It is one of the reasons many individuals now subscribe to credit reporting services, so they can be alerted whenever an application for a loan or credit card is submitted in their name.

Whilst there is widespread awareness of the risks of personal identity theft, far fewer people have stopped to consider the rise of business identity theft.

What is Business Identity Theft?

Business identity theft is where a fraudster seeks to impersonate a business, or specific individuals within a business, in order to obtain financial gain. Whilst the fraudster may seek to obtain loans or credit cards in the name of the business, there are a range of other attack vectors associated with business identity theft.

Most notably, a fraudster may seek to impersonate a business’s CEO or CFO in order to issue realistic instructions, usually via a compromised email account, to the accounts payable team to make electronic funds transfer payments to the criminal’s own bank account. Businesses that process large volumes of invoices are likely to be particularly targeted in this type of scam.

According to the Australian Institute of Criminology (AIC), instances of serious identity theft are increasing at an alarming rate. The AIC defines an instance of identity theft as “serious” if it meets one of the following criteria:

  • A high level of financial loss (over $1.5million).
  • A high degree of sophistication in the planning and execution of the offence.
  • An offence committed by professionals (such as solicitors, accountants, financial planners or mortgage brokers) who breach clients’ trust.

According to this definition, the AIC estimates that serious identity theft cost Australia over $423 million in the financial year 2018-2019.

The Australian Federal Police (AFP) is at the forefront of national attempts to prevent the spread of this type of crime. It recognises that identity crime need not involve impersonating individuals, but rather may involve impersonating corporate entities. It defines identity crime as a generic term to describe activities in which a perpetrator uses either a fabricated identity, a manipulated identity or a stolen/assumed identity to facilitate a crime.

The AFP has identified three key categories of identity crime:

  • Identity fabrication – the attempt to create a fictitious identity.
  • Identity manipulation – the attempt to alter one’s own identity.
  • Identity theft – the attempt to steal or assume a pre-existing identity (or significant part thereof), with or without consent.

What are the Effects of Business Identity Theft?

Whether a business’s identity is being fabricated, manipulated or outright stolen, the effects can be devastating for shareholders, employees and customers. It’s a serious and growing risk which every organisation, big or small, should be taking steps to prevent.

For fraudsters, the potential returns from engaging in business identity theft are far higher than individual identity theft. When a business is confronted with fraudulent loans or credit cards being taken out in its name, it faces an arduous task to clean up the mess. Whilst it may be possible to have the issuing bank void the losses, the problem is more complex in the case where funds have been wired to a criminal’s bank account. Usually, these funds are irretrievable.

Beyond the direct costs of such fraud, businesses will likely face a number of other significant challenges, including:

Impacted cash-flow

When a business has its identity stolen, the resulting lost income can make keeping up with bills payments a significant challenge. Consequently, there may be delays in the business’s capacity to make payments to suppliers, keep up with wages bills, not to mention the possibility of defaulting on loan repayments. The business may be forced into a position where it has to rapidly cut costs.

Impacted credit score

We know fraudsters regularly use stolen identities to apply for loans or credit cards. This could negatively impact a business’s credit score, making it harder to obtain financing in the future. This risk is particularly high for sole traders and other small businesses, where the owner is personally guaranteeing lines of credit. It could result in the owner’s personal credit score also being negatively impacted.

Impacted brand reputation

When a business is a victim of identity theft, it can have long-lasting effects on the brand. Customers, suppliers and other commercial partners may perceive that the business is insecure. This may lead to questions around whether the business’s information security controls can be fully trusted. The result could be lost market share and revenue.

Top Business Scams to Watch Out

Identity thieves are always on the lookout for new ways to steal your hard-earned money. They might hack into a small business’s website or contact database, looking up information about you that they could then use in an attempt at fraud — like changing their name and sending out bills under yours!

Whether an organisation’s identity is being fabricated, manipulated, or stolen, the effects can be devastating. These can include significant financial losses and impacted cash flow, damaged reputation, and long-term business disruption. CFOs must familiarise themselves with the type of attacks that can occur, we have listed some business scams that CFOs should watch out for:

Fake Invoices

Fake invoices are a type of business identity theft where criminals pose as legitimate businesses to trick victims into paying phony invoices. This scam is usually carried out by email, but it can also happen over the phone or through the mail. Fake invoices can be very convincing, so it’s important to be aware of the signs of this type of fraud. For example, you should be suspicious if you receive an invoice for an unexpectedly large amount of money, or if the invoice is from a business, you’ve never dealt with before. If you’re unsure whether an invoice is legitimate, always contact the company directly to confirm before making any payments. By being vigilant, you can help protect yourself and your business from fake invoices and other types of scams.


Another common business scam is phishing. In a phishing scam, a fraudster will pose as a legitimate company or individual to obtain sensitive information from you or your employees. They may do this by sending an email or text message that appears to be from a reputable source but contains a link that leads to a fake website. Once on the fake website, victims are typically prompted to enter personal or financial information, which is then used by the fraudster for criminal purposes. To protect yourself and your business from phishing scams, never click on links in emails or text messages unless you are certain that they are legitimate. If you are unsure, you can always contact the company.

Money Mule

Money mules are individuals who act as intermediaries in business identity theft schemes. Typically, a money mule will be recruited through some type of business opportunity or scams, such as a fake work-from-home offer or an advanced fee fraud. Once the individual has been recruited, their personal information is often used to open fraudulent business accounts and obtain business loans, credit cards, and other lines of credit that the mule then passes on to the criminal behind the scam. While these individuals do not benefit directly from the fraud, they are still held liable for any financial losses incurred because of their participation. Because of this, it is important to avoid any business opportunities that seem too good to be true and to report any suspected identity theft scams immediately.

How Can I Prevent Business Identity Theft?

Whilst businesses should seek to prevent all instances of business identity theft, in the event of fraudulently obtained loans or credit cards, banks will typically void these.

However, in instances where the business identity theft was used to deceive your accounts department into making electronic funds transfer payments to the criminal’s bank account, this can result in irreversible financial losses.

That is why you need a technical solution in place that can warn the accounts payable team that it may be transferring funds to an illegitimate bank account. Eftsure’s unique software integrates seamlessly with your online banking and ERP platforms to highlight suspicious outbound payments before they are sent. This gives your accounts team the opportunity to verify any funds before they click “send”.

If you suspect that your organisation is a target of business identity theft, you should report this to the Australian Competition and Consumer Commission’s SCAMWATCH.

SCAMWATCH provides information to consumers and small businesses about how to recognise, avoid and report scams. By reporting any suspected scams, you’ll be helping the authorities understand the scale of the threat, allowing them to raise awareness so others can avoid being victims.

Key Takeaway

Business identity theft is a serious problem that can have devastating consequences for a company. As a CFO, it’s important to be aware of the risks and take steps to protect your business. business identity theft occurs when criminals use a business’s information to open new accounts, obtain loans, or make purchases. This can damage the business’s credit rating, cost the business money, and lead to investigations by law enforcement. To protect your business, be sure to carefully monitor your accounts and report any suspicious activity immediately. You should also have strong internal controls in place to prevent unauthorized access to your business’s information

Contact eftsure for further information on how this unique Australian platform can help you avoid becoming another business identity theft victim.

Contact Us
Get in touch to find out how eftsure can help secure your payment system.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.