Digital Privacy

Deep Dive into Synthetic Identity Fraud

The fraud landscape is evolving and, as the world becomes increasingly digital, so do the criminals. From petty schemes to high-class social engineering strategies, fraudsters cash out on billions each year.

Creating a fake identity

The FTC calls synthetic identity fraud “one of the fastest-growing financial crimes” in the United States. Unlike traditional forms of identity theft, criminals don’t steal an identity, but create a new one, using a combination of fake and real information. For example, an identity thief can combine real Personally Identifiable Information (PII) such as a Social Security number with a fake name and address to open bank accounts and seek credit, apply for a job or obtain health insurance.

Although it takes longer for criminals to establish a realistic credit history, fraudsters may create multiple “customer profiles” before attempting to make a large purchase or obtain significant bank loans. As such, their modus operandi includes piggybacking on accounts belonging to other real or fake individual with a good credit score.

After creating a fake identity, the fraudster will apply for credit, immediately triggering the creation of a credit file or proof that the identity exists. The scammer will repeatedly apply for credit until it is approved, and continue to legitimize the synthetic identity. In the end, the fraudster will “bust out” and completely vanish without paying his loans.

According to the Payments Fraud Insights report published by the Federal Reserve, “the ease and low cost of creating synthetic identities contributes to the widespread impact of this type of fraud on the financial, insurance and healthcare industries, government agencies and consumers.”

“Sophisticated crime rings can leverage multiple tactics at scale to cultivate synthetic identities, including using fake addresses, creating sham businesses and forming relationships with collusive merchants to cash in,” the report continues.

Common aspects of synthetic identities include:

• Multiple identities with the same SSN
• Credit file depth is inconsistent with customer age or other profile information
• Multiple applications from the same phone number, mailing address or IP address
• Use of secured credit lines or piggybacking to build credit
• SSN issued after 2011
• Multiple authorized users on the same account

Children and elderly citizens make for better targets

In the case of synthetic identity fraud, cyber thieves are known to mainly target minors and the elderly because they are less inclined to check their credit reports, allowing fraudulent activity to go on for years without detection.

The personal information of children is highly sought after on dark web marketplaces, and reports show that newborn and infants social security numbers, birth dates and names, sell for an average of $300 per record. It’s also estimated that children are 51 times more likely to fall victim to identity theft than adults.

If you wish to prevent your child’s social security number from being used as part of a synthetic ID, it’s highly recommended that you check their credit reports on a regular basis, and even request that credit institutions freeze the child’s credit until the age of 16.

The cost of synthetic ID fraud

Millions of identities are exposed each year through data breaches and data leaks, providing cyber thieves the means to conduct synthetic identity fraud.

As highlighted in a Federal Reserve report, this type of fraud is harder to detect, with 85% to 94% of all synthetic identities not being flagged as high risk by existing fraud models. Moreover, an analysis conducted by the Auriemma Group suggested that synthetic identity fraud accounted for 20% of all credit losses in 2016, costing U.S. banks more than $6 billion.

Synthetic identity theft has been around for decades, shrouding the criminal activities of fraudsters seeking to cash up on illegally obtained credits. One of the largest synthetic ID rings was detected in 2013, when the Department of Justice (DOJ) charged 18 people in an international credit card fraud scheme spanning across 28 states and eight countries. Using these fake identities, the scammers obtained more than 25,000 credit cards, inflicting $200 million in losses.

Can you prevent synthetic identity fraud?

Unfortunately, synthetic ID fraud is harder to pin down for law enforcement and individuals. With so much of our personal information being scraped and sold by to the highest bidder on the dark web, the odds of becoming another identity theft victim are high.

However, you can take some measures to protect you and family:

• Never provide your SSN to individuals contacting you via phone, email or social media
• Monitor your credit history on a regular basis
• Review your annual Social Security statement
• Keep your personal documents safe

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.