As we may have mentioned before, business across the UK are now much more likely to be targeted by criminal organisations and identity thieves. Businesses of all sizes are being targeted without discrimination for a quick and easy profit – but one class of business above all is at risk. SME’s who don’t have a protected infrastructure or a good data protection policy in place are just sitting ducks for corporate identity thieves. But what does an identity thief need in order to impersonate your business, and more importantly how do they get it?
The Bank You Use
If a criminal wants to set about stealing the identity of a business, the best way to start is by finding out what bank they use and ideally what their account number is. If they can find this out, it’s relatively easy to impersonate you – especially if they have already gathered some basic personal information about the person who deals with the bank within your organisation. Security questions are usually memorable information, which makes it fairly predictable. This can be gained through background research, guesswork or even installing a keylogger virus onto the computers in the finance department, which tracks every keystroke made and site visited and feeds it back to the criminal. All of this information can be gained by stealing discarded paperwork, internet research or even posing as a customer and asking for an invoice. From there they can use this information to open up new accounts, get loans or just use up the money in your account.
Business Address
In one of the most basic and non-technology based schemes around, one of the key pieces of information criminals need is your business address. Today this is incredibly easy to get – most businesses display it proudly on their websites or Google pages. But because post can be such a valuable thing, a lot of criminals will still opt for good old fashioned mail fraud. Using some basic information, they can submit a change of address form on your behalf and have all of your business post sent to them. Using this they can gain access to anything sent to you – bank statements, invoices, private business documents – you name it.
Identifying Numbers & Legal Statuses
Basic information on your company is often all that’s needed to do some serious damage. For example, by doing a simple search on companies house you can find out:
- Company Information – e.g. registered address, date of incorporation, registration number, director information
- Current and resigned officers and employees
- Document images
- Financial records
- Mortgage charge data
- Previous company names
- Insolvency information
The scary thing is, there’s much more you can find out through this, because it is a legal requirement that all of this information be public. So even if you don’t keep all of this information in paper form where it can be stolen, it can still be discovered online. Using this information thieves can pen bank accounts, take out loans, apply for credit cards, get insurance or simply gain access to your secure client and financial data to sell on and make a profit.
Surprisingly, a thief actually needs less information to impersonate your business than they would to impersonate you as an individual. Despite this, cyber criminals are less interested in pretending to be your business than they are gaining access and stealing client records, money and data directly. At least that’s the trend at the moment – but these things do change quickly. For more information or to get your personal shredding quote, get in touch with us today.
Recent Comments