Talking technology – corporate identity theft

The growing problem of identity theft is attracting increasing attention

When many people think about identity theft, they are concerned about its personal implications. What will I do if my identity is stolen? How will I know? What will happen to my credit rating? How much will it cost me? How can I prevent it? This is understandable, because this growing problem is attracting increasing media attention. But finance professionals must also be aware of the dangers and challenges of corporate identity theft. This can result in loss of company assets, bank accounts can be emptied by fraudsters who have appointed themselves company directors, criminals can trade under the company name or use it to buy goods and services, and auditors can find themselves unwittingly involved in crimes.

Corporate identity theft is an area where information and communications systems are both boon and burden. They make it easier for fraudsters to collect personal information and use it to impersonate either a business or one of its directors or employees, but they can also be used to minimise the threat.

Although some of the methods fraudsters use to collect information are very low-tech (such as searching through rubbish), the Internet has created a whole new world of possibilities. So we all need to be conscious of scams such as phishing and spoofing, and appreciate the danger of divulging personal and business information via e-mail or other electronic means. We must also be aware of the risks posed by ‘social engineers’ – criminals who use telephone calls or personal encounters to try to extract information.

Phishing involves sending false e-mails to a wide audience, e-mails which often ask the recipient to reveal personal or company information. When the messages are designed to look as if they come from a recognised source, such as a bank, this is called spoofing. But as well as using e-mail, spoofers send messages directly between computer systems, using fraudulent IP (Internet Protocol) addresses to make them seem legitimate.

Absolute protection does not exist, but it is possible to reduce the risk. Never reveal confidential or sensitive information in an e-mail. If you receive one that includes a link to a page that appears to be from a trusted source, check the legitimate e-mail address and input it manually, just to be sure. A firewall can filter out some spoof IP addresses, and encryption can make e-mail messages more secure. The registrar of companies is popular with corporate ID thieves, because it is easy to submit paper forms to alter the registered company address, change or appoint directors, or file accounts audited using a stolen identity. So if an electronic filing system is available which requires passwords, confidential authentication codes, and recognised e-mail addresses, it is prudent to use it. Protecting an organisation is a lot less complex and costly than dealing with the aftermath of corporate identity theft.

 

"Corporate identity theft is an area where information and communications systems are both boon and burden. They make it easier for fraudsters to collect personal information and use it to impersonate either a business or one of its directors or employees, but they can also be used to minimise the threat"