This the final blog of special series featuring top fraud trends predicted for 2023.
Every business owner wants to make a name for themselves. However, every fraudster also wants to make a name out of it too! According to PwC’s 2022 Global Economic Crime and Fraud Survey, 46% of organizations experienced some form of fraud in the last two years. Business identity theft is a serious issue for all businesses, big or small.
Fraudsters steal the identity of a business in several ways – by attacking the company directly or targeting the employees. While one method is a more direct attack on your business, both forms of theft will end up hurting your business and costing you time and money.
Identity thieves can steal a business’ identity by gaining access to the business’ bank accounts and credit cards or by stealing sensitive company information, such as the tax identification number (TIN) and the owners’ personal information. The thieves then open lines of credit or get business loans based on the business’ identity and creditworthiness. Typically, thieves cash out quickly and go unnoticed until the bills and collection notices arrive at the door of the victimized business. Stolen money and information are just the beginning for the problem. Business identity theft can lead to credit score drops, IRS audit penalties, and a hit to your company’s reputation. Not to mention the money and time used to resolve the damage.
The COVID-19 crisis has brought about years of change in the way companies in all sectors and regions do business. As quickly as companies have accelerated the digitization of internal business operations and customer interaction, fraudsters have too. Cybercriminals have become masters at social engineering attacks. Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency or fear in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.
All these social engineering attacks involve some sort of impersonation. Fraudsters use every tool available to make their impersonation more convincing. And one of the best tools available is a genuine — or genuine looking — business email address. A Business Email Compromise (BEC) scheme is any phishing attack where the target believes they have received an email from a genuine business. BEC scams have been reported in all 50 states of the US and 177 countries. Clearly, business identity fraud is an issue.
On February 4, 2023, U.S. Attorney’s Office in the Southern District of Texas announced a case where online hackers used the BEC scheme to steal more than $800,000 from a Houston company. The still unidentified hackers got access to an employee’s computer and accessed their company’s computer networks including email servers as well as accounts. Through these phishing attacks, they were able to create fake email addresses but identified employees responsible for financial obligations and posed as vendors who were owed money. Before they realized that this was a scheme, employees were “tricked” into wiring funds to an account that the hackers controlled.
Unfortunately, it can be quite easy to create a fake company since establishing a new business usually involves simply entering registration information at a government agency and paying a fee. Thanks to the Internet, setting up a fake business has become easier than ever. In just a few clicks, phony companies can register for state and local business licenses, establish store front offices, and obtain other proofs as legitimate businesses. Why so easy? Who knows. But maybe we should implement some sort of multi-layered approach for business registrations? Something that includes digital identity intelligence and behavioral biometrics. Maybe? Couldn’t hurt!
On February 3, 2023, New York’s Attorney General Letitia James’ asked a judge to dissolve the bogus company — called Sahadi’s Fine Foods Products. The con-artists set up a fake business with a nearly identical name as a historical business from Brooklyn, Sahadi’s Fine Foods. The fraudsters even used the same mailing address in their registration as a business! In pretending to be the historical business, the con-artists have stolen nearly $100,000 from customers.
Luckily, the true Sahadi Fine Food business has a loyal customer base, but that does not take away from the damage done by the fraudsters who can still do business. It is hard to put a stop to these businesses that are created from business identity theft, which is why it is an alert for Fraud Trends 2023.