By Simeon Tassev, MD & QSA at Galix Networking
Identity theft is by no means a new phenomenon, but it has evolved in recent years, and a new type, known as synthetic identity fraud, has become more prevalent. This method involves combining real information like ID number, name, and date of birth with fake information, to create a new identity. This can be used for various malicious activities, and it is becoming more common for fraudsters to use this type of fraud tactic in phishing attacks to trick individuals into revealing sensitive information or downloading malware. Identifying synthetic identity fraud is difficult, because of the combination of real and fake information, so individuals and businesses need to be aware and vigilant when it comes to protecting sensitive information.
Enhanced techniques for phishing scams
Phishing scams are also not a new development, but by using synthetic identity fraud they can become far more sophisticated, harder to detect, and therefore more effective at stealing personal and sensitive information. A synthetic identity can be used to create fake social media or email accounts to contact potential victims, which on cursory inspection appear to be real and genuine accounts. This lends credence to the fraudster.
Phishing emails or messages will then be sent out to potential victims, with the fraudster posing as a legitimate individual or business, such as a bank or credit company. The ‘identity’ of the person can be searched, and results will appear, making them seem genuine. There may also be links to fake websites that look like the real one, file attachments that contain malware, and other common attack vectors.
Due to the person’s authentic and genuine appearance, the phishing attack is more likely to yield the desired result – gaining access to sensitive information such as login credentials, ID number, financial information, and more. This information can in turn be used for a wider cyberattack or to steal a person’s identity, apply for credit, open bank accounts, and engage in other fraudulent activities.
Once a synthetic identity is created it can be used for various financial activities. These include credit card fraud, where the identity is used to apply for credit and make purchases. The fraudster will generally start with small purchases, to avoid suspicion and build up a credit history, and gradually increase the amount of fraudulent purchases.
Synthetic identities can be used to apply for loans, such as personal loans, vehicle finance, or home loan, and the loan proceeds can then be used to make purchases or to engage in other fraudulent activities. They can also be used in tax fraud to file fraudulent tax returns, to claim refunds that do not belong to the fraudster, and in medical fraud to obtain medical services and prescriptions, leaving the victim with the bills.
The repercussions include a damaged credit score, which can pose as a challenge for a person seeking to acquire loans, credit cards or other financial products, or large unpaid debts and bills. Furthermore, legal issues can also arise if fraudsters engage in criminal activity using the stolen identity, and it can be challenging having to prove your identity and clear your name should the synthetic identity become well-established.
Prevent, don’t cure
Synthetic identity fraud is a growing problem, and it can be difficult to detect because the identity is a combination of real and fake information that can be groomed for years to make it look more real.
To protect against synthetic identity fraud, individuals should be careful when providing personal information online and should regularly monitor their credit reports for any suspicious activity. Ultimately, preventing identity theft goes back to having all the basic checks and controls in place to protect information. It is important for both individuals and businesses to protect their information and always perform due diligence and follow correct methods for confirming identity. For businesses, it is also essential to understand the environment and the risks, and to put appropriate solutions into place to prevent them. Cybersecurity always comes down to understanding the risks and finding the most appropriate ways to mitigate them, so always talk to your technology partner to find the best solution for your needs.