7 business identity theft examples owners should know

Business identity theft happens when scammers use your company’s details to commit fraud. That can mean opening fake credit lines, hijacking your social accounts, or even filing phony tax returns in your business’s name.

It’s a widespread problem. A 2025 report from the Identity Defined Security Alliance found that 86% of businesses surveyed experienced an identity-related incident in the past year.

Keeping yourself and your team members informed is crucial. This post will give you real examples of business identity theft, the damage it causes, and simple steps to help you and your business stay protected.

1. Financial fraud

This is one of the most common — and often the most damaging — forms of business identity theft. Scammers use your company name, EIN (Employer Identification Number), or even bank details to:

• Open business credit cards
• Take out loans
• Make purchases with your credit
  

It can come from the inside, too. A fashion‑tech startup leader was indicted this year, accused of using forged documents, fake audits, and falsified financials to deceive investors in schemes totaling $300 million. Charges include aggravated identity theft, among others.

2. Tax fraud

If you suddenly get a rejection notice when trying to file taxes or the IRS flags suspicious activity, it could mean someone has already used your identity for tax fraud. Tax-related identity theft happens when someone uses your business’s EIN to:

• Claim fraudulent tax refunds.
• File fake employee forms.
• Trick the IRS into redirecting funds.

A 2023 IRS bulletin warned that scammers are increasingly targeting small businesses for tax fraud schemes. In 2025, the message was reiterated with this published guide.

3. Website defacement

If a customer lands on your website and sees a hacked homepage —or worse, gets malware — your reputation takes a major hit. Website defacement is when cybercriminals gain access to your site and replace content with their own. This could be:

• Political messages
• Offensive material
• Malicious links

One of the most famous examples of a defaced website was when the Impact Team breached Ashley Madison in 2015. In this example, hackers released a blackmailing statement on their homepage that threatened the release of customer information.

4. Social media impersonation

Cybercriminals don’t need to hack your business. Sometimes they just copy it. Oftentimes, this comes in the form of fake social media accounts. These imposters might:

• Phish your followers.
• Run scams under your name.
• Damage your brand.

Remember the great cookie controversy of 2024? Last year, Crumblgate happened in Australia, and many fell for it. Here’s how it worked: A faker promoted a Crumbl Cookie pop-up event in Sydney, Australia. But the catch? The company wasn’t involved.

A group of people just made a Sydney account for the company, flew in some cookies from the U.S., and charged $17.50 a piece. Lesson: Stay alert and claim your business name on all major platforms, even ones you don’t use actively.

5. Trademark ransom

Some scammers register your business name or logo before you do, then hold it for ransom. This tactic, sometimes called trademark squatting, forces business owners to pay a fee to reclaim their name or rebrand entirely to avoid legal issues.

It happened recently to Jools Lebron, the creator of the “very demure, very mindful” trend. As soon as it became a global sensation, someone trademarked her catchphrase so she’d have to pay to use it.

You should always register your business name and trademarks early to avoid losing control of your brand identity.

6. Employee identity theft

Cybercriminals may not go after the company itself — they may just go after your team. This type of identity theft can involve:

• Stealing Social Security numbers
• Hijacking payroll details
• Filing unemployment fraud in their name

Training your staff on how to spot phishing emails and protecting sensitive employee data is key to helping them avoid identity theft attacks.

7. Fake business filings

Scammers can file fraudulent documents with state agencies to take over your business registration. To do this, they might:

• Change the registered agent or mailing address.
• Appoint themselves as officers.
• Gain access to business bank accounts.

Be sure to check your business registration status regularly and keep your records up to date with your state.

How to protect your business

The key to protecting your business from cyberattacks is taking preventive measures before the attacks occur. If you want to help protect your business from identity theft, it’s best to take preemptive security measures. Here are some quick, but powerful, tips:

• Secure your sensitive data: Store any and all sensitive information, including employee information, financials, and tax records, in encrypted storage.
• Track your financial accounts: Monitor your bank and credit accounts for unfamiliar activity.
• Train your team: Educate employees on phishing and scams targeting business systems.
• Implement MFA: Multi-factor authentication adds a layer of security to your passwords.
• Limit account access: Give only necessary access to financial and admin tools.
• Monitor your social media accounts: Regularly check for impersonation or duplicate accounts.
• Report identity theft: Report any suspicious activity to the FTC, IRS, and local law enforcement.

Protect your business before identity theft happens

Your business identity is valuable. Protect it like you would your personal one. Start with strong verification protocols, multi-factor authentication, and regular audits. Norton Small Business offers tools to help monitor your accounts, flag suspicious activity, and keep your company’s identity Cyber Safe.

FAQs

How do I check for business identity theft?

To check for business identity theft, look for unusual credit activity, tax issues, or changes in your state’s business registration. Set up account alerts and regularly review your financial statements.

What should I do if my business EIN is compromised?

If your business EIN is compromised, report it to the IRS using Form 14039-B and notify the FTC at identitytheft.gov. You may also need to alert your bank and credit bureaus.

Can business identity theft affect my personal credit or finances?

Yes, business identity theft can affect your personal credit and finances, especially if you’re a sole proprietor with linked business and personal finances.

Who should I report business identity theft to?

To report business identity theft, start with the IRS, FTC, your state’s Secretary of State, and any affected financial institutions. Then, contact the three credit bureaus, Equifax®, Experian®, and TransUnion®.