As we all know, one of the primary aims of the Cyberattacker
is to ultimately steal our identity, and sell whatever information they can get
from it on the Dark Web, or try to use it get a hold of our bank accounts and
the like.
Normally, the norm has been to go after our real
information, and launch attacks that way.
But now, there is a new trend that is occurring, and in fact, it is
quite scary. These are called “Synthetic
Identities”. You may be asking at this
point what is it? Well, here is a god
definition of it:
“It is created by using a combination of real information
(such as a legitimate Social Security number) with fictional information (which
can include a made-up name, address or date of birth). Fraudsters increasingly
use synthetic identities to commit payments fraud, which can escape detection
by today's identity verification and credit-screening processes.”
(SOURCE: https://www.federalreserve.gov/newsevents/pressreleases/other20190709a.htm).
So essentially, in these instances, the Cyberattacker is taking
information and data that is real abut out, and combining it with fake information/data
about you. It is important to keep in
mind that most Cyber systems of today only keep an eye out for your legitimate information
in case if it is ever stolen.
Thus, to avoid detection, the Cyberattacker is now combining
that the unreal data to fly under the radar and avoid detection.
In fact, this new form of Cyber threat has gotten so bad
that it has literally cost the US financial system over $20 billion just last
year. Back in 2016, it was just $6
billion (bad enough though). Unfortunately,
in these instances, the most common targets are the kids and the elderly folk
of our American society.
The primary reason for this is that these groups of people
tend to have basically no credit history whatsoever.
Because of that, the all the Cyberattacker needs is just the
name of the individual, and pretty much their Social Security number. From here on out, all of the fake information
and data can be created, and it will be even harder to detect, because there is
virtually no financial history that law enforcement can tie back to in case,
they ever do become a victim.
With this, the Cyberattacker can create phony credit cards,
bank accounts, etc. and use these vehicles for a much longer period of
time. The ultimate goal here of course
is to collect all of the money that is possible, and house them under offshore
accounts.
And since these are technically not stolen credit cards or
bank accounts, detecting the fraudulent usage of them has become that much more
difficult.
Although difficult to detect, there are some very subtle
telltale signs if a Synthetic Identity Fraud is actually taking place. These include:
*People with near perfect credit scores, which in today’s
world is a dream to have;
*Any sudden changes in contact detail, such as phone number,
email addresses, etc. Now of course,
people are going to be changing their contact details from time to time, but
any rapid or excessive changes are good indicators;
*If at the checkout line, the customer is taking too long to
remember and enter in their PIN number that is associated with their respective
banking account;
*Or, if the vendor is using a Biometric modality, such as
Signature Recognition and it detects and any anomalies in the way and manner in
which the signature of the customer is actually being signed.
Of course, it takes a very well-trained eye to detect all of
the above, so that is why the Cyberattacker is able to get away with this so
frequently now. The most common industries
that are targeted for Synthetic Identity attacks are sports betting and the financial
ones.
The average financial damage to a victim in these instances can
range anywhere from $81,000 to $97,000.
My Thoughts On This:
It is important to note that Synthetic Identity Fraud is
just a small percentage of the overall, fraudulent activities that occurs here
in the United States. But still, it is rising
at an increasing rate, and as mentioned, they are very hard to detect. So now you might be asking, how does one
protect themselves?
Well, it all comes down to what age group you belong in, and
how active you are with making purchases, whether it is in the brick-and-mortar
stores, or even online. For example, if
you have kids, you have to make doubly sure as to receives their PII datasets.
With this, you also have to make sure that the elementary or
high school that they are enrolled in as well are taking serious efforts to protect
it.
If you are an elderly person with no credit card and just
make purchases with a check or automatic payment or withdrawal, you need to be
checking your account statements on a regular basis, or better yet, have a
relative check your online accounts at on a regular basis to make sure there is
no questionable activity that is taking place.
Now, if you are like most of the American crowd, you
probably have a couple of credit cards and bank accounts. Because of this, you have to be much more
proactive on your own behalf.
For example, check your online accounts at least twice a
day, examine all financial related documents that you receive in the mail
(Cyberattackers are now even sending fake postal mail to lure you in), and
check your credit report as much as possible.
Report any fraudulent activity immediately.
Also, keep in mind what you post on Social Media. This is now a very much favored tool with the
Cyberattacker, as they can now build up a profile on you by keeping track of
the pictures, videos, and content that you post.
They do this over a long period of time, so make sure to use
all of the privacy settings that are available to you on these platforms. Never put your credit card information
on them!!!
Now comes the question of using AI and ML to track Synthetic
Identity fraud. Yes, these can be great
tools to help combat it, especially looking for the very subtle clues as described
previously. But it can also be used for
the proverbial dark side as well, especially when it comes to creating what are
known as “Deepfakes”. This is when an
image of a real person is used in order to con you in, even though the whole thing
is phony. This occurs typically when
there is a Presidential Election.
Finally, if you want to get further details into Synthetic
Identity fraud, you can download a report at this link:
https://www.fiverity.com/resources/fiverity-introduces-2021-synthetic-identity-fraud-report2
No comments:
Post a Comment