Posts

Showing posts with the label registry notifications

Business Identity Theft: How Corporate Hijacking Works and What to Do

The first clue is usually boring. A tax refund check never arrives. A state business-registry email says “access granted,” but no one at the company requested access. A bank fraud department calls about a business account the company never opened. A vendor asks whether “the new contact” is authorized to change payment instructions. Individually, each signal looks like administrative static. Together, they point to a growing problem: someone has stolen the company’s identity and is using government records, tax credentials, bank onboarding, and ordinary business paperwork to make the fraud look legitimate. This is not just business email compromise with a new label. It is corporate-record hijacking. The fraudster does not need to hack the company’s ERP system or empty a payroll account on day one. T he fraudster needs a public record that says the impostor is in charge, an EIN confirmation that appears to match, and an institution willing to treat internally consistent paperwork as pr...