This one's easy: don't.
If they're not taking security seriously, that's a bad sign and you should reconsider giving them your personal information. If they're actively trying to hide their own contact information, that's a huge red flag and you'd be crazy to do business with them.
There's no need to overthink this. This is the internet equivalent of the shady guy selling Armani suits out of a stolen car (actually happened near me, recently). Just avoid shady businesses.