Identity thieves who specialise in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic – a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.
More on that story here: https://krebsonsecurity.com/
The situation we observe at ImmuniWeb is largely exacerbated by SMBs\’ insecure websites. Frequently, fraudsters swiftly take control of outdated WordPress or Drupal websites, and modify phone numbers and email addresses listed there. Then it becomes virtually impossible to recognize the fraud for would-be lenders. Worse, such security incidents maybe later assigned to the victimized business owners as a negligent failure to protect their business, making them liable for fraudulent transactions they indirectly facilitated. Less sophisticated gangs may use black SEO or even lawful DMCA takedown requests to make legitimate websites disappear from Google, and bring a similar domain name with copy-pasted content but altered phone numbers and phony emails.
The proliferation of stolen data across the Dark Web bolsters mushrooming fraud, enabling cybercriminals to massively usurp identities in a riskless and effortless manner. They aptly forge critical documents, based on the information previously leaked online, and preclude even experienced fraud investigators from noticing any red flags in time. The economic slowdown caused by the pandemics will likely spur further growth of identity theft and a wide spectrum of financial fraud stemming from it.