Opinions expressed by Entrepreneur contributors are their own.
In 2021, Americans lost approximately $5.8 billion from identity theft. There were 2.8 million consumer identity theft incidents reported, which means there could have been much more. Of that, $2.3 billion were from imposter scams, and $392 million were from consumer online shopping. For businesses, 47% of all businesses had one form or another of fraud affect them. According to the FBI, in 2020, scams cost U.S. businesses over $1.8 billion. And since 2020, fraud cases are up by over 70%.
If you’re not alarmed by this info, you should be.
The hard truth is that even though many companies you deal with will try to keep your personal and business information private and inaccessible to these criminals, it ultimately comes down to you being fully aware of the various types of identity theft there are, and most importantly, how to prevent it from happening. If you take the stance that this is someone else’s responsibility, you’re placing yourself and your business at high risk simply by having the wrong attitude!
So, here is some great info that you can take action on for both your business and personal protection:
Related: How to Prevent Identity Theft in Today’s Digital World
1. What is identity theft?
The below definitions come straight from the Bureau of Justice Statistics website: The definition of personal identity theft includes three general types of incidents:
-
unauthorized use or attempted use of an existing account
-
unauthorized use or attempted use of personal information to open a new account
-
misuse of personal information for a fraudulent purpose.
The definition of business identity theft (also known as corporate identity theft) is:
- The illegal impersonation of a business.
In that broad description of business fraud, it includes any type of business structure that has an Employee Identification Number (EIN), also known as a Tax Identification Number (TIN) — meaning that this can range from a sole proprietor making peanuts to a large C-corp generating millions.
2. Various types of identity theft
There are many ways that people can get your business/personal information. Here are the most common:
-
Online: This is what most folks think of when they think of identity theft. This involves crimeware, which is considered malicious software used to steal personal information. We usually call these things worms. The most common types include phishing, spyware and Trojan horses through emails. And the best way to prevent this from happening is to avoid unsecured networks, such as those found in airports, coffee shops, etc. Delete any emails that seem suspicious. Another idea is to keep your spyware protection software on your computer systems as up-to-date as possible.
-
Offline: This is almost 90% of how all fraud starts! Let’s call this one “old school.” This is when you receive calls or emails that request your business and/or personal information. Scammers will impersonate any number of companies, like banks, insurance and even IRS agents! The scammers will always say that you owe them money for one reason or another (by the way, did you know that your bank will never call and say you owe them money? Nor will the IRS). What’s the best way to fight this type of fraud? First, never give out your business or personal information to any company, no matter how legitimate the phone call or email seems. Second, simply hang up if it’s a phone call and/or do not reply to any email — just hit delete.
-
Large-scale identity theft: This is when a hacker gets past a firewall at a company like Target and can then access your account numbers, credit card and/or debit card numbers along with PIN numbers. In this type of instance, there isn’t much you or I can do to prevent this type of breach from happening. What we can do is be prepared for a rapid reaction. This type of theft will make national news, so if you hear of this happening, respond immediately by changing your all usernames and passwords and canceling and then ordering new debit and credit cards.
-
Internal employee identity theft: This is when you have employees with access to vital banking and account information. They may wire or Zelle funds to themselves or anyone. They can steal checks from your office and write those checks to themselves or others. They can also sell this information to people for cash if they choose to. The reality is that if you have provided this employee with access to your bank account, then the banks cannot do much since you allowed someone access. Therefore, the bank is not at fault, and while they will do what they can to help and get some money back, they are not responsible, you are. The good news is that the court system can do something about this situation. The only way to prevent this is either by doing all your banking yourself, and/or being REALLY picky about who gets access and to what information.
Related: Make Your Businesses Invulnerable to Corporate Identity Theft
3. Examples of business identity theft
-
Bogus social media accounts: Check your social media accounts, and see if there are any Facebook pages, Instagram pages or other social media sites you use that are pretending to be your business.
-
Bogus websites: Naïve customers are directed to these sham websites through search engines, various social media ad campaigns or phishing email scams.
-
Phishing emails: These fake emails are sent by scammers to employees and usually have a type of spyware attached to them that will activate once you click on a link.
-
Bogus tax information: Scammers use stolen business information to file fraudulent tax returns in order to attempt to receive a refund.
-
Ransom of your trademark: Criminals steal your business name/logo and register it as an official trademark of their own. Then, after they wreak havoc, they’ll actually demand a ransom to release the trademark!
-
Bogus invoices: You’ll get this from a scammer pretending to be your vendor asking for money. It will look legit as it will have the logo, etc. on it.
4. How to prevent personal and business identity theft:
There are many, many ways to help prevent identity theft. Here is a short list to get you started:
-
Shred any and all statements: Credit cards, bank, mortgage, etc. Better yet, set up auto-pay and use online statements instead.
-
NEVER provide personal/business info over the phone: Never do this unless you made the call and can identify the person/company.
-
Software protection: Consider getting some type of protection onto your personal and business computer.
-
Get identity theft protection: Think of companies like LifeLock.
-
Don’t keep your SS card in your wallet/purse: Maybe even consider this for ALL your credit and debit cards?
-
Create longer passwords: If you can get 10-15 digits in there, with a mix of letters, numbers and special characters, then you have a good one.
-
Check your credit reports: Be sure to check your credit reports at least monthly if not more often. You can get them from the actual credit companies, not the knockoffs.
-
Be wise about shopping online: Practice common sense here. Use sites like Amazon and not some unknown site.
-
Be wise about social media: Maybe only send friend requests to folks you actually know, and give a double-check on an account that looks weird or off in some way.
-
Unsecure networks: Stay away from places like coffee shops that have Wi-Fi but are not secure.
-
Healthy skepticism: When someone is contacting you by email or phone, be VERY sure of who they are before clicking any links or providing any info.
Pro Tip: Ninety percent of fraud is still initiated by receiving a phone call, NOT from someone mysteriously accessing your bank account. I help customers each week with fraud, and the truth is that the fraud happened because they GAVE a fraudster the username and password over the phone. Every. Single. Time. Just be smart, folks.
Related: How to Protect Yourself and Your Business From Fraud