How to Protect Your Business from Identity Theft | SoftwareONE Blog

How to Protect Your

Creating an Incident Response Plan

The Internal Revenue Service (IRS) reported an increase of 2.75% in fraudulent business tax returns, indicating a disturbing trend in business identity theft. Unfortunately, small to medium businesses - compared to larger corporations - tend to be primary targets in identity theft due to their lack of security and fraud protection. Keep reading as we cover the ins and outs of business identity theft and discuss the steps you can take to protect your business.

What is Business Identity Theft?

Business identity theft is a type of identity theft in which someone or some entity creates or attempts to use a business’s identifying information without authority and with the intent to defraud or hurt the business in some way. The National Cyber Security Society (NCSS) has identified the following four primary types of business identity theft:

  • Financial Fraud : This includes using a business’s identity to obtain lines of credit, loans, or credit cards, or otherwise creating fraudulent Uniform Commercial Code (UCC) filings.
  • Tax Fraud: This includes actions such as filing fraudulent tax returns with the intent to gain access to subsidies or refunds owed to the business.
  • Website Defacement: This occurs when the thief manipulates a business’s website or identity on the internet.
  • Trademark Ransom: Thieves sometimes will register a business’s name as an official trademark and then demand a ransom in order to release it.

Business identity theft can lead to a variety of negative outcomes, and it’s become a growing problem as technology evolves and more business information is accessible online. These issues include problems with vendor payments, negative credit reports, state and federal tax disputes, and damage to a business’s overall reputation.

Common schemes used by criminals to steal a company’s identity include, but are not limited to, the following:

Sending a fake invoice for goods or services that you never ordered, or a duplicate of an invoice that you already paid:

These invoices may come in paper format, over email, or in the form of a phone call and can be used to both get a payment from your business or obtain your company’s billing information.

Establishing temporary office locations or accounts under your company’s name:

This makes it possible to redirect your company’s traffic or vendors to their temporary location and allows them to redirect your mail, file for tax returns, and more under your name.

Posing as a credit card processing company:

Since so many small businesses rely on credit card processing services, criminals are able to pose as these companies in order to obtain a business’s financial information, later exploiting it for their own purposes.

Going through your company’s trash:

If you don’t shred documents with vital information on them, thieves can gain access to enough information to pose as your company just by going through your garbage.

Asking for membership or service fees:

In this type of scheme, the thief poses as an official organization requesting that you pay a service fee or renew a license. If you comply, they then have access to your organization's financials.

Filing fake documents with the Secretary of State:

This may include change of address forms, change of name, and more, and gives the thief a stronger foothold to pose as your business.

One primary tactic to be on the lookout for are phishing emails and phone calls. Any email or call that appears to have come from an official source, but which is asking for financial information or other identifying information related to your business should be handled with skepticism.

How to Identify Ongoing Business Identity Fraud

Many signs indicate your business may have had its identity stolen. Some key red flags are the following:

  • You are unable to e-file your business tax return because one was already filed under the same Employer Identification Number (EIN).
  • You receive a tax document, credit card bill, or other notice that is inconsistent with anything you’re expecting.
  • The Internal Revenue Service (IRS) sends you a Letter 6042C or 5263C. The IRS may send one of these documents to verify your business information if something doesn’t add up on their end.
  • You fail to receive expected correspondence from the IRS, a vendor, or a creditor. If this happens, it might mean your business address has been changed without your knowledge and the documents are being sent elsewhere.
  • Your business credit score changes without any obvious reason.
  • Your business is unexpectedly denied credit.

If any of these signs occur, you should investigate further. A good place to start is by getting a copy of your business credit report and performing a thorough review of all business accounts to look for unauthorized activity.

What to Do If You’re a Victim of Business Identity Theft

If you find evidence that someone is using your business’s identity for nefarious purposes, the next step is to take action. Immediately notify your bank and any creditors of what has occurred. They can help track down unauthorized transactions and also put a stop to any future ones. You should also report the issue to all of the business credit reporting agencies, including Dun & Bradstreet, Equifax, Experian, and TransUnion.

Next, collect any documents that show fraudulent activity, including tax returns, bank statements, and emails, and notify local law enforcement officials. If the thieves made any changes with the Secretary of State or the IRS, you should immediately contact both to correct the issue. The IRS has procedures outlined on their website that inform business owners exactly what to do if this has happened to them.

4 Steps to Protect Your Business

It’s always best to take protective steps before theft can occur. The following 4 steps provide an outline to help you get started:

  1. Shred Documents and/or Go Paperless: Shredding destroys all sensitive information before documents are recycled or make their way to the trash. Going paperless also prevents thieves who might steal incoming or outgoing mail as well.
  2. Protect Your Data and Network: Make use of robust security measures such as firewalls and anti-virus software to make sure would-be thieves can’t hack into your corporate network to steal critical business information they might use to impersonate you. Services such as SoftwareONE’s Managed Detection & Response can help secure your business against a wide variety of cyber threats.
  3. Educate Your Employees: The easiest way for many criminals to get access to your business’s information is through phishing scams. These scams rely on human error, so training employees to identify them is critical. Consider programs such as SoftwareONE’s Cybersecurity User Awareness to help close your workforce’s security knowledge gap.
  4. Monitor Your Credit: Continuously monitoring your business’s credit will mean you are alerted right away if anything unusual happens.

It’s also important to make sure your company regularly backs up all data in a way that keeps it safe and secure. SoftwareONE’s BackupSimple covers the main pillars of modern data protection, protecting your hybrid cloud workloads, SaaS apps, and endpoints alike.

As you move forward, stay vigilant. Ensure your data is protected, stay aware of the latest scams, and continue to train your employees. With the proper strategies and support in place, you’ll never fall victim to identity theft.

Digital Signage – an Important Part of Going Paperless

Learn how different digital signage options can help streamline document signing for your business securely over the internet.

View Webinar
  • Managed Security, Cybersecurity, Digital Transformation
  • Cyber Awareness, Cyber Threats

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO


Related Articles

5G and Cybersecurity: All You Need to Know | SoftwareONE Blog
  • 17 January 2022
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness, IT Market
  • 5G, IoT

5G and Cybersecurity: All You Need to Know

5G brings many operational benefits – but it’s not without its risks. Read this to ensure your cybersecurity practices are up to standard.

Be prepared: Tech Trends To Watch Out For In 2022
  • 12 January 2022
  • Blog Editorial Team
  • Digital Transformation

Tech Trends To Watch Out For In 2022

We look back on the highlights of 2021 and review the key priorities for customers in 2022.

Why You Need Zero Trust Security in a Hybrid Workplace | SoftwareONE Blog

Why You Need Zero Trust Security in a Hybrid Workplace

The pandemic has changed the way we work – and that includes how organizations secure their data. Learn more about why remote work calls for zero trust.