Identity Theft and Corporate Fraud: What Businesses Need to Know

Identity theft is not just a consumer problem. Businesses are also targeted through corporate identity fraud. The consequences can include fraudulent credit accounts, unauthorized contracts, tax liability, reputational damage, and significant financial loss. Every business needs to understand how corporate identity theft works and how it connects to broader financial fraud.

What Corporate Identity Theft Looks Like

Corporate identity theft occurs when a fraudster uses a company's name, tax identification number, or other identifying information to fraudulently get credit, enter contracts, file documents, or impersonate the business.

Common schemes include:

Business credit fraud. Using a company's EIN and business name to apply for credit cards, lines of credit, or equipment financing. The fraudster may open accounts under a slightly altered version of the company name and route statements to a different address.

Secretary of state filings. Filing fraudulent changes to business registration records, including changes of registered agent, officer information, or registered address. This can be used to redirect correspondence, hijack business assets, or enable further fraud.

Tax identity fraud. Filing false business tax returns using the company's EIN to claim fraudulent refunds. Businesses may not know that a return has been filed in their name until they try to file their own.

Vendor and customer impersonation. Impersonating a company's vendors or customers to redirect payments, modify payment instructions, or extract information. This overlaps heavily with business email compromise.

Fictitious business identity. Creating shell companies with names similar to legitimate businesses to deceive customers, investors, or counterparties.

Criminal Identity Theft

Criminal identity theft is a form of identity fraud with especially serious consequences for victims. It happens when someone uses another person's identity when arrested or questioned by law enforcement. The result is that criminal records, warrants, and other legal consequences attach to the victim's identity rather than the perpetrator's.

A version of this affects businesses too. Fraudsters use a company's identity to commit crimes, leaving the legitimate business to deal with the legal and reputational fallout. This can include using a company's business licenses or registrations to operate illegally, or impersonating a company to commit fraud against third parties.

How Businesses Discover Corporate Identity Fraud

Many businesses discover corporate identity fraud only after significant damage has occurred. Common signs include:

• Credit denials based on accounts the business did not open
• Tax notices about returns the business did not file
• Calls or correspondence from creditors about obligations the business did not incur
• Customers or vendors who report unusual communications from someone claiming to represent the company

Active monitoring can catch fraud earlier. This includes regularly reviewing business credit reports, monitoring state corporate filings for unauthorized changes, and verifying any changes to payment instructions or account information.

The Intersection With Employee Fraud and Insider Threats

Corporate identity fraud is sometimes committed by insiders. Current or former employees, officers, or contractors may have access to the business's identifying information and financial credentials. Former employees who keep system access, or who took sensitive information when they left, are a specific risk category.

Pre-employment screening catches many people with prior fraud history before they are hired. Our background investigation services provide thorough screening for key personnel, including financial background analysis, criminal history, and professional credential verification.

When an insider commits corporate identity fraud, the investigation requires both forensic accounting to document the financial harm and investigative work to establish the identity and actions of the responsible party. For externally committed fraud, the investigative approach differs but the forensic documentation requirements are similar.

Responding to Corporate Identity Theft

If your business has been the victim of corporate identity theft, take these steps:

• Report to the Federal Trade Commission and, for specific categories of fraud, to the relevant regulatory agency. The IRS has specific procedures for business identity theft. The FTC's IdentityTheft.gov provides guidance applicable to both personal and business identity theft.
• File a police report. This creates a formal record that can be used in disputes with creditors, lenders, or tax authorities.
• Contact the three major business credit bureaus: Dun and Bradstreet, Experian Business, and Equifax Business. Place fraud alerts and dispute fraudulent accounts.
• Notify your state's secretary of state office if fraudulent corporate filing changes have been made.
• Work with an attorney and, if the fraud involved significant financial loss, a forensic accountant. They can document the full scope of the fraud, establish recovery options, and support any civil or criminal proceedings.

Our forensic accounting and investigation team helps businesses respond to corporate identity fraud. Corporate clients retain us for both the investigative response and the broader controls work that typically follows a confirmed incident: payment-instruction verification, vendor onboarding, and employee-access reviews. Contact us for a confidential consultation.

Industries at Elevated Risk

Every business is a potential target, but certain industries face corporate identity theft at higher rates and with greater financial consequences. Construction and contracting firms are often impersonated in equipment-financing schemes. Fraudsters exploit the industry's reliance on large equipment leases and the normal delay between application, approval, and delivery. By the time the legitimate contractor discovers the unauthorized financing, the equipment has often been resold and the proceeds moved offshore.

Professional services firms, particularly law firms and accounting practices, face a different risk profile. These firms routinely transmit large dollar amounts on behalf of clients, making them prime targets for wire-fraud schemes that combine email compromise with vendor impersonation. A well-crafted fraudulent email instructing a bookkeeper to redirect a closing wire can move seven figures in minutes. Firms that serve as fiduciaries face heightened regulatory and malpractice exposure when such schemes succeed. This includes firms handling escrow, trust accounts, or settlement funds. We work with law firm clients to investigate these incidents and document the evidentiary record needed for insurance claims and civil recovery.

Healthcare organizations, logistics companies, and any business with an extensive vendor network also face concentrated risk. The sheer volume of routine payment-instruction changes makes anomalies harder to detect. Staffing firms, franchise operators, and businesses with multiple DBAs are especially vulnerable to the fictitious-identity schemes described earlier. In these cases, a fraudulent entity with a nearly identical name operates alongside the legitimate business for months before detection.

Building a Prevention Framework

Prevention is far less expensive than response. A practical framework starts with access control and credential hygiene. Every EIN, state registration number, banking credential, merchant-account login, and payroll-provider credential should be inventoried, with documented ownership and periodic review. When employees leave, offboarding should include confirmed revocation of every credential associated with that person, not just email and network access. Credentials stored in personal password managers, written on paper, or shared informally across a team are the entry points that external fraudsters and departing insiders both exploit.

Second, establish dual-control procedures for high-risk transactions. Verification by a second authorized person through a separate communication channel should be required for:

• Any change to a vendor's payment instructions
• Any new credit application in the company's name
• Any change to corporate filings
• Any wire transfer above a defined threshold

A phone call to a known number, not to a number provided in the suspect email, remains one of the most effective single controls against payment-redirection fraud.

Third, monitor continuously rather than episodically. Quarterly reviews of business credit files, monthly reviews of secretary-of-state filings, and real-time alerts on EIN activity where available will surface most incidents before they escalate. Our security consulting engagements often begin with a controls assessment that identifies gaps in these monitoring routines and recommends specific, proportionate remediation.

Fourth, conduct enhanced due diligence on counterparties before entering significant financial relationships. Many corporate identity fraud losses occur not because the victim company was impersonated, but because the victim was deceived by a counterparty that was itself a fictitious or hijacked entity. Formal due diligence on new vendors, acquisition targets, joint-venture partners, and unusual buyers protects against both direct fraud and reputational contamination.

Preserving Evidence and Supporting Recovery

When corporate identity theft is suspected, the first seventy-two hours are critical for evidence preservation. Email headers, server logs, access records, and transaction metadata have finite retention windows. Instructing IT to "save everything" is rarely enough. Routine system operations can overwrite or alter data in ways that compromise admissibility. A forensically sound acquisition of relevant systems, performed before internal investigation begins, protects both the recovery effort and any later civil or criminal case.

Our digital forensics team acquires and analyzes email systems, endpoint devices, cloud accounts, and financial systems under chain-of-custody protocols. These protocols are designed to meet the evidentiary standards of federal court, state court, and regulatory proceedings. In coordination with counsel, this evidence supports claims against insurers, suits against originating and receiving banks, and referrals to law enforcement and the FBI's Internet Crime Complaint Center.

Recovery of stolen funds is time-sensitive. Domestic wire fraud losses can sometimes be reversed through the Financial Crimes Enforcement Network's Rapid Response Program if reported quickly through the correct channels. International losses are much harder to recover but not impossible. Investigators may trace funds through correspondent banks and identify receiving beneficiaries before accounts are drained.

When to Bring in Outside Investigators

Internal teams are rarely positioned to conduct a corporate identity fraud investigation on their own. This includes in-house counsel, accounting staff, and IT. The investigator needs several things:

• Independence from the people and processes potentially implicated in the incident
• Specialized knowledge of financial-fraud typologies
• Licensed authority to conduct certain kinds of inquiries
• The ability to testify as a fact or expert witness

Bringing in outside investigators at the earliest suspicion, rather than after internal efforts have stalled, preserves both evidence and privilege.

Businesses that suspect corporate identity theft, executive-level fraud, or coordinated insider activity should not wait for confirmation before seeking professional guidance. A preliminary consultation with experienced investigators often clarifies whether the indicators reflect an actual incident, a control weakness, or a misunderstanding. This allows the business to act proportionately and confidently. To discuss a specific concern with our team, visit our contact page or request a confidential consultation through our get started portal.