Our latest BEV Break tackled a type of fraud that’s hiding in plain sight — buried not in stolen credentials or deepfakes, but in legitimate government records.
Middesk CEO Kyle Mack took us inside a growing threat: the manipulation of Secretary of State (SOS) filings to hijack business identities. It’s a method that takes advantage of outdated systems, public portals, and blind spots in traditional KYB workflows. And it’s proving incredibly effective.
If you missed the session, here’s a rewind of what your team needs to know — and what you can do to stay ahead.
The new KYB blind spot: SOS filing manipulation
Fraud rings have found a quiet but powerful way to bypass onboarding checks: changing the official paperwork.
It starts with a simple document called a “statement of information” — the routine update businesses file with their state each year to reflect any changes to ownership, addresses, or status. But in many states, these filings don’t require verification. And critically, there’s often no mechanism to alert the real business owner if something changes.
That’s the opening.
Some fraudsters seek out businesses that have been dissolved for years. They file new documents to reinstate the entity, list themselves as officers, and suddenly they have a clean-looking business — complete with a history — ready to open accounts or apply for credit. Others go after active businesses, quietly changing key details like addresses or controlling members without the actual owners ever knowing.
On paper, everything checks out. But behind the scenes, the identity has been compromised.
📽️ Kyle explains how bad actors hijack dormant or active businesses by quietly manipulating public filings.
What traditional KYB methods miss
For years, KYB programs have treated SOS filings as a gold standard. If the business name, status, and officers all match what’s on file, it’s considered a strong signal of legitimacy. But that assumption is being tested.
As Kyle explained, verifying information is no longer enough if the data source itself has been manipulated. A company might appear “in good standing” while being completely compromised.
The most dangerous part? These filings are designed to look clean. Fraudsters know what KYB systems check — and tailor their activity to pass.
That means teams need to shift from checking static records to analyzing patterns. It’s not just whether a filing exists — it’s how and when that filing changed. Was there a sudden reinstatement of an entity that’s been dormant for five years? Did a new officer get added weeks before account creation, only to be removed shortly after? Is the listed address a known UPS dropbox that’s also associated with dozens of other businesses?
These are the kinds of signals that matter — but they’re often invisible to legacy workflows.
📽️ Kyle breaks down the common gaps in KYB programs — and the filing patterns that fraudsters use to stay under the radar.
How to get started: Small steps, big impact
You don’t need to rebuild your entire KYB process to respond to this threat. In fact, one of the most actionable takeaways from the session was how much you can learn from simply revisiting past data.
Start by reviewing a sample of accounts where you’ve experienced losses. Pull the SOS filings for those businesses — most of them are publicly available. Look at what changed and when. Were there signs of reinstatement? Officer swaps? Suspicious address changes?
This manual audit may be time-consuming, but it’s also eye-opening. It gives your team a clearer sense of which red flags are showing up most often — and what your policies might be missing.
From there, you can begin building smarter risk models. For example, you might start flagging any business that was reinstated within the past 90 days or assigning higher risk scores to filings that list addresses linked to other entities.
Kyle emphasized that this isn’t about adding friction across the board. It’s about getting more precise — identifying the businesses that pose real risk so you can introduce friction only where it’s warranted. And just as importantly, it’s about giving low-risk businesses a smoother, faster experience.
📽️ Kyle shares how top fintechs and banks are layering new signals into KYB to detect risk before it spreads.
Want to go deeper?
You can watch the full BEV Break episode on spotting risky SOS filing changes — including Kyle’s breakdown of real-world examples and early signals teams are tracking — here.
Up next on BEV Break
Next month, we’re continuing this deep dive into overlooked signals with a session on UCC data, court records, and liens — and how these records can help lenders and onboarding teams detect hidden risk early. If your team touches credit risk, lending, or post-onboarding monitoring, you won’t want to miss it. Reserve your spot here.
