Financial Fraud

Business identity theft is alive and well

And it can happen to your business.

Criminals do not discriminate – any type of business or organization of any size or legal structure including sole proprietorships, partnerships, LLCs, trusts, non-profits, municipalities and county governments, school districts and corporations are all targets for business identity theft.

What exactly is business identity theft? First, let’s clarify that we are not talking about an information security breach or an incident involving the loss or theft of confidential consumer information. Rather, business identity theft discussed here involves the actual impersonation of the business itself.

It happens when criminals pose as owners, officers or employees of a business in order to get their hands on cash, credit or loans, leaving the business on the hook to deal with the debt. A favorite tactic of identity thieves involves the theft of the tax identification number (TIN) or employer identification number (EIN) of the company or the owners’ personal information to use that data to open new lines of credit or obtain a business loan based on the company’s identity.

Another common form of business identity theft occurs when criminals file fake documents with the Secretary of State’s office to change company information such as its registered address or the names of directors, officers or managers. Once the records have been changed, the identity thieves can establish lines of credit or new accounts with the false information.

Other examples of the fraudulent use of a company’s information include current or former employees making use of their access to financial documentation; establishing a temporary office space or merchant accounts in a company’s name; going through a business’s trash and recycling bins to find account numbers or other sensitive data; using phishing attacks or other scams to get the business’s banking or credit information from employees; and filing for tax credits with stolen EINs.

Businesses are an attractive target for identity thieves. Generally speaking, a company will have higher credit limits than an individual, so opening a new account or line of credit in a business’s name will yield more cash for a criminal and larger purchases will receive less scrutiny. Perhaps most frustrating, companies are required by law to report certain identifiers (an address, EIN/TIN, and names of directors in most states), meaning the information is publicly available and easily accessible to anyone.

The invoicing and payment terms typically available to businesses can also work against them. Identity thieves may have a window of up to 30 days after a purchase to disappear before a company detects a problem – and even longer if the thieves use a different address.

Unfortunately, business identity theft is an underreported crime for a variety of reasons. Companies often have no idea their identity has been compromised until they begin receiving unfamiliar bills and collection notices when it is already too late to stop the thieves. Government agencies receive frequent requests for changes to company information and an address change is unlikely to raise red flags. Some businesses aren’t paying close enough attention or fail to caution employees about the possibility of phishing scams, while others may be embarrassed or concerned about their reputation with customers and don’t want to report what happened.

Given the underreporting problem, statistics on business identity theft can be hard to come by. However, the Internal Revenue Service (IRS) said it has seen the number of corporate tax returns flagged for potential business identity theft increase exponentially in recent years, from 350 in 2015 to 4,000 in 2016 with a jump to 10,000 in only the first six months of 2017. The cost of the damage has also risen dramatically, from $122 million in 2015 to $268 million the following year and $137 million for just the first half of 2017.

Importantly, these numbers reflect just one of the many forms of business identity scams.

What can companies do to protect themselves? Click here for a checklist of the most important steps for prevention and what to do if your business becomes a victim.

April 12th, 2018|Criminal Activity, Fraud, Security|

Insider trading enforcement actions continue as SEC’s top priority

Illegal insider trading generally occurs when a security is bought or sold in breach of a fiduciary duty or other relationship of trust and confidence while in possession of material, nonpublic information. In recent years, the SEC has filed insider trading cases against hundreds of entities and individuals, including financial professionals, hedge fund managers, corporate insiders, attorneys, and others. In 2014, examples of noteworthy cases include enforcement actions against the following:

Two husbands on March 31, 2014 – In two unrelated cases, the SEC charged two men with insider trading on confidential information they learned from their wives about Silicon Valley-based tech companies. Each agreed to financial sanctions to settle the charges.

Stockbroker and law firm clerk on March 19, 2014 – SEC charged two individuals who were linked through a mutual friend, with insider trading for $5.6 million in illicit profits based on nonpublic information that the clerk obtained by accessing confidential documents in law firm’s computer system.

Wall Street investment banker on February 21, 2014 – SEC charged an investment banker with making nearly $1 million in illicit profits by insider trading in a former girlfriend’s brokerage account to pay child support.

Chicago-based accountant – SEC charged an accountant with insider trading ahead of the release of financial results by the company where he worked. The individual made more than $250k in illicit profits.

May 14th, 2014|Fraud|

SEC’s whistleblower program gains momentum

On November 15, 2013, the SEC released its third annual Whistleblower Report to Congress. According to the report, In the fiscal year 2013, the SEC paid four major awards, one of which was for over $14 million for information leading to an enforcement action that recovered substantial investor funds. Three other payments totaling $832k were made for information regarding a bogus hedge fund.

The report states that the number of complaints and tips increased from 3,001 in the 2012 fiscal year to 3,238 in 2013. The three most common complaints or tips were about corporate disclosures and financials, offerings fraud, and manipulation. The number of FCPA-related tips also rose, from 115 to 149.

December 9th, 2013|Fraud|

Historical investment fraud sweep compels numerous civil and criminal actions

On December 6, 2010, the Financial Fraud Enforcement Task Force announced the conclusion of Operation Broken Trust, the largest investment fraud sweep ever conducted in the United Stated. Started August 16, 2010, the operation captured 343 criminal defendants and 189 civil defendants who were involved in fraud schemes that harmed more than 120,000 victims throughout the country. The criminal cases involved more than $8.3 billion in estimated losses and the civil cases more than $2.1 billion. Eighty-seven defendants have been sentenced to prison, including several who will serve more than 20 years.

The sweep focused on fraudsters who offered “investment opportunities” that were either completely fictitious or not structured as advertised. An overwhelming number of these were high-yield investment frauds and Ponzi schemes. Others involved commodities fraud, foreign exchange fraud, market manipulation (pump-and-dump schemes), real estate investment fraud, business opportunity fraud, and affinity fraud. Some of the perpetrators filed for bankruptcy in an attempt to avoid claims by victimized investors. In many instances, the criminals were trusted people within their communities—neighbors, co-workers, fellow church members—who betrayed that trust in order to line their own pockets.

December 10th, 2010|Criminal Activity, Fraud|