Beware of Business Identity Theft

The most sophisticated identity thieves are now pursuing even bigger payoffs by targeting businesses. Because businesses have higher credit limits and make larger purchases than consumers, charges by scammers are less likely to be noticed by owners, accountants and creditors.


ID theft aimed at stealing directly from a business isn’t the only type of commercial identity theft. Another form of business identity theft happens when a scammer poses as the company in order to rip off unsuspecting consumers. Following are examples of common business identity theft schemes identified by BBB.

Defrauding the Business
A crafty ID thief can do a lot of damage with a company’s Employer Identification Number, including gaining access to bank and credit card accounts or opening up new lines of credit under the business’s name. Business identity theft can also be perpetrated by scammers—and sometimes even employees—who purchase items in the company’s name either for personal use or to resell.

Phishing E-mails
Phishing e-mails are a common example of business ID theft, and all are designed to defraud consumers. Phishing e-mails are spam disguised as messages from a business or government agency, and are used to coerce sensitive financial information from the recipient or to install malware and viruses on recipients’ computers.

Defrauding Consumers
In many cases, criminals will hijack a company’s name and reputation to commit consumer fraud, such as advance fee loan or lottery scams. Scammers use and leverage the company’s identity and good reputation to create a trustworthy façade behind which they operate their scam. In BBB’s experience, business owners are usually alerted to the identity theft by angry consumers who were ripped off by the scammers.

Following are steps BBB recommends small business owners take to mitigate harm if their business identity has been stolen.

Alert the Authorities
Business owners need to immediately contact their local police department if they believe the company’s identity has been compromised. In some cases where bank or credit accounts have been compromised, law enforcement investigators may want the accounts to remain open in order to track down the thieves. If scammers are using the company’s name on phishing e-mails or with phony Web sites, business owners can also contact the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Alert Bank and Credit Card Companies
If scammers are accessing the business’s credit or bank accounts, forging company checks or opening up new lines of credit, it’s important for a small business owner to notify financial institutions involved in order to limit any further unauthorized transactions. Before closing any accounts, the business owners will want to receive the go-ahead from law enforcement so as not to jeopardize ongoing investigations.

Alert the Public
If the company’s identity has been stolen and is being used to rip off customers, warning the public is a top priority to prevent additional people from becoming victims. An easy first step is to prominently post a warning on the company’s home page briefly explaining the threat. Depending on the scope of the scam, business owners might also want to consider alerting media or making direct contact with customers via phone or e-mail. Businesses can also contact their BBB  for help in getting information out to consumers quickly.

Review Credit Report
If the business is a sole proprietorship, then the same consumer protections apply as if an individual’s ID were stolen—such as access to free credit reports and the ability to place a fraud alert on the report. Unfortunately for most businesses, monitoring their credit history is not that easy. Business credit reports exist; however, they don’t typically include the information necessary for detecting fraud. Small and medium-size enterprises can, however, increase internal controls and monitoring of accounts in order to better track abuses.