Identity theft is a serious problem—not just for individuals, but for businesses as well. Last year almost 16.7 million individuals were victims of identity theft. There was also a 46 percent increase in the number of reported cases of business identity theft, according to the National Cybersecurity Society (NCSS).

“Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” says Mary Ellen Seale, CEO of NCSS.

Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.

Business identity thieves focus on stealing key business identifiers and credentials—such as officers’ names or your federal tax employer identification number—in order to manipulate or falsify state business filings and impersonate the business in other ways. Armed with this information, criminals can open a line of credit, obtain better terms with vendors, or apply for a loan. And, business credit cards, with credit limits of up to $100,000, provide another avenue for thieves to make purchases at the expense of small businesses.

Criminals can capitalize on the abundance of information made available to the public online. Businesses are required by law publish sensitive details which may include financial statements, stakeholder information, and key identifiers such as employee identification numbers, and sales tax and business numbers.

This information and more can also be purchased legally through the internet. Often times, an application for a line of credit is approved based on public and re-cycled information found on the web.

Today, criminals are finding more sophisticated ways to impersonate and defraud businesses. While emulating a company’s letterhead, or sending fake correspondence are commonly used methods, other more advanced tactics are continuing to emerge. Some of these include

Most states have criminal statutes that only recognize identity crimes against individuals. In 2006, California became the first state to establish identity theft laws that officially recognized crimes targeting business entities. Effective October 2015, Florida implement new law that provides businesses the same protection as individuals when it comes to identity theft.

So, what does this mean in terms of managing the investigation and prosecution of inter-state and business identity crimes that fall under federal jurisdiction? As is the case with state laws, the statutory language contained in federal identity theft laws does not include business entities, making it extremely difficult to prosecute inter-state crimes.

As it appears the threat of business identity theft is not going away anytime soon, it is important that businesses, both small and large, recognize the real risk that identity theft poses, and take the necessary precautionary measures to prevent serious financial loss and other damages.