What is company identity theft?
Just like people, companies have bank accounts, credit cards and private information. If a criminal can pretend to be an authorised person acting on behalf of the company, s/he can spend the company's money. Here are some examples of corporate ID theft:
- Setting up a merchant account in your company's name and then accepting lots of purchases using stolen credit cards and depositing the receipts in the criminals’ bank account. By the time people complain and the credit card company comes to you for the charge backs, the thieves have disappeared.
- Rifling through rubbish bins to get employee names, bank account details and other sensitive information.
- Ordering goods from your e-commerce site with stolen credit cards or by telephone with bogus account details (made to look like a real company).
- Scams and phishing attacks designed to get access to the company’s online banking details.
- Registering a website domain similar to yours to capture some of your traffic.
- Hacking your website so it presents bogus or damaging information or hijacking it altogether to distribute porn (leaving you with the excess data charges and embarrassment).
- By filing bogus returns to Companies House it is possible to change your registered address and appoint new directors. This will let a fraudster perfect the illusion that he or she runs your business.
- Infiltrating employees, such as handymen or cleaners, to steal passes, passwords and private information.
How to protect yourself
- Check your website and Companies House records on a regular basis. Also, reconcile bank statements and company credit card statements meticulously.
- Make it easy for staff, customers and suppliers to report anything unusual. For example have an email link on your website.
- Train employees and, as far as possible, customers to avoid phishing scams.
- Track registrations of new domains that are similar to yours. Consider registering common misspellings and variations of your company name.
- Take care of the papers you throw out. Shred anything sensitive.
- Set strict guidelines for staff about who can order things on behalf of the company and what information staff can give out to strangers (however plausible their story).
- As ever, make sure your computer security is sound: anti-viruses, firewalls, regular updates and strong passwords. This will protect against many online threats.