Saturday, December 4, 2021

Understanding What Synthetic Identity Fraud Is & How To Avoid It

 


As we all know, one of the primary aims of the Cyberattacker is to ultimately steal our identity, and sell whatever information they can get from it on the Dark Web, or try to use it get a hold of our bank accounts and the like. 

Normally, the norm has been to go after our real information, and launch attacks that way.  But now, there is a new trend that is occurring, and in fact, it is quite scary.  These are called “Synthetic Identities”.  You may be asking at this point what is it?  Well, here is a god definition of it:

“It is created by using a combination of real information (such as a legitimate Social Security number) with fictional information (which can include a made-up name, address or date of birth). Fraudsters increasingly use synthetic identities to commit payments fraud, which can escape detection by today's identity verification and credit-screening processes.”

(SOURCE:  https://www.federalreserve.gov/newsevents/pressreleases/other20190709a.htm).

So essentially, in these instances, the Cyberattacker is taking information and data that is real abut out, and combining it with fake information/data about you.  It is important to keep in mind that most Cyber systems of today only keep an eye out for your legitimate information in case if it is ever stolen. 

Thus, to avoid detection, the Cyberattacker is now combining that the unreal data to fly under the radar and avoid detection.

In fact, this new form of Cyber threat has gotten so bad that it has literally cost the US financial system over $20 billion just last year.  Back in 2016, it was just $6 billion (bad enough though).  Unfortunately, in these instances, the most common targets are the kids and the elderly folk of our American society. 

The primary reason for this is that these groups of people tend to have basically no credit history whatsoever. 

Because of that, the all the Cyberattacker needs is just the name of the individual, and pretty much their Social Security number.  From here on out, all of the fake information and data can be created, and it will be even harder to detect, because there is virtually no financial history that law enforcement can tie back to in case, they ever do become a victim.

With this, the Cyberattacker can create phony credit cards, bank accounts, etc. and use these vehicles for a much longer period of time.  The ultimate goal here of course is to collect all of the money that is possible, and house them under offshore accounts. 

And since these are technically not stolen credit cards or bank accounts, detecting the fraudulent usage of them has become that much more difficult.

Although difficult to detect, there are some very subtle telltale signs if a Synthetic Identity Fraud is actually taking place.  These include:

*People with near perfect credit scores, which in today’s world is a dream to have;

*Any sudden changes in contact detail, such as phone number, email addresses, etc.  Now of course, people are going to be changing their contact details from time to time, but any rapid or excessive changes are good indicators;

*If at the checkout line, the customer is taking too long to remember and enter in their PIN number that is associated with their respective banking account;

*Or, if the vendor is using a Biometric modality, such as Signature Recognition and it detects and any anomalies in the way and manner in which the signature of the customer is actually being signed.

Of course, it takes a very well-trained eye to detect all of the above, so that is why the Cyberattacker is able to get away with this so frequently now.  The most common industries that are targeted for Synthetic Identity attacks are sports betting and the financial ones. 

The average financial damage to a victim in these instances can range anywhere from $81,000 to $97,000.

My Thoughts On This:

It is important to note that Synthetic Identity Fraud is just a small percentage of the overall, fraudulent activities that occurs here in the United States.  But still, it is rising at an increasing rate, and as mentioned, they are very hard to detect.  So now you might be asking, how does one protect themselves?

Well, it all comes down to what age group you belong in, and how active you are with making purchases, whether it is in the brick-and-mortar stores, or even online.  For example, if you have kids, you have to make doubly sure as to receives their PII datasets. 

With this, you also have to make sure that the elementary or high school that they are enrolled in as well are taking serious efforts to protect it. 

If you are an elderly person with no credit card and just make purchases with a check or automatic payment or withdrawal, you need to be checking your account statements on a regular basis, or better yet, have a relative check your online accounts at on a regular basis to make sure there is no questionable activity that is taking place.

Now, if you are like most of the American crowd, you probably have a couple of credit cards and bank accounts.  Because of this, you have to be much more proactive on your own behalf. 

For example, check your online accounts at least twice a day, examine all financial related documents that you receive in the mail (Cyberattackers are now even sending fake postal mail to lure you in), and check your credit report as much as possible.  Report any fraudulent activity immediately.

Also, keep in mind what you post on Social Media.  This is now a very much favored tool with the Cyberattacker, as they can now build up a profile on you by keeping track of the pictures, videos, and content that you post. 

They do this over a long period of time, so make sure to use all of the privacy settings that are available to you on these platforms.  Never put your credit card information on them!!!

Now comes the question of using AI and ML to track Synthetic Identity fraud.  Yes, these can be great tools to help combat it, especially looking for the very subtle clues as described previously.  But it can also be used for the proverbial dark side as well, especially when it comes to creating what are known as “Deepfakes”.  This is when an image of a real person is used in order to con you in, even though the whole thing is phony.  This occurs typically when there is a Presidential Election.

Finally, if you want to get further details into Synthetic Identity fraud, you can download a report at this link:

https://www.fiverity.com/resources/fiverity-introduces-2021-synthetic-identity-fraud-report2

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...