Protecting Your Company from Business Identity Theft

Your business is unique. It’s one of a kind. Without you, it would cease to exist. But wait, why’s your business’s name on an email you didn’t write? Why are customers upset with something “you” said that you didn’t say? Unfortunately, there are only three words to describe these two scenarios: Business identity theft.

In the words of Dwight Schrute (The Office), “Identity theft is not a joke … Millions of families suffer every year!” When it comes to company identity theft, thousands of businesses suffer every year, too.

So what is business identity theft? How can you spot threats? Is there anything you can do to protect your business from identity theft? Read on to find out.

What is business identity theft?

Business identity theft is when someone impersonates a company (without their authority) so they can commit fraud. Generally, the thief uses the business’s identity to gain financial information about the business or its employees or customers. Someone might use your business’s identity to gain access to your bank account, line of credit, tax refund, or customers’ or employees’ information.

Picture this: your employee gets an email from your business asking for them to give you their updated direct deposit information. They send it to “you” (i.e., the impersonator in disguise), and then have a $3,000 withdrawal from their bank. Not good, right?

Right. Business identity theft can lead to some severe problems.

Here are just some of the things that can happen when someone steals your business’s identity:

  • Depleted reputation (business brand and employer brand)
  • Withdrawals from your business bank account
  • Unexplained charges on your small business credit card
  • IRS audit penalties
  • Drop in credit score

In short, company identity theft can quickly become a mess. Securing your business against identity theft is something you should take seriously.

A business is a minefield of information to replicate. A fraudster can easily use your company’s:

  • Name
  • Official logo
  • Employees’ names
  • Mission statement
  • Published photos

Serious fraudsters who have done some major digging can find other business identity information and use it, including:

  • Federal Employer Identification Number (FEIN)
  • Credit card information
  • Banking information

Examples of business identity theft scams

There are a number of tactics identity thieves use to profit off your small business. These include the use of phishing emails, fake invoices, and tax filing.

Phishing Emails: Some fraudsters might email your employees or customers while pretending to be your business. These emails may have your company’s logo and name. Tax scams and other phishing emails encourage the recipient to take some sort of action, like clicking on a link, sending personal information, or calling a phony phone number.

Fake Invoices: A fraudster may impersonate one of your vendors by duplicating or fabricating an invoice and asking you for payment.

Tax Filing: The IRS warns businesses about tax-related identity theft. An identity thief could steal your company’s identity and file a fake small business tax return. They do this to receive tax refunds. But when a fraudster files a fake return in your business’s name, you could wind up with tax penalties and an audit.

Clever business identity theft scams, right? Ah, if only these fraudsters used their powers for good…

Business identity theft protection

It’s easier to prevent a fire than put one out. Likewise, it’s easier to protect your business against identity theft than deal with the repercussions.

Identity theft can happen to anyone, including (and sometimes especially) the smallest of businesses. Protect your business against identity theft by taking some essential security measures.

Here are just a few ways you can defend your business against identity theft:

  • Train your employees to avoid falling for phishing schemes
  • Use multi-factor authentication
  • Spice up your login information
  • Upgrade your system’s cybersecurity

Encourage cybersecurity training in your small business. Show employees things to look out for in phishing emails, like poor grammar, misspelled words, and urgent actions. Instruct employees to hover over links rather than clicking on them. And, ask them to report questionable emails or other communications to you or your IT department.

Multi-factor authentication can help make sure your online accounts are protected even if someone learns your username and password. Multi-factor authentication requires that you use at least two devices or accounts to log into an account. For example, you may set up an account so you can only access it after typing in a code that is sent to you through email or text.

Along the same lines as multi-factor authentication, improving your login information can also protect you from falling victim to identity theft. Use complex and unique passwords for each online account that you have. To help you remember everything, you can opt for a password manager system (e.g., LastPass).

Another business identity theft protection strategy is using upgraded computer systems, complete with virus and malware protection.

How to spot corporate identity theft

You can also take some actions to determine whether you’ve been subject to identity theft. Be sure to:

  • Reconcile your bank statement with your books
  • Regularly check your business’s credit report

Keeping up-to-date accounting books isn’t just for organizational purposes. It can also help you identify identity theft.

By doing bank statement reconciliation at the end of each month, you compare your bank statement to your accounting books. If you have transactions on your bank statement that don’t match with your books, it could be due to someone successfully stealing your business’s identity and making a withdrawal.

Another way to see whether you’ve fallen victim to identity theft (and hopefully nip it in the bud early) is to regularly check your business’s credit report. Doing so can help you determine whether someone has taken out new lines of credit or loans in your business’s name.

Too late—my identity has been stolen. Now what?

Having your business identity stolen is frustrating, but it’s not the end of the world. And depending on what was stolen, you may not even be affected.

Let’s say someone uses your logo in an email to one of your employees. You’ve trained the employee, so they forward the email to your IT department without clicking any harmful links or giving up precious information. No harm, no foul if you don’t fall for a phishing trap, right?

However, things are a little more frustrating, complex, and dicey when someone has actually stolen your business’s taxpayer identification number.

According to the IRS, you should take the following actions if your business’s personal information has been stolen:

  • Contact the IRS if someone is using your Employer Identification Number
  • File a police report with your local police department
  • Contact Equifax, Experian, or TransUnion to place a 90-day fraud alert on your credit reports
  • Request the three credit reporting companies freeze your credit
  • Review business information for suspicious activity (e.g., Dun & Bradstreet account, bank accounts, online accounts)
  • Close accounts, if possible
  • File a complaint with the Federal Trade Commission

Again, business identity theft can happen to anyone. If it affects you, don’t panic or despair. Instead, take action to rectify the situation and defend yourself against future theft attempts.

Stay on top of your business’s transactions by keeping up-to-date books. Patriot’s online accounting software makes it easy to manage your books. Our powerful, yet easy-to-use accounting gives you the best of both worlds to save your time and money. Get your free trial now!

This is not intended as legal advice; for more information, please click here.

Stay up to date on the latest accounting tips and training