4 ways to prevent business identity theft
accountant advice

4 ways to prevent business identity theft

For any business owner, there is nothing more shocking or terrifying than finding out that a cybercriminal has successfully targeted their business to commit identity theft.


Unlike consumer identity theft, it’s significantly harder for small business owners and operators to avoid business identity theft. The result of business identity theft is troubling for entrepreneurs who are already investing their time, money, and resources into growing their business. 

In this article, we’ll dive into what business identity theft is, why it occurs, how cyber criminals can impersonate your business, and share four effective ways to prevent business identity theft. 

What is business identity theft? 

Business identity theft (also known as corporate identity theft) occurs when someone assumes the identity of the business, or the business owner, to commit business fraud.

As a result, business owners have to deal with the financial consequences because many cybercriminals commit business identity theft for their own financial gain.

Although business identity theft can happen to any business, it can impact small businesses disproportionately since larger businesses may have the resources to implement cybersecurity measures to protect themselves

As a business owner, here are the most common examples of business identity theft that you should look out for:

  • Financial fraud. Cyber criminals may issue fake invoices for items that you didn’t purchase, leaving you with the bill. They may also use your business’ corporate data to apply for new lines of credit, loans, credit cards, and even fraudulent Uniform Commercial Code (UCC) filings.
  • Tax fraud. Hackers can use your business tax information, such as the EIN of an active or inactive business, or the Tax ID, to file fake tax returns and obtain refunds from state or federal governments.
  • Compromising your website. Because your business website is the foundation of your business’ identity, hackers will often attempt to compromise your website to conduct business identity theft. Once the website is compromised, the hacker can steal your customers’ credit card data or personal information, host malware or ransomware, or even deface the website with graphic images.
  • Holding your trademark for ransom. If you haven’t taken the necessary steps to protect your business name, hackers can file fraudulent paperwork with the U.S. Patent and Trademark Office to obtain the trademark. Once they have been approved, they can hold the trademark for ransom. This is especially challenging for small businesses or startups on track to scale their operations, making it even more important for them to protect their business name.


Why does business identity theft happen?

The cyber criminals that conduct business identity theft are primarily motivated by the same reason as those who conduct consumer identity theft—financial gain.

Unlike consumers, cybercriminals may target businesses more because they not only can conduct larger transactions and purchases, but also qualify for higher credit limits compared to consumers. If a hacker can successfully impersonate a business to take advantage of these practices without arousing suspicion, they are guaranteed a higher payout.

In addition, cybercriminals also target businesses because many states require the businesses to publicly release certain types of data, such as sales tax information, financial statements, information on key stakeholders, and even employment identification numbers. They can collect a lot of the publicly available information as part of their research phase, and use it later to impersonate you or your business to commit different types of business identity theft. 

How does business identity theft happen? 

Before you try to understand how business identity theft happens, it’s important to understand what it’s not. 

Many entrepreneurs presume that forms of corporate identity theft include a security breach or a data breach, phishing attack, or even insider threat. But this is not the case. 

  • A security breach or a data breach results in the loss of sensitive data, such as customer data that is typically stored on CRM and help desk software, employees’ personally identifiable information, or intellectual property.
  • Phishing attacks can result from an employee clicking on a malicious link, or downloading a malicious attachment, that may encrypt your files. The hackers hold the encrypted data for ransom, promising to give you the decryption key once you’ve made the ransom payment.
  • Insider threats refer to an employee (or ex-employee) stealing your sensitive data for their own personal gain.


Although these types of cybercrime cause the loss of sensitive data, they don’t count as incidents of business identity theft. In fact, they lead to business identity theft because hackers can leverage the sensitive data they steal to impersonate you or your business.


Here are a few tactics that cybercriminals use to business identity theft:


Data breaches


There are a number of ways that cybercriminals can breach your company’s internal network and access confidential files required to conduct financial or tax fraud.


In a recent Chinese data breach, the personal data of nearly one billion Chinese residents was exposed. The dataset included personally identifiable information (PII) such as national ID numbers, medical records, and even police records. For residents who may own small businesses, much of the personal data exposed could be used by hackers to conduct business fraud. 

So, how did the breach occur? Security experts point the finger at a misconfigured cloud server hosted by Alibaba. This incident demonstrates how the method your business uses to store, and secure, its sensitive data can impact your susceptibility to a data breach. Regardless of whether the data is stored on physical servers or in the cloud, a savvy hacker can easily gain access into your network and systems to steal the data for their benefit. 

Phishing attacks 

Cybercriminals can manipulate your employees via business email compromise (BEC) attacks or spear-phishing scams to share sensitive data with them, including usernames and passwords. 

  • Business email compromise attacks refer to hackers sending phishing emails to a business email account to target your employees.
  • Spear-phishing scams refer to hackers specifically targeting an employee, or an entire department, within your business. These emails are highly effective because skilled hackers can mimic the voice and tone of the employees that they’re targeting to guarantee responses. For example, employees within your finance department are ripe targets for spear-phishing scams because they have an intimate knowledge of your business finances and have access to your tax documents.


Once attackers have the information they’re looking for, they can impersonate the employee, gain direct access to your systems, and poke around until they find the information they need to commit business identity theft.


Physical theft


If your business has a physical location and you keep physical copies of your confidential data, the criminals can break into your office to steal the documents. This tactic may be more commonly used for local small businesses that may not use cloud storage for their data.


Key consequences of business identity theft


Consider the parties that are impacted the most when business identity theft occurs—business owners and customers. This dictates the consequences of identity theft.


From a financial perspective, business owners have to deal with negative credit reports, state and federal tax disputes, and loss of business reputation:


  • Negative credit reports. Your business’ credit score determines the trustworthiness of your business. If your credit score, and the credit report, falls into the negative range, it can have a lasting impact on your ability to apply for legitimate loans in the future.
  • Tax disputes. Depending on the state, your business may have to publicly release sales tax data, revenue numbers, tax IDs, and other financial information that can be used to conduct tax fraud. Hackers can use this publicly available information to file fake tax returns with the IRS, resulting in business owners facing serious tax disputes with the IRS.
  • Loss of business reputation and customer loyalty. If hackers fraudulently purchase goods or services with one of your trusted vendors or distributors, and don’t pay for the services, this can impact your business relationship with them. Depending on the type of business you have, your customers can also feel the downstream consequences of identity theft, resulting in loss of revenue and customer loyalty. 

Lastly, business owners with limited resources may have attached themselves to their businesses personally, either by applying for additional credit loans under their name or paying out of pocket for goods and services. If their business is targeted for identity theft, they may be held personally liable for any losses they incur.


4 ways to prevent business identity theft in 2022 

The best way to prevent business identity theft from impacting your business is by making sure you’re being proactive in your approach.


Here are 4 ways you can proactively protect yourself and your business from identity theft: 

1. Don’t share anything about your business online, or publicly, that can put you at risk 

As your business becomes more successful, it’s normal to want to share your wins publicly. In fact, over the past year, many entrepreneurs have participated in the #buildinpublic movement on social media platforms, in which they announced their monthly, or annual, recurring revenues, how many milestones they’ve achieved, and even the tools and technology platforms they’re using to build their business.


Unfortunately, you never know who’s paying attention to all this information on the other side of the screen. Cybercriminals do a wealth of research on their victims and will wait for the perfect moment to strike. Therefore, it’s best to place strict limitations on yourself and your employees regarding what you can share about yourself and your business to protect your online privacy.


2. Secure your online accounts 

It’s rare for any business owner to run, and grow, their business without using a website or social media platforms for marketing purposes. Unfortunately, the more online accounts you create, the more careful you must be to ensure they are secured properly.


To ensure that you are securing all of your online accounts properly, we recommend:


  • Create strong passwords that include a variation of alphabets, numbers, and special characters for all your accounts. Ideally, you should use a different password for each account, so that if a hacker compromises one of your accounts, they can’t access any other account you have.
  • Use a password manager to store your passwords in a safe place, rather than noting down your user credentials in a Word document or another note-taking application.
  • Always use two-factor authentication or multi-factor authentication, so that you’re immediately alerted if a hacker tries to access your account.
  • Regularly train your employees using cybersecurity awareness training, so that they’re aware of the newest scams cybercriminals may use to manipulate them.
  • If you suspect that you, or your business, have been impacted by identity theft, immediately update all your passwords.


3. Check and monitor your personal and business credit reports


Since financial gain is the primary motivator for business identity theft, it’s important that you regularly check your personal and business credit reports. Keeping a close eye on your credit reports allows you to:


  • Check for any fraudulent purchases that you haven’t made.
  • Track whether someone has applied for any credit cards, lines of credit, or loans under your name or your business’ name.
  • Ensure that cybercriminals haven’t attempted to open any additional fraudulent accounts.


You can typically request a personal and business credit report from any of the three credit bureaus.


4. Act quickly if you notice signs of business identity theft


If you notice signs of business identity theft, the biggest mistake you can make is to do nothing. Even if you have the slightest suspicion that someone may be impersonating your business, you need to act quickly

  • Place a fraud alert on your personal credit report with any of the three credit reporting agencies. This will ensure that any company is required to verify your identity before they issue the credit.
  • Freeze your personal credit, so that lenders can’t access your credit report. This will limit your ability to apply for a loan or line of credit as well, but it’s a necessary step for entrepreneurs who may be using their personal credit cards or loans for their business.
  • Contact your local law enforcement agency and file a police report. Get in touch with your business insurance provider and an attorney to discuss the impact of the business identity theft and discuss remediation options.


Taking proactive measures to protect you and your business


Business identity theft is no joke. In today’s digital-first world, there are too many ways for a skilled cybercriminal to break into your network and steal the data they need to commit business fraud. Unless you’re the CEO or founder of a large organization, it’s unlikely that you will have the necessary tools and resources to completely eliminate the risk of identity theft. 

Therefore, it’s up to you to make sure you’re protecting not only your business, but also yourself, from identity theft by taking proactive steps to ensure your safety.


Recommended for you

Mail icon
Get the latest to your inbox
No Thanks

Get the latest to your inbox

Relevant resources to help start, run, and grow your business.

By clicking “Submit,” you agree to permit Intuit to contact you regarding QuickBooks and have read and acknowledge our Privacy Statement.

Thanks for subscribing.

Fresh business resources are headed your way!

Looking for something else?

QuickBooks

From big jobs to small tasks, we've got your business covered.

Firm of the Future

Topical articles and news from top pros and Intuit product experts.

QuickBooks Support

Get help with QuickBooks. Find articles, video tutorials, and more.