SOFTWAREONE HOLDING AG - 03 January 2022
- Bala Sethunathan
- 6.1 minutes to read
The Internal Revenue Service (IRS) reported an increase of 2.75% in fraudulent business tax returns, indicating a disturbing trend in business identity theft. Unfortunately, small to medium businesses - compared to larger corporations - tend to be primary targets in identity theft due to their lack of security and fraud protection. Keep reading as we cover the ins and outs of business identity theft and discuss the steps you can take to protect your business.
Business identity theft is a type of identity theft in which someone or some entity creates or attempts to use a business's identifying information without authority and with the intent to defraud or hurt the business in some way. The National Cyber Security Society (NCSS) has identified the following four primary types of business identity theft:
- Financial Fraud : This includes using a business's identity to obtain lines of credit, loans, or credit cards, or otherwise creating fraudulent Uniform Commercial Code (UCC) filings.
- Tax Fraud: This includes actions such as filing fraudulent tax returns with the intent to gain access to subsidies or refunds owed to the business.
- Website Defacement: This occurs when the thief manipulates a business's website or identity on the internet.
- Trademark Ransom: Thieves sometimes will register a business's name as an official trademark and then demand a ransom in order to release it.
Business identity theft can lead to a variety of negative outcomes, and it's become a growing problem as technology evolves and more business information is accessible online. These issues include problems with vendor payments, negative credit reports, state and federal tax disputes, and damage to a business's overall reputation.
Common schemes used by criminals to steal a company's identity include, but are not limited to, the following:
Sending a fake invoice for goods or services that you never ordered, or a duplicate of an invoice that you already paid:
These invoices may come in paper format, over email, or in the form of a phone call and can be used to both get a payment from your business or obtain your company's billing information.
Establishing temporary office locations or accounts under your company's name:
This makes it possible to redirect your company's traffic or vendors to their temporary location and allows them to redirect your mail, file for tax returns, and more under your name.
Posing as a credit card processing company:
Since so many small businesses rely on credit card processing services, criminals are able to pose as these companies in order to obtain a business's financial information, later exploiting it for their own purposes.
Going through your company's trash:
If you don't shred documents with vital information on them, thieves can gain access to enough information to pose as your company just by going through your garbage.
Asking for membership or service fees:
In this type of scheme, the thief poses as an official organization requesting that you pay a service fee or renew a license. If you comply, they then have access to your organization's financials.
Filing fake documents with the Secretary of State:
This may include change of address forms, change of name, and more, and gives the thief a stronger foothold to pose as your business.
One primary tactic to be on the lookout for are phishing emails and phone calls. Any email or call that appears to have come from an official source, but which is asking for financial information or other identifying information related to your business should be handled with skepticism.
Many signs indicate your business may have had its identity stolen. Some key red flags are the following:
- You are unable to e-file your business tax return because one was already filed under the same Employer Identification Number (EIN).
- You receive a tax document, credit card bill, or other notice that is inconsistent with anything you're expecting.
- The Internal Revenue Service (IRS) sends you a Letter 6042C or 5263C. The IRS may send one of these documents to verify your business information if something doesn't add up on their end.
- You fail to receive expected correspondence from the IRS, a vendor, or a creditor. If this happens, it might mean your business address has been changed without your knowledge and the documents are being sent elsewhere.
- Your business credit score changes without any obvious reason.
- Your business is unexpectedly denied credit.
If any of these signs occur, you should investigate further. A good place to start is by getting a copy of your business credit report and performing a thorough review of all business accounts to look for unauthorized activity.
If you find evidence that someone is using your business's identity for nefarious purposes, the next step is to take action. Immediately notify your bank and any creditors of what has occurred. They can help track down unauthorized transactions and also put a stop to any future ones. You should also report the issue to all of the business credit reporting agencies, including Dun & Bradstreet, Equifax, Experian, and TransUnion.
Next, collect any documents that show fraudulent activity, including tax returns, bank statements, and emails, and notify local law enforcement officials. If the thieves made any changes with the Secretary of State or the IRS, you should immediately contact both to correct the issue. The IRS has procedures outlined on their website that inform business owners exactly what to do if this has happened to them.
It's always best to take protective steps before theft can occur. The following 4 steps provide an outline to help you get started:
- Shred Documents and/or Go Paperless: Shredding destroys all sensitive information before documents are recycled or make their way to the trash. Going paperless also prevents thieves who might steal incoming or outgoing mail as well.
- Protect Your Data and Network: Make use of robust security measures such as firewalls and anti-virus software to make sure would-be thieves can't hack into your corporate network to steal critical business information they might use to impersonate you. Services such as SoftwareONE's Managed Detection & Response can help secure your business against a wide variety of cyber threats.
- Educate Your Employees: The easiest way for many criminals to get access to your business's information is through phishing scams. These scams rely on human error, so training employees to identify them is critical. Consider programs such as SoftwareONE's Cybersecurity User Awareness to help close your workforce's security knowledge gap.
- Monitor Your Credit: Continuously monitoring your business's credit will mean you are alerted right away if anything unusual happens.
It's also important to make sure your company regularly backs up all data in a way that keeps it safe and secure. SoftwareONE's BackupSimple covers the main pillars of modern data protection, protecting your hybrid cloud workloads, SaaS apps, and endpoints alike.
As you move forward, stay vigilant. Ensure your data is protected, stay aware of the latest scams, and continue to train your employees. With the proper strategies and support in place, you'll never fall victim to identity theft.
- Managed Security, Cyber Threat Bulletin, Cybersecurity, Digital Transformation
- Cyber Awareness, Cyber Threats
Leave a comment to let us know what you think about this topic!
Leave a commentBala Sethunathan
Director, Security Practice & CISO
Cybersecurity
- 17 December 2021
- Bala Sethunathan
- Cybersecurity, Future Workplace
- BackupSimple, Zero Trust, Authentication
Why You Need Zero Trust Security in a Hybrid Workplace
The pandemic has changed the way we work - and that includes how organizations secure their data. Learn more about why remote work calls for zero trust.
- Share on LinkedIn
- Share on Facebook
- Share on Xing
- Share on Twitter
- 16 December 2021
- Blog Editorial Team
- Digital Transformation
2021 in review - Priorities for the year ahead
As we bid farewell to SoftwareONE UK leader Zak Virdi, we look back on the highlights of 2021 and review the key priorities for customers in 2022.
- Share on LinkedIn
- Share on Facebook
- Share on Xing
- Share on Twitter
- 15 December 2021
- Bala Sethunathan
- Cybersecurity, cloud-security, Cybersecurity User Awareness, Cyber Threat Bulletin
- Shadow IT, DevOps
Cyber Security Update November 2021
Do you know the latest threats? As more companies embrace the cloud and PaaS, Shadow IT 2.0 is on the rise. Get informed and proactive today!
- Share on LinkedIn
- Share on Facebook
- Share on Xing
- Share on Twitter
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
SoftwareONE Holding AG published this content on 17 December 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 10 January 2022 09:17:01 UTC.
