Dun & Bradstreet Cracking Down on Business Fraud Leave a comment

A Sharp Uptick in Business Identity Theft

The COVID’19 pandemic has left the entire world’s economy in a standstill, and identity thieves are using this economic downfall as an opportunity to steal more identities for personal benefits.

The thieves have been targeting small businesses to run unauthorized lines of credit since ages, and are now using their illegal accesses to get pandemic assistance loans and unemployment benefits.

With the increase in identity theft cases, more and more people are gaining awareness regarding it. However, several entrepreneurs and people in business are unaware of the possibilities and the amount of damage they can cause. Identity thefts are far more destructive when they’re targeted on small businesses.

The pandemic’s economic crisis has led many businesses to go bankrupt, allowing thieves to make them an easy target for financial assistance loans and unemployment benefits. There are way too many businesses identity thieves can attack, which has led to an exponential rise in theft cases and crime rates worldwide.

Dun & Bradstreet is a data analytics company that does checks on companies to estimate their business history and trustworthiness before the company is eligible to open a new line of credit. Creditors mainly approach dun & Bradstreet before they grant a loan to a company.

According to studies carried by Dun & Bradstreet, the increase in business identity theft cases for the year 2019 saw a rise of over 100% cases. At the same time, crime rates have skyrocketed and increased to over 250% cases in 2020, as identity thieves took complete benefit of the pandemic lead crisis.

According to the team leader of the Global high-risk and fraud team at Dun & Bradstreet, “The ferocity of cybercriminals to take advantage of COVID’19 uncertainties by preying on small businesses is disturbing”.

An identity thief’s gang that operates from Florida and Georgia has been silently monitored by a cyber intelligence firm Hold Security. Hold Security monitored the communications between the gang that was targeting the USA for their dirty work. The communications being monitored brought forward a clear picture of how identity thieves operate, helping people better understand how to avoid being a target.

Alex Holden, Hold Security founder, revealed that identity thefts target active, dormant, and inactive businesses as well. Initially, the gang does their homework on the company’s official ownership records accessible through the Secretary of State website. Once the gang is aware of the targeted company’s owners and officers, they use dark websites to reveal their Social Security and Tax ID. The gangs often have online sources that allow them to hack into personal accounts.

After the owner’s information is revealed, the thieves steal their identity and prove ownership over their company with the help of low-wage image editors who edit and Photoshop several original documents, including tax and utility bills.

The identity thieves then file fabricated documents with the secretary of state’s office in the name of the business owner, but the mailing address given is of their own. The scammers also create fake email IDs that mimic the owners’ names to make the setting seem more genuine and even list the email address to renowned websites.

Once the thieves get hold of the owner’s identity, they attempt to hijack the accounts of the target company present at Dun and Bradstreet. The process of hacking an account at DNB is done by requesting a new DUNS; an exclusive nine-digit number used to identify businesses.

Once the hackers have gotten into the businesses DNB accounts, they start to apply for credit lines by labeling them as Office Depot, Home Depot, and Staples, etc. Once they start stealing in the name of the company, the targeted company will most probably get calls from debt collection companies, and this is the first indication that they’ve been targeted by identity thieves.

Holden claimed that the thieves are mostly targeting small companies that are usually active but aren’t at the moment due to the pandemic. The scammers are a group of four to five people that each has an individual role. The team lead assists the people and manages the work; another member seems to take charge of the payments that are sent out for the reactivation of small business through the secretary of state’s website. The payments are also made through dark websites. There’s one team member who manages the business documentation, editing, and uploading them on various websites. Whereas some members-only keep an eye out, for the businesses that can be targeted in the future.

The identity theft gang seems to be quite successful at reviving businesses and starting new credit lines. According to Holden, the gang has a 20% success rate out of all targeted companies.

As soon as the pandemic led to an economic crisis, the gang’s focus shifted towards using their businesses access to apply for SBA loans and unemployment benefits. Things added up because the gang already had access to the business accounts, and it was easy to get loans and benefits considering the circumstances COVID’19 had led to.

Phantom Offices

Hold Security got into data that the gang had put together, including a list of all the companies targeted for identity theft. On top of the list, there was Dun & Bradstreet, and their login was mentioned as well. Though DNB did not comment on the matter, they mentioned that they were working with state authorities to spread awareness and alerts to businesses that were affected and state regulators alongside.

After studying the data revealed by Hold Security, it came to notice that another company by the name Environmental Safety Consultations Inc. was targeted as well. The company is 37 years old and is a famous environmental engineering company. The owner of the company Scott Russell informed authorities that identity thieves about two years ago targeted his company. The owner was unaware of the theft until he started receiving calls from Home Depot’s corporate offices, inquiring about the company’s delinquent account. The phone call made the company’s owner suspicious, and he, later on, realized there was unauthorized activity on behalf of the company’s name.

The entire situation became clear about a year ago when Russell realized the severity of the theft. The owner received a call by an office manager who informed him about numerous deliveries sent to an office space, which was rented out in his name.

Russell did not rent out any office space or even order any parcels. After digging deeper into the case, it was revealed that the scammers had rented a lease in his name, using another person’s credit card. The copy of the lease included a fraudulent ID card and an insurance card of a land cruiser that Russell sold 15 years back.

After further investigation, it was found that the crates and boxes being delivered to the rented office contained computers and other expensive items. The items were ordered on different credit cards, none of which belonged to Russell. The value of the ordered items was estimated to be around 75’000 USD.

Russell made several calls to office depots and made it clear that they must not accept any shipments made under his name or addressed to him. Russell added that “It was quite spine-tingling to see someone penned a lease in the name of my business and personal identity.”

Russell stated that he visited the local county sheriff’s office and showed him all the documentation while explaining the scenario. Still, the sheriff appeared least interested and yawned, claiming that he’ll get back to it.

Russell did mention that the virtual office manager showed some interest and photocopied the driver’s license, who arrived to pick up the fraudulent shipments. Still, the local police were not bothered.

Recycling Victims

According to Russell’s analysis, the frauds initially started new credit lines in his name and then used those credit lines to fraud others similarly.

Another victim obtained by Hold Security is Mary McMahan, the owner of Fan Experiences – an event management company based in Winter Park, Fla. After investigation, it was revealed that part of the products fraudulently being shipped to the office space rented in Russell’s name was delivered in the name of Mary’s company ‘Fan Experiences.’

Mary’s company suffered from a loss of hundreds of thousand US dollars and a massive investment in reclaiming and restoring her company’s credit.

McMahan stated that she initially noticed something was fishy around four years ago when someone started making fraudulent credit cards in her company’s name. Her company was then used to open a new lease on a virtual office space located in Florida. The office space was used to deliver fraudulent packages, which were linked to several other companies that were victimized by identity theft.

McMahan told authorities that the thieves stole a lot from her business in the name of her company, and her credit was hit hard with numerous new credit lines. There were many credit lines, including Home Depot, Office Depot, Office Max, and whatnot. Two years later, the same incident took place, and her credit was once again taken down. The thieves even went to the Florida Department of Motor Vehicles to get a driving license made in Mrs. McMahan’s name.

Just as mentioned by Hold Security, the scammers managed to hack into McMahan’s DNB account. She reported that they began to add new officers and locations for her business listings. The thieves even changed her email and mailing address after hacking into her account, and then later on edited and added false information on renowned websites.

After facing immense loss due to identity theft, McMahan locked down her personal and business credit. She secured her credit so well that it became tough for her to start a new credit line. This was the only way she could make the theft was not to happen again.

She also mentioned, “There is no way they can utilize me anymore because there are so many marks on my credit, stating that it has been stolen.” She also stated that “These guys are relentless, and they recycle victims to defraud others until they figure out they can’t recycle them anymore.”

Just as Russell stated that the local police showed minimal to no interest in the matter, McMahan stated the same. She had visited the local police, but up to date, there has been no action taken in favor of her cases.

Monitoring Your Business Credit

McMahan now pays over a 100 USD to DNB, ensuring that they keep a check on her business credit profile, and make sure there isn’t any illegal activity. Duns and Bradstreet offer a free version of credit monitoring called Credit Signal, which allows users to check their business credit scores and see their credit history for up to 14 days. The credit can be checked for free up to four times per year. For those who want a more scrutinized and regular credit profile check, there are specific credit inquiries that allow checks more frequently and are subscription-based.

Eva Velasquez, president of the Identity Theft Resource Center (A non for profit organization in Florida that assists ID theft victims), has problematized the service mentioned above.

Eva stated “When we look at these institutions that are necessary for us to operate and function in society and they start to charge us a fee for a service to fix a problem they helped create through their infrastructure, that’s just unconscionable” she continued stating “We need to take a hard look at infrastructures that businesses are beholden to and make sure the risk minimization protections they are entitled to are not fee-based – particularly is it’s a problem created by the very infrastructure of the system.”

Eva’s point validates the fact that the lack of corporations and authorities’ ability to protect small or large businesses and avoid identity thefts shouldn’t be an added expense on those running businesses. The protection of businesses from illegal and unlawful activities is the right of business owners and should be provided free of cost.

Velasquez stated that it’s unfortunate to see small business owners aren’t given the leverages and protection that consumers have. For instance, in recent affairs, the three major consumer bureaus allowed all US residents to freeze their credit files free of cost.

According to Eva, the effort put towards spreading awareness regarding identity theft has been quite successful. People are now educated and aware enough to understand the risks and severity of identity thefts. Similarly, the efforts put towards compelling the infrastructure to provide consumer protection and a more uniform risk minimization process has also been slightly effective. Though Eva added that there are still many loopholes, it’s better for consumers than it is for businesses. Eva has urged that small businesses are often held responsible for things that are supposed to be the responsibility of the infrastructure and lack of proper design.

Instead of fixing the system that is not capable of protecting small businesses, the owners of businesses are told to turn to state agencies or DNB to pay for their business’s Security. The owners of small businesses have to keep frequent checks on their credits with DNB and state agencies while paying to monitor their business’s line of credits.

Though DNB has played its part and has added a blog that outlines the recommendations for businesses to protect themselves from identity thieves, DNB has also mentioned that any business that suspects fraudulent activity on their personal business accounts can instantly contact their support team.

The rise in identity thefts has taken the business world by storm, and all business owners must be vigilant and attentive to ensure they aren’t a victim of the dreadful thefts. The gang of scammers is highly dangerous and can lead to immense loss amongst businesses. With the help of awareness and more frequent checks on business accounts, owners can be aware and attentive in case of any irregular activity. If any unusual activity is noticed, owners can contact DNB’s support team for help and guidance.