Security experts said that hackers could steal browser 'cookies' in Poodle attacks, potentially taking control of email, banking and social networking accounts.

Caep Town - Identity theft, and the threat to individuals, is well-known, but now companies appear to be the new targets, with a recent spike in the amount of corporate identity theft.

The modus operandi, according to Cleardata managing director Gianmarco Lorenzi, sees consumers and corporates receive letters bearing official letterheads of major organisations, which purport to be informing them of a change in store account details – and the new details that should be used.

Most recently, Lorenzi said, one example was fraudulent letters and e-mails carrying the official logo of the Financial Intelligence Centre (FIC), which had already snared 419 people.

“The consumer, thinking this is an authentic business letter, then makes payments into the fraudulent account.

The scam comes to light when the actual business contacts the consumer to establish why payments are not being made, instigating reputational, legal or financial damage for the business as the customer wonders how their details were obtained by the fraudster in the first place,” he said.

The latest statistics from the SA Fraud Prevention Services show that the number of fraud filings increased by 27 percent in 2011, translating to 14 320 new incidents reported in that year alone.

Lorenzi said the statistics highlighted the fact that ID theft was on the rise in SA, and that “criminals are increasingly targeting businesses, as they have realised that it is more lucrative – and easier – than exploiting individuals”.

Globally, the situation is similar.

The 2012 Javelin Strategy and Research Identity Fraud Report shows that incidents of corporate identity theft worldwide increased by 13 percent in 2011, resulting in 11.6 million adults being affected.

Lorenzi said one of the ways in which corporates could safeguard themselves from identity theft was to ensure that all important documents carrying official logos were properly destroyed.

“Those businesses not practising sound document destruction are simply placing the organisation, including employees and clients, under unnecessary risk of identity theft and should seek the advice of a reputable document-shredding company that has been certified by the National Association for Information Destruction,” he said.

This was vital because the easiest way for criminals to gain access to documents was to simply rummage through a company’s garbage.

“Most computers also have desktop publishing technology which has made it far easier for fraudsters to scan and duplicate a variety of corporate documents such as purchase orders… or even stock certificates which all carry the company’s logo.”

Dave Loxton, director of Werksmans Attorneys, said that while corporate crimes would never be stamped out totally, there were guidelines to follow to eliminate the threat.

These included:

l Streamline payment systems for easier tracking.

l Segregate duties and split them among a number of people to ensure efficiency.

l Test controls to ensure they are running properly.

l Train staff on the company’s ethics policy.

l Introduce clear sanctions, and enforce them ruthlessly.

l Undertake proper screening of all new staff.

l Go the extra mile to follow up CV claims.

l Reserve your rights to talk to a current employer.

l Companies should remember that longstanding relationships are not immune to fraud.

l Implement a tip-off line so that whistle-blowers can alert companies to incidents of fraud. - Weekend Argus