Company directors 'twice as likely' to be victims of identity fraud, says Cifas

The research (registration required), which is based on three and a half year's worth of data, found that nearly 19% of identity fraud victims were company directors, despite these people only accounting for less than 9% of the UK population. Directors were also statistically more likely to be victims of multiple impersonations, and tended to be younger than other groups targeted by fraudsters, according to the research.

Cifas chair Lady Barbara Judge warned that company directors were at risk due to the amount of information about them that was publicly available online and through Companies House.

"With almost one in every two crimes a fraud or cybercrime, company directors are increasingly aware of the need to have the right systems and processes in place to protect their staff and customers from this growing threat," she said. "This research reveals that they themselves are at increased risk of identity fraud in comparison to the rest of the UK."

"There will always be more publicly available information about you if you run your own business compared to other individuals. I however would encourage company directors to do as much as possible to separate their personal and company personas. Limit the personal information you share on social media and professional networking sites, and proactively check your credit file and your accounts. The quicker you spot that your details have been used fraudulently, the easier it will be to limit the damage caused," she said.

Cases of identity fraud are at an all-time high, having risen by over 68% since 2010 to almost 173,000 individual cases in 2016, according to the report.

Identity fraudsters often specifically target company directors, going out of their way to fraudulently obtain their credit files in order to obtain further information about them ahead of the fraud itself, according to the report. Almost half, or 47%, of the recorded cases in which credit files were procured in advance took place in London and the South East, with 28% of the total coming from London alone; both Wales and the North East accounted for just 2% of these fraud cases, according to the report.

Nearly one third, or 28%, of director-level fraud victims were in their 30s, which the report said "contradicts any notion that identity fraudsters deliberately target older people based on their perceived affluence and status in life". Instead, it was often easier for fraudsters to target younger victims due to the amount of information about them that was easily available online. The most common targets of identity fraud overall were aged between 41 and 50, according to the report.

Civil fraud and asset recovery expert Alan Sheeley of Pinsent Masons, the law firm behind Out-Law.com, said that the research showed that company directors "must be more careful and cautious with their online profile". However, he acknowledged that this was "difficult in circumstances where directors have statutory obligations", for example in regards to record-keeping requirements with Companies House.

"Directors need to think all the time as to whether they are making themselves vulnerable to fraudsters," he said.

"Further, with the pressure on all companies to raise profiles through social media it is easy to forget that quick comments on websites such as Facebook or Twitter can have catastrophic impacts on the business, not only from a fraud perspective but also from a possible libel perspective. Such comments can be extremely expensive and damaging for companies," he said.

"Directors need to think before posting anything in respect of their online profile. Directors should ask themselves the following questions before pressing the send button: would I put the information in a latter to a newspaper with a request to publish it, or on a poster outside my office? If the answer is no, then press the delete button, not the send button," he said.

Company directors or other individuals that had been victims of identity fraud should act quickly to obtain prohibitory injunctions, disclosure orders and search and seize order to prevent the use of personal information and recover any stolen funds, Sheeley said.

"Any delay in acting could be to their serious detriment, as assets will most likely be purchased very quickly using victims' information," he said.