Small Business Review

Support | Contact Us | Advertise

Subscribe to our FREE Newsletter

About Us

Small Business Review is published by Penton Media for successful small business owners and executives.

For information
click here.

Resources from our Partners

A Fix for Health Care? More Americans are opening tax-free health savings accounts to hedge against soaring medical costs. Find out more in a Special Advertising Supplement from Fortune/Money Group Custom Projects.

Finding growth strategies for small businesses. Click here to learn more.

Newsletter

Click here for the latest issue.

Subscribe here to our FREE bi-weekly newsletter.

Identity Theft, Business Style

By Janet Arrowood

How to protect yourself from “phishers” and dumpster divers

The headlines are filled with cases of identity theft and fraud. Driver’s license bureaus burgled, Social Security number lists sent to prison inmates, schools posting personal data on the Web, “phishing” and other computer-based attacks. Newspapers and magazines have shown—in painful detail—how victims struggle to untangle the mess left by identity thieves, reclaim their identities and reinstate their good credit.

What you don’t read much about is what happens to small businesses when their IDs are stolen. Your company has as much—or more—to lose as you do as an individual. Not only do you face problems with creditors and vendors, but you could also find yourself unable to fill orders and conduct business normally, potentially costing you customers.

Identity thieves usually go after small businesses by pilfering an Employer Identification Number. Like your personal Social Security Number, your EIN is tied to your bank accounts, billing system, tax statements and other financial documents. With your EIN and a few other bits of information, crooks can obtain credit and loans and order merchandise in your name—just as they do when they steal a Social Security number. Protect your EIN as you would your SSN.

The Bad Guys are Going “Phishing”

These days, one of the most popular tricks is “phishing,” which involves using fraudulent email to obtain your EIN or SSN. Yi-Chun Kuo, Assistant Vice President at a Wells Fargo branch in Denver sent this example of a typical phish note:

Dear Customer:

We’ve noticed that you experienced trouble logging into Wells Fargo Online banking. After three unsuccessful attempts to access your account, your Wells Fargo Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Wells Fargo is committed to making sure your online transactions are secure.

To unlock your account, and verify your identity, please follow this link and sign in:

If you click on the link and follow the instructions, you give the thieves the information they need to break into your corporate account.

Something’s Phishy

Legitimate financial companies don’t solicit or send sensitive information via unsolicited email. Receiving this type of message should be your tipoff that it’s not for real.

Phish mail seems to find its way everywhere. Alumni Consulting Group, an information technology recruiting firm in Greenwood Village, Col. that has its own domain name and top-of-the line spam protection, frequently gets phishing spam, including that Wells, which arrived this week.

“There is no way to completely stop the ‘phishing, emails,” says CEO Jim Hertzel. What you can do, he says, is to make sure all your employees are trained to ignore such messages, which may appear to come from eBay or PayPal or Verizon or Amazon or a major bank. “Tell them not to click on any links or otherwise respond to the messages,” Hertzel says. If you do have a business relationship with that vendor and you think this might be a legitimate communication, open a new browser window and contact the company directly. “This allows us to know with whom we are dealing,” says Hertzel.

The Worm Turns

Ever wonder how spammers and phishers get your email? They collect addresses through computers that have been infected by worms, which collect and retransmit email lists in the infected computer. To be safe, use SHIFT + DELETE to remove suspect emails. That way they don’t sit in a “Deleted Files” folder.

What can you do to avoid becoming a victim of business identity theft or fraud?

Grove highly recommends using electronic payment forms rather than paper ones. Wire transfers, ACH payments, and so forth are much more secure than paper checks. If someone gets your check, especially if your EIN is on it (as it would be for a tax deposit, say), he has everything he needs need to impersonate your business. Electronic banking and transaction networks use passwords and messages that are encrypted to hide their contents. These systems have proven fairly hacker-proof.

Shred Your Way to Security

Indeed, identity theifs do pretty well by stealing the old-fashioned way: Picking paper credit-card solicitations out of the mail or out of the trash. If you have listed your company in a business database, taken a business loan or used a business credit card, you may have noticed that your office mail soon began to look like your residential mail—chock full of juicy offers for credit cards and low-cost (at first!) financing. The difference is that you can tell your credit card issuers that you don’t want to share your home address with other marketers and you can register with services that will get your home address off of direct-mail lists. But there is no similar system for business mail.

Businesses can contact individual mailers and ask to be taken off solicitation lists, but that’s not foolproof (there are always new lists for sale and new marketers targeting small business). So, you’re going to wind up receiving some offers. The key is to dispose of them in such a way that they can’t be retrieved by dumpster divers. Don’t simply tear the offer in pieces and throw them in the trash. Invest in a good cross-cut shredder, or hire a professional shredding service. (Shredders should also be used on any paper that has your EIN number, employee information and any confidential information). And, if it makes you feel better to do so, by all means ding the mailers by returning their prepaid envelopes—but don’t put the offer back in, even if you have torn it up in little pieces to show your wrath.

Unshredded office trash can be a treasure trove for identity thieves, who look for:

  • Discarded credit card and loan applications
  • Papers with your EIN on them
  • Bank statements
  • Papers with names and SSNs on them
  • Copies of sensitive business data
  • Copies of personnel data and records
  • Correspondence
  • Tax returns and filings
  • Corporate papers

Business identity theft and fraud are new, but growing trends. “One of our fastest growing expenses is fraud prevention,” says Kelso Kelly, regional president of First Community Bank of Colorado in West Denver. Kelly and other experts encourage business owners to:

  • Bank electronically
  • Never respond to unsolicited emails that ask for business or personal data
  • Shred documents with a cross-cut shredder
  • Make sure you or a trusted manager sees the mail when it comes in.
  • Consider using a post office box to get your mail
  • Use electronic payment methods rather than paper checks
  • Be very careful who gets your EIN or other sensitive data
  • Check your bank and credit card statements at least weekly
  • Don’t leave your computer, briefcase, or checkbook in your car


Resources

Finance»
An objective site for your personal financial needs, including advice, calculators and rate comparisons. Small business section includes calculators to determine debt to asset ratios, gross profit margins, operating profit percentages.
Accounting»
Everything you need to account for every dollar—CPAs, software, etc.
Taxes»
Want to save on taxes? Find the best resources for small business tax management here.  
Legal and Regulatory Info»
Protect your business and your intellectual property. Learn where you stand on government regulation.
Government»
How can government help your business? We help you count the ways.
Technology»
Need a shortcut out of a tech jam? Are you confused about how to use technology to boost productivity? You’ll find all the experts here.
Travel»
Looking for trade shows and industry meetings to help your business grow? Need great deals on business travel. This is the destination.
Estate Planning»
Worried about holding on to your assets and taking care of your family? Estate planning experts can help.

Back to Top