MOVEit Update

• Closely monitor credit reports.
• Obtain a free copy of your credit report, which you’re entitled to once every 12 months, from each of the three major credit reporting agencies: Experian, Equifax and TransUnion.
• Place a fraud alert on your accounts by contacting one of the credit reporting agencies; a fraud alert at one of the agencies will automatically notify the other two. A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts.
• Freeze your credit at each of the three major credit reporting agencies. Agencies will require personal authorization before approving any credit application.
• If you believe you are a victim of identity theft, immediately file a police report and notify the Federal Trade Commission via www.identitytheft.gov.
• Request to block electronic access to Social Security, which you can learn more about via https://www.ssa.gov/pubs/EN-05-10220.pdf

To connect with one or all three of the major credit reporting agencies, call or visit their websites:

• Equifax: Call 800-349-9960 or go online
• Experian: Call 888-397-3742 or go online
• TransUnion: Call 888-909-8872  or go online

Call the Social Security Administration’s toll-free number to block electronic access to your social security number:
1-800-772-1213

Business identity theft is more complex and therefore not as common as personal identity theft, but it still happens frequently—and the results can be disastrous. Fraudsters attempt to use sensitive information about a business to do everything from applying for a loan and falsifying business filings to impersonating the business and even fraudulently pretending to be an employee.

Being resilient after sensitive information about your business has been accessed can help keep your business secure.

How to identify business identity theft related to tax administration

• You receive IRS notices about fictitious employees.
• You notice activity related to or receive IRS notices regarding a defunct, closed or dormant business after all account balances have been paid.
• Your return is accepted as an amended return, but you (or your accountant) haven’t filed a return for that year.

If you think someone is using your business name or Employer Identification Number (EIN) to submit fraudulent tax returns or Forms W-2, you’ll want to let the IRS know right away. Businesses, trusts, estates and tax-exempt organizations can do this by filing a Business Identity Theft Affidavit, aka Form 14039-B on the IRS website.

Other indicators of possible business identity theft (not related to tax administration) include

• You receive bills for business lines of credit or credit cards you do not have.
• You notice that a credit report indicates credit or other open accounts you did not authorize.
• You see unexplained bank account withdrawals.
• You don’t get your bills or other mail.
• You find unfamiliar accounts or charges on your credit report.

Immediate Protective actions if your business information has been compromised

• If you believe someone fraudulently used your Employer Identification Number, notify the IRS immediately.
• Contact your banker to add an alert or password on your business banking and merchant accounts.
• Review the options available for your business online banking platform and, if the option is available, enable dual approval requiring two users to create a new user.
• If you utilize ACH to pay payroll or vendors, add dual approval requiring one employee/owner to create the file and one employee/owner to approve the file.
• Add additional levels of protection to your bank accounts including Positive Pay and ACH Positive Pay.
• Place a fraud alert on your credit reports by contacting any one of the three nationwide credit reporting companies online or through their toll-free numbers. The bureau you contact must tell the other two. You may also request a credit freeze by contacting each of the three bureaus.

To connect with one or all three of the major credit reporting agencies, call or visit their websites: 

• Equifax: Call 800-525-6285 
• Experian: Call 888-397-3742 
• TransUnion: Call 800-916-8800
  
  

Ongoing Protective actions if your business information has been compromised 

• Review your bank account(s) activity online as frequently as possible, ideally on a daily basis and report any unauthorized activity to your bank as soon as possible.  
• Carefully review and reconcile account statements as soon as you receive them. 
• Regularly review business registration information online (for all active and closed businesses). 

• Keep your records with the Secretary of State up to date. 
• Keep copies of official business records such as tax returns, quarterly filings and sales tax in a secure place. 
• Review your business insurance policies to find out if your coverage does or can in the future cover fraudulent claims. 
• Update antivirus, malware, and other security software programs on your computers. Use good cyber hygiene: change passwords periodically, do not reuse passwords across multiple applications, regularly backup your key data and create security awareness in your organization. 
• Create due diligence processes in your organization such as calling the vendor at a known phone number to validate a request for payment or change in payment information before conducting a financial transaction that was requested via email. 
• Remain vigilant and be alert for suspicious or unusual activity, including large charges or orders from someone claiming to represent your business. 

Business Identity Theft Can Happen to Anyone

Staying resilient helps stop fraudsters from using information about your business for their own gain. This includes detecting fraudulent activity early (by frequently reviewing your business records) and taking protective actions such as the items listed above.  

If you’d like to learn about banking solutions that can help secure your business against fraud, visit your local branch or give us a call at 866-486-7782.