Frequently Asked Questions

Why are businesses targeted by identity thieves?

Business identity theft is the business variation on personal identity theft.
Business identity theft is not about “data breaches” per se, although data breaches can provide evil-doers with valuable information to exploit.
It’s also not “brand-jacking.” Brand-jacking is the exploitation of your online brand identity—and good name—for a variety of malicious reasons.
To understand why identity thieves are targeting businesses, you need to compare the potential illegal proceeds of consumer identity theft to those of business identity theft – from a criminal’s perspective:

    • Larger bank account balances
    • Easy credit and account opening
    • Higher credit limits
    • Larger purchases can be made with less scrutiny
    • Easily available information
    • Difficult to investigate and prosecute

How big is the problem of business identity fraud?

The FBI Internet Crime Report 2016 shows that the total fraud amount related to Business E-mail Compromise and Identity Theft for 2016 is estimated at $ 420 million, divided between almost 30,000 cases. And of course, many more attempts are not reported.
Fraudehelpdesk, a national online anti-fraud platform in the Netherlands, has received in the first 9 months of 2016 961 business identity fraud cases for a total amount of € 1,7 million, an increase of 140% in comparison with 2015.

What to do as a victim of business identity fraud?

Business identity fraud is a criminal offence. Report your case to the police.
Has the fraudster used a false domain name? Report this domain name to our website via our ID Fraud Check. This will help to prevent further losses.
Finally, contact us for further assistance with your case.

Which type of business is most vulnerable?

The first reports of this fraud type were related to electronics and consumer products. Ultimately, every good or service is susceptible to this form of fraud. The value of the order varies between € 40,000 and € 100,000 Euro per fraudulent order. Both large and small companies are targeted.

Which period of the year is most vulnerable ?

It appears that cybercriminals especially hit during the holiday season. They count on a reduced level of vigilance of employees during the summer months or hope that a replacement is less familiar with current procedures.

Why is this private initiative needed?

Because a judicial approach alone is not enough to put an end to this form of fraud. After all, well-organized gangs are operating from abroad and they will continue to try making victims. A complementary private initiative is therefore necessary. Only when the business community works together, uses the ID FRAUD CHECK and internally takes the necessary preventive measures, a preventive power can be created to stop this phenomenon.

Should a complaint be filed with the police?

ID Fraud is in fact a criminal offence and, in any case, it makes sense to make a complaint. The police need as much new and concrete information as possible to be able to unmask a criminal organization sooner or later. We can assist you in compiling your file in consultation with your legal adviser.

Why do I have to pay for this service?

As an ID FRAUD Check user, you will initially receive 20 FREE credits because we want to encourage checking and reporting fake domain names. In addition, you will receive 10 extra free credits when a reported domain name, after verification, appears to be fraudulent.
In other words, only after your free credits run out do you have to buy credits, and this at a low rate of € 0.5 / credit. This minimal contribution is necessary to allow us to cover the fixed costs.

Can I get additional free credits?

Certainly, but only when your reported domain name – after verification – appears to be fake. Each time this is the case, you will receive 10 free credits. These credits are never redeemable for money and expire after 1 year.

Is the use of ID FRAUD CHECK compliant with privacy laws?

Yes, because no person-related data is stored. ID FRAUD CHECK refers only to domain names and, moreover, only a search function is used. The complete list cannot be consulted. Only registered users can use the consultation function.

Why is the database of abused domain names not available online?

ID FRAUD CHECK is an internet application that is available 24/7. It is set up to serve bona fide parties. Because of the sensitivity of the information, the data in the database is stored encrypted on a separate, secure server that is only accessible to authorized employees of i-Force. Because of the same sensitivity, ID FRAUD CHECK works on a need to know basis: it is a consultation registry.

Why do I need to log in?

As a user of ID FRAUD CHECK, you must register to exclude as much as possible any possible abuse of the application. The registration data will also be used for billing purposes if you purchase credits.

How is my identity protected?

Your registration information is stored encrypted on a separate, secure server that is only accessible to authorized employees of i-Force.

What will happen with my reported domain name?

Once you’ve reported a domain name that is not yet stored in our database of abused domain names, i-Force will perform a verification. In addition, i-Force can contact the company to which the domain name clearly refers to in order to obtain sufficient assurance that it is a fake domain name or not. If the domain turns out to be fraudulent, i-Force will add the domain name to the database of abused domain names and you will receive 10 additional free credits.



Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.


Ransomware is a type of malware program that infects, locks or takes control of a system and demands ransom to undo it. Ransomware attacks and infects a computer with the intention of extorting money from its owner.
Ransomware may also be referred to as a crypto-virus, crypto-Trojan or crypto-worm.


Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.


“419” is a term that refers to the section in Nigerian law which addresses fraud schemes, associated with solicitation from individuals requesting help in facilitating the transfer of money. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim, or simply disappears.

Advanced fee

An individual pays money to someone in anticipation of receiving something of greater in return, but instead, receives significantly less than expected or nothing.

Business email compromise/email account compromise

BEC is a scam targeting businesses (not individuals) working with foreign suppliers and/or businesses regularly performing wire transfer payments. EAC is a similar scam which targets individuals. These sophisticated scams are carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds.

Corporate data breach

A leak/spill of business data which is released from a secure location to a untrusted environment. A data breach within a corporation or business where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.


Unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure.


A computer hacker whose activity is aimed at promoting a social or political cause.

IPR/Copyright and Counterfeit

The illegal theft and use of others’ ideas, inventions, and creative expressions—what’s called intellectual property—everything from trade secrets and proprietary products and parts to movies, music, and software.

Identity Theft/Account Takeover

Someone steals and uses personal identifying information, like a name or Social Security number, without permission to commit fraud or other crimes, or a fraudster obtains account information to perpetrate fraud on existing accounts (Account Takeover).


Software intended to damage or disable computers and computer systems. Sometimes, scare tactics are used by the perpetrators to solicit funds.


Merchandise or services were purchased or contracted by individuals online for which the purchasers provided payment. The goods or services received were of a measurably lesser quality or quantity than was described by the seller.


Goods and services are shipped, and payment is never rendered (non payment). Payment is sent, and goods and services are never received (non¬ deliver).

Personal data breach

A leak/spill of personal data which is released from a secure location to an untrusted environment. Also, a security incident in which an individual’s sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.


The use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.

Tech support

Attempts to gain access to a victim’s electronic device by falsely claiming to offer tech support, usually for a well-known company. Scammer asks for remote access to the victim’s device to clean-up viruses or malware to facilitate a refund for prior support services.


Code capable of copying itself and having a detrimental effect, such as corrupting the system or destroying data.

Virtual currency

A complaint mentioning a form of virtual/crypto currency (Bitcoin, Litecoin, Potcoin, etc.).