Feeds

UK firms warned of corporate hijack risk

Companies House database scam

  • alert
  • submit to reddit

Remote control for virtualized desktops

UK firms are urged to look out for an emerging scam which specifically targets the Companies House database. Early Warning, the online fraud prevention group, says it is easy for fraudsters to change the registered office for the limited company whose details they have obtained.

Armed with the details of a particular limited company, including the postal address of the head office and its registered company number, a fraudster can submit a form to change the address of a firm to a mailbox address or even a short-let residential property. The information to carry out this Corporate ID theft can be easily found on the internet.

Once a "Form 287" is completed and submitted, Companies House will amend its database without getting confirmation; typically, conducts basic checks only . The fraudster is then at liberty to start opening trade accounts and ordering goods to be delivered to the bogus address.

The innocent company whose details have been altered by the fraudster will only find out about the scam when the debt collectors arrive, or when legal action is initiated to recover the goods that have been fraudulently obtained.

"Companies House cannot prevent hijacking. It does not have the power to investigate the contents and accuracy of forms sent to them for filing," said Andrew Goodwill, Early Warning's managing director.

Goodwill knows of three companies (a Kent property company, an antique dealer and flooring company, both in London) who have fallen victim to the scam. Early Warning became aware of the scam two weeks ago when fraudsters posing as one of the victim companies ordered computer hardware from an Early Warning member.

Fraud prevention

A spokesman for Companies House said it was aware of company hijacking as an emerging problem. To combat such frauds, an electronic filing service with built-in safeguards, called PROOF ,(PROtected Online Filing) has been introduced. If a company signs up to PROOF, Companies House will accept specific statutory forms in electronic format only, and will refuse any paper submissions of the form. "The system relies on electronic codes - not signatures - and has greater built-in security," the spokesman explained.

Firms still filing by paper have the option of using a Companies House monitoring service to keep tabs on documents filed with the organisation. An electronic version of this service was recently introduced. All very well - but shouldn't Companies House be checking more rigorously in the first place? Companies House says this is not practical: "We don't have the power and resources to go back and check 9m documents."

Goodwill called for firms to show vigilance: "Every Limited company should check their registered office details on the Companies House website and this should probably be done every month or so. Companies House has no responsibility to validate the details contained in Form 287 and that it may even require legislative changes to get them to do so," he said. ®

Related stories

Two-in-one ID theft, fee fraud scam debuts
Net fraudster nailed in East Ham
Email scammers target Nochex users
Forged cheque scam hits UK retailers
Nigerian freight forwarding scam hits UK

Beginner's guide to SSL certificates

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.