Challenges small businesses face with regards to identity theft:
• They don't anticipate they could be targets and they are complacent about a number of areas of the business that could make them targets.
• Their internal controls tend to be much more lax than larger businesses.
• They can have good credit ratings or valuable assets that make them attractive targets.
• Fewer staff means red flags often don't get raised and fraudsters can slide in under the radar.
• They can be a little too willing to suspend disbelief when easy money is apparently coming in the door.
Reid Lester, lawyer at Laishley Reed LLP
.
Examples of crimes committed involving identity theft:
(Note there are a range of frauds, some of which are directly labelled ‘identity theft,' and others that are similar in nature.)
• A law firm is retained by a client that asks the firm to collect on a debt for it. After a demand letter is sent, the debtor pays the debt by way of certified cheque. The “client” then gets the firm to wire the funds to a foreign destination. It turns out the “certified cheque” was counterfeit and the law firm is out of pocket the full amount. A variation on this scam involves a “client” paying a small business with a cheque for an amount larger than the amount owed. The “client” then says, “Oh, sorry for the overpayment. Could you please take what we owe you out of that cheque and then wire the balance to a bank on the other side of the country?” The cheque is counterfeit, and the small business is then out of pocket for the value of the wire transfer.
• A municipality pays its contractors by electronic fund transfer (EFT). The municipality therefore has the account info for each contractor. A person calls the municipality to advise that the contractor has moved offices and changed bank accounts. The office clerk at the municipality duly changes the account info in the computer system and the next large payment to the contractor goes to a “rogue” bank account and the money is immediately withdrawn.
• A company deals with a lot of EFTs. It is in the process of moving head offices, so it is not checking and reconciling its bank account statements at the end of each month like it should. A rogue manages to obtain a cheque or a letter from the business that has authorized signatures on it. The rogue then scans the signatures onto a letter, which it faxes to the company's bank, asking the institution to wire a large amount of money to a foreign bank. The bank does this. In this case, because the company is not checking its accounts regularly, this same fraud happens twice more before the fourth attempt is detected and prevented.
• A fraudster rents out virtual office space and uses the same name as that of a real business. This can be done by using a similar name, or by obtaining certain information from the real business that it then uses to pass itself off as the legitimate business. This type of information can be obtained in the mail, or by going through the legitimate company's garbage, or through the use of an insider at the legitimate company. The fraudster then takes advantage of the legitimate company's good credit rating to order a bunch of product, only to have the invoices sent to the legitimate company for payment.
• An insider at a small business obtains certain confidential bank-account information and uses this info to arrange for funds to be wired to different accounts controlled by fraudsters. This info can also be given out inadvertently by the small business either by chatting a little too openly on the phone, or by not keeping such information strictly confidential when dealing with vendors, or by responding to “phishing” e-mails that solicit this type of info.
• With electronic registration of real property transfers, there are a lot of instances of mortgage fraud these days where a fraudster manages to register a transfer of title to a property to himself, or to an alias, and then obtain a hefty mortgage on the property.
