Be wary of corporate identity theft
Identity theft does not only do happen to individuals, but also to business entities and that is what we call corporate identity theft. What is it actually?
Like individuals, companies also have identities. What are the company identities? They are name, logo, domain, certificate, bank account number, and other attributes that belong to a company. Corporate identity theft is the act of theft or misuse of identifiers and business credentials, manipulation or falsification of archiving and business records, and other related criminal activities intended to obtain profits.
A phony website is one of the corporate theft examples just like one that NASS mentioned in the report titled Developing State Solutions for Business Identity Theft. The perpetrators made a website resembling the one belonging to the original car dealership. Through the phony website, the perpetrators deceived their victims by luring low-priced cars and making them transfer some money for cars that did not exist.
A similar case also occurred in South Sulawesi, Indonesia. Cited from Sindonews (12/1), the perpetrators made a phony website under the name of a state-owned bank to drain the customers’ accounts.
How can a company’s identity be stolen?
There is always a way to steal the identity, even with the simple method e.g., getting a corporate identity from paper trash. Now, the digital era amplifies technology to open more opportunities for perpetrators. Social media, email, company website, other digital platforms that contain identity become the target of stealing.
Even there is more cutting-edge method revealed by cybersecurity researcher Awake Security, Troy Kent. Troy said to CNBC (3/12) that the perpetrators could use the cryptocurrency mining machine to hack the organization’s security system, and then steal documents – intellectual property rights or other important documents, and credentials.
Using the stolen credential information, the perpetrators could pretend to be CEOs and deceive many parties, which ultimately tarnishes the reputation of the company.
Mitigation efforts
The more successful a company is, the greater its potential to be the target of identity theft. Therefore, companies need to take mitigation efforts. There are some simple tips, procedures and actions that companies can do online and offline. Among others are:
- Do background checks on business partners and directors
- Do not accept orders or faxes that are handwritten
- Validate the partner’s address
- Always re-check the information received
- Ensure the telephone area code is in accordance with the partner’s address
- Make sure potential partners can provide bank references
- Make clear all potential relationship of the business partner/client with any identical companies
- Implement data encryption throughout the company’s online system
- Create a data destruction policy, for both hard and soft data.
