Identity thieves have branched out. They’re not just after individuals anymore—businesses are the new target for hackers and fraudsters.

With their deep credit lines, multiple users, and many financial transactions, businesses make it easier for thieves to operate, since their erroneous charges typically go unnoticed for a longer time in the busy business setting. These crimes can happen right under a business owner’s nose before there is even a whiff of the theft.

Take a Sacramento law firm that was fraudulently charged $70,000 after a group of thieves impersonated the company, moved in to the same building, and ordered computers, furniture, and other goods on the firm’s company credit card. The fraudsters moved out of the building before the charges were ever discovered.

This growing threat puts many small-business owners at risk, especially if the business credit line is tied to the owner’s personal credit. Thieves that gain access to a small business may compromise the owner’s personal accounts as well, which can be devastating.

A National Cybercrime Security Alliance study found that one in five small businesses fall victim to cybercrime each year, with 60% of those victims going out of business within six months.

There are two main ways that thieves steal businesses identities: impersonation and hijacking.



In this type of fraud, a thief impersonates the business to steal from the business itself or its customers. In both scenarios, fraudsters use phishing emails to gain personal information. As you may already know, phishing emails are fake emails created by fraudsters to either trick you into sharing personal information or install malware onto your computer.

When thieves are targeting a business, they send an email to someone within the company, perhaps the CFO, and pretend to be another person in the company. The fraudster may send a receipt that needs to be paid, but will attach a virus to the email. Once the email is opened, the virus automatically downloads and the fraudster can hack into the company system.

When attempting to defraud the customers of a business, thieves impersonate an email address from the company and send a phishing email to customers attempting to obtain their information.  



The second kind of business identity theft is company hijacking. In these cases, a scammer uses the company’s identity as a means to steal. Thieves change the registered contacts of a company, along with other details, such as address and phone number. They then purchase goods and services with the company account.

Some thieves may even use the company’s identity to produce pirated products to sell for profit. Thieves are able to pull this scheme off by obtaining the business’s tax identification number (which can easily be found), copying quality logos found on the company’s website, or even duplicating business stationery. Sometimes they even produce a fake website identical to the real one, but they change the “.com” to another top-level domain, such as “.net.”  


The dangers

Clearly, identity theft can be detrimental to your clients’ business. A business can lose larges sums of money and even go bankrupt due to hackers. If a client’s personal account is connected to his business account, he can lose that money as well. Lastly, your client’s reputation with consumers and customers can be damaged, and he may be viewed as unreliable and dangerous to do business with.  


How to keep a business safe

But there are ways your small-business owner clients can protect their business from fraud. Educate your clients to:

  1. Protect their business from fraud in the same way they would protect their personal accounts. This includes keeping the business’s sensitive information in a safe place and verifying who you share that information with before doing so.
  2. Educate all employees on business identity theft and tell them not to open suspicious emails or links.
  3. Give sensitive information such as credit card numbers, customer information, and administrative passwords only to those who need it.
  4. Make sure all employees are using secure usernames and passwords.
  5. Monitor business credit reports. Business owners can obtain these reports through the three major credit reporting agencies: Experian, Equifax, and TransUnion
  6. Set up two-factor authentication with their bank for wiring money.
  7. Keep their computer software up to date. This includes the devices of employees that work from home.
  8. Secure their wireless network. All businesses should have password protected Wi-Fi with a unique username and password. Business owners should change the default name and password that came with the router to something more secure.
  9. Register all versions of their domain name to keep them out of hackers’ hands. This can be done through the registrar used to create the business’s main site. Some popular registrars are GoDaddy, Register, and 1&1.
  10. Set up Google Alerts for their business to keep an eye out on where their business name is popping up online.


Damage control

If a client’s business does become the victim of identity theft, steps can be taken to gain back control.

  1. Immediately contact the company’s bank and report the fraud.
  2. Contact the relevant credit card companies and close current accounts.
  3. Notify other organizations or vendors that work with the business and ask them to not accept any order that comes in from their business’s name.
  4. File a police report.
  5. If the thief has altered their business records, notify the Business Services Division of the appropriate state government.
  6. Report and dispute new fraudulent accounts that have been opened.
  7. Request and review a copy of the business’s credit report. If the client’s personal credit is connected to the business, the personal credit report needs to be checked as well.
  8. Keep records of all those they speak with.

Business identity theft is frightening, but educating your small-business owner clients can help them keep their business identity and personal identity safe from this 21st-century crime.

Devin Kropp is an associate editor at Horsesmouth. Copyright © 2021 by Horsesmouth, LLC. All rights reserved. Denise M. Gage License #: 5173034.


View the PDF