They’re Targeting Your Business Right Now

by | May 13, 2026 | News, Security

New Account Fraud blog creative image

In 2024, reported losses from new account fraud hit $6.2 billion, more than double compared to a decade ago.

 

New account fraud targeting businesses is a growing threat. Criminals use your business’s EIN, public registration filings, or impersonated officers to open fraudulent accounts, obtain credit, and cause significant financial harm — often before your business is aware anything is wrong.

Protecting your business identity requires the same care and attention you give your personal identity.

 

Financial fraud against small businesses has increased by 70% since the start of the pandemic, costing billions annually.

46% of small‑business loan applications show signs of first‑party fraud.

Experian’s March 2025 Commercial Pulse ReportName Goes Here

Nearly 80% of companies faced attempted fraud in 2024

BBB’s 2025 Business Scam Study reports that almost 80% of businesses encountered attempted fraud, including identity theft, synthetic identities, and fake account setups.

Better Business Bureau

57% of small‑business owners experienced fraud in 2025

Over half of small‑business owners were hit by fraud, including AI‑driven identity and account‑creation scams.

Abrigo’s May 2025 Survey

Synthetic identity fraud accounts for 20–24% of business fraud losses

Synthetic identity fraud—one of the primary mechanisms behind new account fraud—is responsible for 20% of global losses and 24% of U.S. losses.

TransUnion’s 2025 Fraud Trends Update

What is Business New Account Fraud?

Business new account fraud happens when criminals use your company’s identity — its EIN, formation documents, officer information, or a fabricated version of it — to open fraudulent bank accounts or obtain credit. 

 

How New Account Fraud Targets Businesses

Criminals may access this information through:

  • Public state business filings, which list your EIN, officers, and registered address
  • Data breaches that expose employee, officer, or customer records
  • Impersonation of officers, signers, or vendors using forged or altered documents
  • Dark web marketplaces where stolen business and personal data is bought and sold

 

Why Is This Dangerous?

If a fraudster opens an account using your business identity, they may:

  • Obtain lines of credit or loans in your business’s name with no intent to repay
  • Deposit fake checks and withdraw funds before the checks are returned
  • Damage your business credit profile, affecting future borrowing and vendor relationships
  • Expose officers or owners to personal liability depending on your business structure

Because business registration information is often public, any business can be targeted — not just those that have experienced a data breach.

 

Steps You Can Take to Protect Your Business

  • Monitor your business credit profile: Review your business credit reports regularly through Dun & Bradstreet, Experian Business, and Equifax Business. Look for accounts or inquiries you don’t recognize.
  • Protect your EIN and business documents: Limit who has access to your EIN, operating agreements, and formation documents. Shred sensitive financial records before discarding.
  • Monitor your state business filings: Set up alerts with your state’s Secretary of State office to be notified of any changes to your business registration or officer filings.
  • Use dual controls for account changes: Require two-person approval for any new account openings, signer changes, or updates to payment instructions. Never act on banking change requests received by email alone.
  • Verify new vendors and employees carefully: Independently verify banking details for any new vendor or employee through a known phone number before processing payments or setting up accounts.

 

What to Do If You Suspect Fraud in Your Business

The key is to act fast, document everything, and notify the right entities in the right order.

When something feels “off,” time matters. Fraud moves quickly, and the faster you respond, the more damage you can prevent. Here’s a clear, actionable process every small business should follow the moment fraud is suspected.

  1. Freeze the Situation Immediately

Stop the bleeding first. Pause any suspicious transactions, disable affected user accounts, and lock down access to banking, payment portals, email, and internal systems. Change passwords and enable multifactor authentication (MFA) on all critical accounts. This quick containment step prevents further unauthorized activity while you investigate.

  1. Document Everything

Fraud investigations rely on evidence. Save emails, invoices, screenshots, logs, timestamps—anything that shows what happened and when. Export account activity from your bank, CRM, or payment processor. Create a simple timeline. This documentation becomes essential for banks, insurers, and law enforcement.

  1. Contact Your Bank or Payment Processor

Most financial institutions have 24/7 fraud hotlines. Tell them exactly what you’re seeing—unauthorized transactions, fake accounts, suspicious loan applications, or synthetic identity activity. They can freeze accounts, reverse charges, and flag your business profile to prevent further attempts.

  1. Report the Fraud to the Proper Authorities

Depending on the type of fraud, notify:

  • FTC – ReportFraud.ftc.gov
  • FBI IC3 – For cyber, identity, or financial fraud
  • Local police – For documentation and insurance claims
  • State Attorney General – For business identity theft

If someone opened accounts or loans in your business’s name, also alert:

  • IRS Business Identity Theft Unit
  • Experian, Equifax, and TransUnion to place a business fraud alert

These reports create an official record and help stop additional fraudulent activity.

  1. Check for Additional Compromises

Fraud rarely happens in isolation. Review your business credit reports, vendor accounts, payroll systems, email inbox rules, and cloud storage access logs. Look for new users, changed settings, or unauthorized access attempts.

  1. Notify Customers, Vendors, or Partners (If Needed)

If their data or accounts may have been exposed, transparency builds trust—and in some cases, it’s legally required. Provide clear, calm communication about what happened and what steps you’re taking.

  1. Contact Your Insurance Provider

If you carry cyber liability insurance, business identity theft coverage, or fraud protection riders, your insurer may cover losses, legal fees, or recovery services. Early notification is often required for claims.

  1. Review and Update Internal Controls

Finally, strengthen the processes that were exploited. Add verification steps for new accounts, vendor onboarding, payment changes, and loan applications. Implement dual approvals where appropriate. Small improvements here can block major threats later.

 

Strengthen Your Security Posture

Once the immediate threat is contained, tighten your defenses:

  • Turn on multifactor authentication (MFA) for all users
  • Require strong, unique passwords
  • Update software, plugins, and devices
  • Review admin privileges
  • Train employees on phishing and identity fraud

These steps dramatically reduce the risk of repeat incidents.

Want to Learn More?

Explore how timely website updates and other strategies can increase your business security. Connect with your Emerge Multimedia team: Amy, Janet and Nadine!

Click Here