Identity theft is not a joke, Jim, and it happens to businesses too, not just private individuals. We all know the panic that kicks in when we lose our credit card, or can’t find our passport.
We’ve all received links about packages being tracked and phones that have been found that seem safe to click on.
But before you know it, you’ve shared much more information than you wanted and someone is either blackmailing you with the threat of identity theft—or simply goes ahead and does it.
Now, amplify this feeling. Let’s say not just one person has access to your valuable data, but maybe ten. Or even a hundred. That’s the risk small and big businesses face every day. They have an identity too, with credit cards, bank accounts, and a reputation to uphold.
Why Does Identity Theft Happen To Businesses Too?
There are three reasons identity theft are more and more often targeting businesses rather than individuals:
1. It’s Often More Lucrative
As you might be able to imagine, scamming a business seems much more lucrative than scamming a stranger who thought the password 123321 was revolutionary.
The Identity Theft Resource Center® (ITRC) stated in early 2021 that cybercriminals are showing less interest in stealing personal information directly from consumers. Instead, they can go to businesses and have access to much more data all at once.
2. It’s Easier To Stay Under The Radar
Businesses operate on a larger scale. They usually have high credit limits, and large payments are nothing out of the ordinary, meaning suspicious transactions just blend in.
3. It’s Relatively Easy To Do
Some businesses don’t have a physical office, and even if they do, most information is stored in the cloud. They don’t have to come to your office and plug a USB in one of your computers when you’re not looking—they can try to access your data from anywhere.
Even if they’re not trying to access your data, they can easily pretend to be you. There’s plenty of information online on businesses nowadays, enough to ‘’clone’’ a business or website, and making customers believe they’re dealing with the real thing.
4. There’s A Higher Risk Of Human Error
Furthermore, businesses rely on the discretion of their employees. Especially when they’re working remotely, this can be hard to control. What if they leave their laptop unattended?
What if the free Wi-Fi that they accessed in that café was set up by someone who’s up to no good? It’s crucial to educate employees on the dangers and risks, but it isn’t standard practice—yet.
Which Businesses Are Often Targeted For Identity Fraud?
On top of that, a lot of—often small—businesses, haven’t taken the right security measures. Often that comes from a mindset of ‘’why would they be interested in us’’, or they simply aren’t aware of the risks.
It’s also believed that proper security is expensive and difficult. Nearly 77% of businesses claim they didn’t have enough or the right personnel to properly secure their records and systems. Around 55% of businesses say they lack the budget to invest in better protection.
While it definitely is an investment, it’s one worth making: often the costs of being the victim of fraud are far higher than any security program.
But even big companies get targeted, those who’d you’d expect to have their security figured out. They are also often used to take advantage of consumers. For instance, you could receive a text from DHL or USPS—with a track and trace link. Those are big, common names, so you’re more likely to click it. But turns out, that was a scam. Ouch.
Whether you’re a new business owner or have been in the game for a while, it’s good to be aware of the tactics that scammers use to benefit from your business identity. Here are the most common and important scams to look out for, according to the National Cybersecurity Society.
1. Financial Fraud
Be on the lookout for scammers who try to get new lines of credit, complete loans, or apply for credit cards under your business’s name.
With just a few lines of information on your business, that can be often found online or on your invoices, they can apply for all kinds of financial products. It could take a while before you find out about it, but by then the damage can already be done and debt is built up. In some cases, it’s up to you then to prove it wasn’t you.
2. Tax Fraud
Scammers are now filing fraudulent returns using tax subsidies or obtaining refunds from federal and state governments. Why all the effort? Because in this case, they could definitely get a larger refund than from individual tax returns.
3. Website Defacement
Cybercriminals, or just criminals, nowadays, also try to steal a business’s identity by hacking into their website. From the inside, they can redirect website traffic to their own pages. Those might look the same to users but are collecting data, payments, or installing malware.
Once users submit their information, the code collects and transfers the data to another server, which is controlled by the attacker. It’s nearly impossible for the consumer to notice. This happens a lot more often than you’d think: on average, 4,800 websites are compromised with formjacking code each month.
It also happens to big names. One common victim is Airbnb. People have repeatedly created websites and email addresses that look like they’re from Airbnb, but upon closer inspection, you can see they aren’t.
The result? People ‘‘book’’ holidays through ‘‘Airbnb’’, give their personal and payment information, and end up with nothing—except for a fear of booking through Airbnb again.
Another way of using a business’s website to commit identity fraud is by harming their reputation. One could change the content of a website or social media account. While it can be explained by the company that this was not them, they do also have to explain how it was ‘‘so easy’’ to hack into their accounts, meaning reputation damage still happens.
4. Trademark Ransom
You’ve probably heard of the type of hacks where hackers take a whole server hostage, so a company can’t access its files or get any work done. That’s not identity fraud. Trademark ransom is, though, and it is a sneaky way of identity theft.
It happens a lot to new businesses or small businesses who never thought of it. They forget to trademark their business name. Rookie mistake, but it could be an expensive one.
If criminals know you haven’t trademarked and protected your name yet, they’ll go ahead and trademark it for you. Not only can they then claim that you are using their trademark illegally, but they can also demand you to pay for them to transfer the trademark to you.
5. Posing As A Business To Fool Customers Or Employees
Business identity theft can target many victims and can be done in many ways. Another form of fraud that the NCSS warns of, is business email compromise, or BEC. This is a type of phishing in which criminals use compromised email accounts from people within the company.
They then email employees to ask for specific things, like wire transfers of bank account information. By knowing who’s responsible for what in the organization—thanks, LinkedIn—it’s worth a shot to try to mimic this. Especially with fully remote organizations, where employees never see each other, it can be tempting to try and fool them.
That’s certainly not the only way scammers try to benefit from the goodness of employees. Another well-known scam is payday loan identity theft. Both payday loan companies and individuals are the victims here. The companies never see the loaned money back, and consumers have crimes committed in their name.
Often, however, it is much more simple than that. Criminals create email addresses or call consumers, pretending to be employees from your company. They call about outstanding invoices, or extending memberships—and sometimes they get what they want. Again, this could always harm your reputation, even though you’re technically not at fault here.
So, How Do You Protect Your Business From Identity Theft?
You can’t fight the criminals directly. But you can make it increasingly difficult for them to commit fraud using your business’s name.
Start with your own security network. Who has access to your data, and who could easily get access? Try to make that as difficult as possible.
Another way for scammers is through the way you communicate with your customers. Make it incredibly clear to your customers how they will be contacted, For instance, if you would ever call them about invoices, state this on every invoice, or when they sign up, or in your email signatures. Those small reminders show you are taking this seriously, and in every case of fraud you can prevent counts.
Up next is training your employees: what should they look out for? What types of emails should they immediately report, and what types of requests would they never get via email?
Don’t assume that phishing links or scam messages are only something the ‘older’ generations still fall for, Those messages are looking more real day by day, and anyone could fall for it if they hadn’t had their morning coffee yet.