Setting up a company is extremely busy. There’s a lot to do – new processes, account filings, tax and much more.
It’s also important to remember to keep your new company protected. Here are some measures to consider when protecting your company from fraud, scams and identity theft, and how to report them.
There are 3 main ways to protect your company.
1. Register to file online
Keep your authentication code safe
Your authentication code is a 6-digit alphanumeric code issued by Companies House to each company. This code is used to authorise information filed online, acting as an equivalent to a company officer’s signature.
Keep your code safe to avoid any fraudulent changes to the company. If you change your code to something more memorable, mix letters and numbers so your code is hard to guess.
To protect your code:
- only share your code with someone you trust to file information for your company
- change your code if it becomes known by someone you do not trust
- change your code if it’s known by someone no longer authorised to file information for your company
Our PROOF scheme
Our protected online filing scheme (PROOF) can help protect your company from unauthorised changes by preventing the filing of certain paper forms. This can include changes to your registered office address, changes to your officers’ information and your confirmation statement.
When you sign up, any forms covered by PROOF can only be filed online. This helps to prevent company hijacking by fraudsters through the changing of company details, which leaves the company vulnerable to further fraudulent activity.
Use the Follow service
Follow is a free service from Companies House that allows you to receive email alerts of company transactions. These emails include a link to the filing history of the company you are following, which you can download for free.
You can follow any company registered at Companies House, but for added security you can choose to follow your own company. If you are a company director or auditor, Follow is a quick and convenient way to keep track of changes to your company. You will be alerted to filings as soon as they have been accepted.
2. Take appropriate security precautions
Choose the right correspondence address
You do not need to use your home address as your correspondence (service) address, or your company’s registered office address.
If a director chooses to use their home address as their service address or the company’s registered office address, it will appear on the public Companies House register and cannot be removed from records. Keep this in mind when choosing your correspondence address.
Check website addresses are genuine
If you receive a suspicious email with a link to a web page that asks for your email address and password, it may be a scam. If you receive a suspicious email with an attachment asking you to enter personal information such as an authorisation code, forward it to firstname.lastname@example.org and then delete it.
Be aware of scam emails and telephone calls
Companies House will never contact you by email or telephone to ask for secure information about your company such as authentication codes. Do not open any attachments or disclose personal information.
3. Report any suspected fraud
If you receive a suspicious letter, invoice or telephone call, contact us immediately on 0303 1234 500.
Action Fraud is the national fraud and cyber-crime reporting centre for the police. If your details have been used without your consent, or you suspect fraudulent activity, report it to Action Fraud or call 0300 123 2040.
The National Cyber Security Centre provide information and advice on how to improve your online security. To find out more, visit:
- the Small Business Guide, which explains how to improve your cyber security and has affordable, actionable advice for organisations
- Early Warning, which helps organisations investigate cyber-attacks by notifying them of malicious activity that has been detected in information feeds; any UK organisation with a static IP address or domain name can sign up to use Early Warning.