Blog post
Business Takeovers: A Fraud Trend SMB Lenders Should Know
John Chang
Published
July 24, 2024
Fraud is a problem for all lenders, but in small business lending, the consequences of approving the wrong application can be particularly severe. According to the Fed's latest small business lending survey, which contains data from Jan 2022 through Q1 of 2024, the average business loan issued since the start of 2022 in the United States was over $130,000.
Needless to say, even a fairly limited number of fraud cases in this space can make losses add up fast.
And while business lenders have always had to contend with fraud, lately we've been seeing a rise in cases with a specific MO – the business takeover – that can be particularly difficult to detect.
What is a business takeover?
A business takeover occurs when a bad actor reinstates a dissolved business that they do not own or control, replacing the registered officer information to leverage the business's established credit history to make it easier to get business loans. Here’s how it works:
- The fraudster searches for a business that is currently dissolved or inactive with a Secretary of State (SOS) office. Often the fraudster will choose a company that has many years of history.
- The fraudster goes through the reinstatement process with the SOS, which usually requires submitting online forms and paying administrative filing fees. During this step, the fraudster replaces the legitimate officer with their own identity or a synthetic identity they control.
- Once the company regains “active” or “good standing” status, the fraudster can conduct malicious business activities, notably taking advantage of the company’s credit history.
After completing a business takeover, fraudsters often take additional steps to try to appear legitimate. They may register new domain names and set up a fake, often generic-looking website. They also generate new contact information such as a business email using the domain, a new VoIP phone number, and acquire a private mailbox for the business address.
These actions obscure the fraudster’s identity, but with the right data, they can still be detected at the point of application.
Recent patterns and fraud rings
Over the last few months, we’ve seen different fraud rings conducting takeovers of Florida businesses, all with similar patterns, applying for financial products from our partners. One fraud ring had the following characteristics:
- The business was reinstated several years after being dissolved.
- The fraudster used contact information such as an address in a different state, a phone number from a specific VoIP provider, and a business email with the syntax info@businessname.com.
- On financial applications, the fraudster listed an out-of-state address with no connection to the company.
Another ring we’ve identified – also in Florida -– used the same address on all of its financial applications. In the updated SOS records after reinstatement, all of these businesses used private mailboxes as a way to mask their activities.
Why does this keep happening?
Every state has a process to reinstate a dissolved company, and most reinstatements happen for legitimate reasons. Small business owners, in particular, can easily fall behind on annual filings, leading to a loss of “good standing” and the need to reinstate.
Secretary of State offices have created online flows to simplify this process, but this allows fraudsters to exploit the system. States where security controls are weakest, like Florida and Wyoming, appear to be most targeted by fraudsters.
What can stop this?
Secretary of State offices could take several measures to help prevent business takeovers:
Notifications to the original owner
When legitimate business owners need to reinstate their business, the SOS should be able to notify the owner using the contact info they have on file, as most legitimate reinstatements occur soon after the company is dissolved. Secretary of State offices already send notices to businesses when they become delinquent, often marking the business as “not in good standing” before taking further action. In the same way, notifications to the previous owners could be sent before a reinstatement is approved. States such as Colorado take such an approach.
More restrictions for long-inactive businesses
The ability to change officer information at the time of reinstatement should be eliminated. After a business is reinstated, the original owner should be required to submit another filing to change the officer information, providing another layer of protection. States could also implement online business owner profiles and user access controls, similar to those in California or Maryland.
Streamline fraud reporting
Only a few states currently publish information on how to report fraudulent activity, even if most states publish warnings about business fraud generally. Unfortunately, some states even say that they are not responsible for fraudulent business activity and have no ability to investigate.
What can business owners do?
Small business owners can also take steps to help prevent business takeovers. First, keeping business records up to date with their Secretary of State by remembering to file their annual reports on time ensures that they will receive notifications related to their business's status in the future.
Second, owners can heed recommendations from the IRS to cancel their EIN when the business is shut down, as an EIN is never reissued to another company.
Third, owners can proactively file a voluntary dissolution with their Secretary of State once they have ceased business activity. In some states, businesses that have been voluntarily dissolved by the owner cannot be reinstated, whereas businesses dissolved for administrative reasons can be. Proactively dissolving the business voluntarily could prevent the business from being a target of a takeover.
What is SentiLink doing?
SentiLink has been extending its fraud tools to help our SMB-focused partners identify fraud, including patterns like business takeovers. If this is something that you’re interested in exploring, please don’t hesitate to reach out to your Partner Success Manager.
Not yet a SentiLink partner? Book a demo today and let us see how much we can save you by preventing more fraud at the point of application.
Related Content
Blog article
November 14, 2024
From Disaster to Deception: How Fraudsters Are Preying on FEMA’s Hurricane Relief Efforts
Read articleBlog article
October 24, 2024
We Analyzed $485M in Stolen Checks. Here's What We Found.
Read articleBlog article
October 22, 2024