. The more the tenants the merrier it is because it will strike up less suspicion.

Step 2: Next step is to obtain intel or information. Information is required about the company’s finances, credit, suppliers, owners and officers, and general business activities. The goal behind this step is to reduce the chances of raising suspicion while maximizing their illegal gains.

Step 3: Third step is leasing space in the same building as the target company. Same building, different floors. The perpetrators are known to keep a low profile but not low enough to destroy their own cover. They’ll be seen moving furniture to prevent raising suspicion.

Step 4: Step four is when the planning finishes and the actual work starts. After the fake office is set up, the team of criminals starts to apply for credit card loans and lines of credit maxing out at every end. They also begin ordering goods and services from companies that accept purchase orders, offers invoicing or payment terms. All of this is done under the name of the targeted company.

Payment term of 10 to 30 days gives business identity thief a time window to purchase goods and get away without risk of early detection. #fraud #respectdata Click to Tweet

Step 5: As soon as the thieves have racked up tens of thousands of dollars in purchases, their next step is to run away. Leaving everything behind, destroying any evidence that might connect them with the crime. Once that is done, all there’s left is to restart the whole journey and look for another victim to carry this on.

 


Follow CPO Magazine