Business identity theft is a big threat to small business
ComplianceApril 21, 2023

Business identity theft is a big threat to small business

Identity theft is a serious problem—not just for individuals, but for businesses as well. According to the IRS, identity theft is a “serious threat to business, partnership, estate and trust filers”.

Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.

What is business identity theft?

Many tend to associate identity theft with the theft of a Social Security number or credit card information. Business identity theft occurs when criminals assume the identities of business owners, officers, or employees to fraudulently obtain cash, credit, and loans, leaving the victimized business with the debts. Business identity thieves may also engage in fraudulent activities such as filing bogus business tax returns with the IRS to receive refundable business credits. Apart from the direct costs associated with business identity theft, businesses may also have to deal with legal consequences, such as defending their patents, copyrights, trademarks, or other intellectual property in court.

What information are business identity thieves after?

Business identity thieves focus on stealing key business identifiers and credentials—such as officers’ names and other personal information or your federal tax employer identification number—in order to manipulate or falsify state business filings and impersonate the business in other ways. Armed with this information, criminals can open a line of credit, obtain better terms with vendors, or apply for a loan. And, business credit cards, with credit limits of up to $150,000, provide another avenue for thieves to make purchases at the expense of small businesses.

We keep compliance simple
We’ll help you anticipate what you need and guide you through the process. With over 130 years of experience, you can rely on CT Corporation to make sure any issues are dealt with quickly and accurately.

Stealing a business identity or creating a new one is easy

Criminals can capitalize on the abundance of information made available to the public online. Businesses are required by law to publish sensitive details which may include financial statements, stakeholder information, and key identifiers such as employee identification numbers, and sales tax and business numbers.

This information and more can also be purchased legally through the internet. Often, an application for a line of credit is approved based on public and recycled information found on the web.

Examples of tactics used by identity thieves

Today, criminals are finding more sophisticated ways to impersonate and defraud businesses. While emulating a company’s letterhead, or sending fake correspondence were commonly used methods in the past, other more advanced tactics are continuing to emerge. Some of these include

  • Phishing scams—Emails that look and sound authentic (such as an email supposedly from your bank asking you to verify your account information) and often contain graphics stolen from the company from which the message claims to originate; these try to get staff to click through so that they can gather information.
  • Hacking into an executive's email and sending fake emails to the finance team asking for a last-minute wire to a foreign bank account
  • Planting an unsecured Wi-Fi hotspot in or around an office with the expectation that an employee will connect to it by mistake. This leaves their system vulnerable and makes proprietary information visible.
  • Dumpster diving remains a prevalent tactic employed by criminals. Identity thieves scour through personal waste and public refuse containers in search of confidential data.
  • Planting an unsecured Wi-Fi hotspot in or around an office with the expectation that an employee will connect to it by mistake. This leaves their system vulnerable and makes proprietary information visible. 

Improper dissolution of a business increases the risk of identity theft. Criminals search for inactive or suspended corporations on government websites and can easily revive or reinstate them.  

How to prevent and detect business identity theft

Take a proactive approach and educate yourself and your staff to prevent business identity theft. Consider the following steps:

  • Regularly review and keep track of your business's commercial credit report.
  • Perform periodic reviews of business records to ensure no fraudulent business entity filings have been made.
  • Keep company records with the Secretary of State up–to–date.
  • Keep staff educated on cybersecurity best practices.
  • Protect your EIN (employer identification number), account numbers, and other personal information.
  • See if you can place fraud alerts on your business’ bank and merchant accounts 

What to do if your business identity has been stolen

If you suspect that your company has fallen prey to business identity theft, prompt action can mitigate the extent of harm to your business. Here are some initial steps you should take.

  • Inform your bank, credit card issuers, and other creditors of potential business identity theft and inquire if they have received any anomalous charges or orders from anyone claiming to represent your business.
  • Request for copies of documents or emails used by the perpetrators to unlawfully access or create accounts under your business's name.
  • Notify Dun & Bradstreet, Equifax, Experian, and TransUnion, the credit reporting agencies for small businesses, about the incident.
  • Notify local and state law enforcement.
  • Talk to your attorney and insurance company.


As it appears the threat of business identity theft is not going away anytime soon, it is important that businesses, both small and large, recognize the real risk that identity theft poses, and take the necessary precautionary measures to prevent serious financial loss and other damages.

Read the Related Articles:
The rising risk of business identity theft: Why formal entity dissolution and withdrawal is a critically important safeguard
CT Expert Insights: Mitigating the risk of business identity theft
Nine tactics to guard your business identity

The CT Corporation staff is comprised of experts, offering global, regional, and local expertise on registered agent, incorporation, and legal entity compliance.

Back To Top