Business Identity Theft: A Guide for US Companies 

In today’s interconnected world, identity theft isn’t just a personal concern; it’s a significant threat to businesses, both large and small. The Internal Revenue Service (IRS) explicitly recognizes identity theft as a “serious threat to business, partnership, estate and trust filers.” Each year, this crime accounts for millions of dollars in losses, with small businesses often being more vulnerable due to a lack of robust security controls and a general unawareness of the risks involved.

This guide from TheTaxBooks aims to shed light on business identity theft, helping US businesses, including those newly incorporated by international entrepreneurs, understand the threat and implement effective protection strategies.

Understanding Business Identity Theft

When many think of identity theft, they often picture the compromise of a Social Security number or credit card. However, business identity theft operates on a larger scale. It occurs when criminals assume the identities of business owners, officers, or employees to fraudulently obtain cash, credit, and loans, leaving the victimized business burdened with debt. Another common manifestation is the filing of fraudulent business tax returns with the IRS to claim refundable business credits.

Beyond direct financial costs, victimized businesses may also face significant legal ramifications, such as defending their patents, copyrights, trademarks, or other intellectual property in court.

What Information Do Business Identity Thieves Target?

Business identity thieves are after key business identifiers and credentials. This includes officers’ names and other personal details, as well as your federal tax Employer Identification Number (EIN). Armed with this sensitive information, criminals can:

  • Manipulate or falsify state business filings.
  • Impersonate the business in various transactions.
  • Open new lines of credit.
  • Obtain more favorable terms with vendors.
  • Apply for business loans.
  • Exploit business credit cards, which can carry credit limits up to $150,000, for unauthorized purchases.

Why Business Identity Theft is Becoming Easier

The digital age has made a wealth of business information publicly accessible. State laws often require the disclosure of proprietary business information, such as annual reports, management and personnel details (including names and addresses), EINs, and sales tax and business numbers. This information, and more, can often be legally purchased online. Many applications for lines of credit are approved based on this readily available public and recycled information.

Alarmingly, identity thieves are increasingly leveraging advancements in Artificial Intelligence (AI), particularly large language models (LLMs), to enhance and automate their fraudulent activities, making their tactics more sophisticated and harder to detect.

Common Tactics Used by Identity Thieves

Criminals are constantly evolving their methods to impersonate and defraud businesses. While older tactics like emulating company letterheads or sending fake correspondence still exist, more advanced schemes are emerging:

  • Phishing/Spear Phishing: These involve emails and text messages that appear authentic, often incorporating graphics stolen from legitimate companies. They attempt to trick staff into clicking malicious links or divulging sensitive information. “Spear phishing” is a more targeted approach, with messages specifically tailored to an individual or groups within a company, and AI is making these scams exceptionally convincing.
  • Data Breach: Criminals gain access to sensitive information through vulnerabilities such as human error, outdated software, or other security weaknesses within a company’s systems.
  • Malware and Ransomware: Malicious software can be introduced through phishing emails, downloads from compromised websites, software vulnerabilities, or infected USB drives, leading to data compromise or system lockout.
  • Impersonation: This tactic includes gaining unauthorized access to an executive’s email (hacking) or spoofing their email address to send fraudulent wire transfer requests to the finance team. Another common impersonation tactic involves making unauthorized changes to a business registration at the state or Secretary of State level, such as adding or deleting principals, or changing the business address. These changes can then be leveraged to set up credit lines or engage in other fraudulent activities.
  • Unsecured Wi-Fi: A bad actor might set up an unsecured Wi-Fi hotspot near an office, hoping an employee will inadvertently connect, thereby exposing their system and proprietary information.
  • Dumpster Diving: Despite technological advancements, this low-tech method remains prevalent. Identity thieves physically scour through discarded waste for confidential documents.
  • Failure to Dissolve Introduces Risk: Businesses that fail to properly dissolve an inactive entity create an opportunity for criminals. Fraudsters search government websites for suspended or inactive corporations and can easily revive or reinstate them for illicit purposes.

Essential Strategies to Prevent Business Identity Theft

Taking a proactive stance and educating your team are critical steps in preventing business identity theft.

Educate Your Team on Phishing Scams

Phishing emails and text messages are primary tools for gathering personal information or installing malware. With sophisticated techniques, these communications can be very difficult to distinguish from legitimate ones. Ensure your employees are trained to recognize red flags, including:

  • Poor grammar and spelling.
  • Mismatches between the sender’s name and email address.
  • Suspicious attachments or links to unrecognized websites.
  • Messages creating a false sense of urgency.

Prioritize Cybersecurity and Software Updates

Your company should implement the latest security programs designed to detect and prevent malicious hacking and cyber-attacks. It’s equally important to secure all laptops and mobile devices used for business purposes. Regularly updating all software, operating systems, and security applications helps patch vulnerabilities that criminals could exploit.

Maintain Diligent Business Filings and Records

  • File Your Annual Report on Time: Missing an annual report deadline can expose your business to risks, including identity theft. Deadlines often vary by state and are tied to your company’s formation date, making them easy to overlook, especially if you operate in multiple states.
  • Keep State-Required Information Up to Date: Most US states require filings when a company changes its name, method of management (for an LLC), authorized stock (for a corporation), or its registered agent. Notifications are often also required for changes in principal officers or the business address. Keeping this information current ensures you receive official communications from the state and signals to potential thieves that your business records are actively managed.

Regularly Monitor Business Credit and State Filings

  • Check Your Credit Reports Regularly: Utilize services like Dun & Bradstreet or major credit bureaus (Equifax, Experian) to consistently monitor your business credit activity for any suspicious changes. Consider signing up for email alerts from these agencies.
  • Check the Secretary of State Website Regularly: Proactively look up your business on your state’s Secretary of State website, or sign up for available email alerts. This allows you to quickly spot and report any unauthorized changes to your business registration, such as a changed business address, and promptly initiate reversal of fraudulent activity.

Safeguard Sensitive Business Information

  • Encrypt sensitive files and emails with strong, unique passwords.
  • Implement access controls to manage who can view and interact with sensitive information, such as your EIN (Employer Identification Number) and bank account numbers.
  • Educate your staff on general cybersecurity best practices.
  • Consider placing fraud alerts on your business bank and merchant accounts to detect and prevent unauthorized activities.
  • Properly shred or securely destroy sensitive data on old hardware before disposal.

What to Do if Your US Business Identity is Stolen

If you suspect your company has fallen victim to business identity theft, swift action is crucial to mitigate potential harm. Here are the initial steps you should take:

  1. Inform Your Financial Institutions: Immediately notify your bank, credit card issuers, and other creditors of potential business identity theft. Inquire if they have received any unusual charges or orders purporting to be from your business.
  2. Request Documentation: Ask for copies of any documents or emails used by the perpetrators to unlawfully access or create accounts under your business’s name.
  3. Notify Credit Reporting Agencies: Contact Dun & Bradstreet, Equifax, and Experian to report the fraud and place alerts on your business credit file.
  4. Notify Law Enforcement: File a report with your local police and state law enforcement agencies.
  5. Consult Legal and Insurance Professionals: Speak with your attorney to understand your legal options and potential liabilities. Also, contact your insurance company to determine if any losses are covered under your business insurance policy.
  6. Follow IRS Procedures: If the theft involves tax-related fraud, follow the guidance provided by the IRS for identity theft victims, which may include providing specific details like the SSN of the person signing returns, previous payment history, and complete filing history to verify legitimacy.

How TheTaxBooks Can Help

Navigating the complexities of US business registration, tax compliance, and ongoing regulatory requirements can be challenging, particularly for international entrepreneurs. At TheTaxBooks, led by Principal Consultant Kishore Chennu (MBA, CMA, EA-IRS (US)), we understand these intricacies. While we focus on US Company Formation, US Tax Filing (Individuals & Businesses), Bookkeeping, and Accounting, our expertise also helps businesses establish a strong, compliant foundation, thereby reducing certain vulnerabilities that identity thieves might exploit. Our services, including Federal and State Tax Filing, US Business Bookkeeping, and assistance with Forms like 5471 and 5472, ensure your financial records are meticulously maintained and compliant, adding a layer of protection through accurate reporting.

Conclusion

The threat of business identity theft is not diminishing. It is imperative that businesses, regardless of size, recognize the serious risks involved and implement robust precautionary measures. By understanding common tactics, educating employees, maintaining strong cybersecurity, and diligently monitoring your business’s credit and public filings, you can significantly reduce your vulnerability and protect your company from severe financial loss and other damaging consequences.

To learn more about how you can reduce your taxes and save money, check out the helpful resources on our blog or contact us today to schedule a consultation.

share on
Facebook
WhatsApp
LinkedIn
Email
We Make Tax Filing A Breeze

CONTACT US NOW

Post Views: 5

Book Schedule Now