14 DAY TRIAL // In a joint press conference held earlier this week the Colorado Secretary of State Bernie Buescher and Attorney General John Suthers warned that several local business have fallen victim to a new scam, which involves criminals misusing their identity to sign up for credit. The fraudsters were able to pull off the scheme by manipulating business records held by the Secretary of State's office.
Most Colorado businesses are legally required to register their information on the website of the Secretary of State. However, in what seems like a great security lapse, modifying these records does not require any form of identification, like a username and password.
According to the Colorado Bureau of Investigation, the fraudsters exploited this shortcoming to make it appear as if they have a stake in the companies they targeted. Then using the altered records they managed to open credit lines in the name of those businesses. Authorities have arrested several identity thieves who used this method to steal $750,000 during the past four months.
“Corporate identity theft can levy steep costs on businesses unaware that their name and brand have been hijacked to steal credit from banks. Not only do these scams cost businesses, but they also decrease the amount of loans that banks can make to legitimate businesses. However, law enforcement can effectively prosecute these cases only if businesses take steps to ensure that they are monitoring who is authorized to act in their names,” Colorado Attorney General John Suthers, commented.
However, the most concerning aspect is that the security hole, which allowed these attacks to happen in the first place, will not be fixed. According to Colorado Secretary of State Bernie Buescher, implementing a password and PIN scheme is not something the state can afford in these hard economic times. "Getting that implemented for 800,000 businesses, when this is a crisis right now, is not practical," he told 7NEWS.
The temporary solution for business owners is to opt-in to receive email notifications when the record for their company is altered. In this way they can be aware of any unauthorized modifications and can act before they become a fraud victim. Unfortunately if the attacker goes to the trouble of finding the email address, they can easily unsubscribe it from the system and we're back to square one. That's why it's a good idea to subscribe with multiple addresses that belong to different people, like the company's accountant, secretary and so on.
You can follow the editor on Twitter @lconstantin