Feeds

UK firms warned of corporate hijack risk

Companies House database scam

  • alert
  • submit to reddit

Top three mobile application threats

UK firms are urged to look out for an emerging scam which specifically targets the Companies House database. Early Warning, the online fraud prevention group, says it is easy for fraudsters to change the registered office for the limited company whose details they have obtained.

Armed with the details of a particular limited company, including the postal address of the head office and its registered company number, a fraudster can submit a form to change the address of a firm to a mailbox address or even a short-let residential property. The information to carry out this Corporate ID theft can be easily found on the internet.

Once a "Form 287" is completed and submitted, Companies House will amend its database without getting confirmation; typically, conducts basic checks only . The fraudster is then at liberty to start opening trade accounts and ordering goods to be delivered to the bogus address.

The innocent company whose details have been altered by the fraudster will only find out about the scam when the debt collectors arrive, or when legal action is initiated to recover the goods that have been fraudulently obtained.

"Companies House cannot prevent hijacking. It does not have the power to investigate the contents and accuracy of forms sent to them for filing," said Andrew Goodwill, Early Warning's managing director.

Goodwill knows of three companies (a Kent property company, an antique dealer and flooring company, both in London) who have fallen victim to the scam. Early Warning became aware of the scam two weeks ago when fraudsters posing as one of the victim companies ordered computer hardware from an Early Warning member.

Fraud prevention

A spokesman for Companies House said it was aware of company hijacking as an emerging problem. To combat such frauds, an electronic filing service with built-in safeguards, called PROOF ,(PROtected Online Filing) has been introduced. If a company signs up to PROOF, Companies House will accept specific statutory forms in electronic format only, and will refuse any paper submissions of the form. "The system relies on electronic codes - not signatures - and has greater built-in security," the spokesman explained.

Firms still filing by paper have the option of using a Companies House monitoring service to keep tabs on documents filed with the organisation. An electronic version of this service was recently introduced. All very well - but shouldn't Companies House be checking more rigorously in the first place? Companies House says this is not practical: "We don't have the power and resources to go back and check 9m documents."

Goodwill called for firms to show vigilance: "Every Limited company should check their registered office details on the Companies House website and this should probably be done every month or so. Companies House has no responsibility to validate the details contained in Form 287 and that it may even require legislative changes to get them to do so," he said. ®

Related stories

Two-in-one ID theft, fee fraud scam debuts
Net fraudster nailed in East Ham
Email scammers target Nochex users
Forged cheque scam hits UK retailers
Nigerian freight forwarding scam hits UK

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.