If someone asked you what the biggest identity theft in the country was, how would you answer? Do you think it’s credit card fraud? Bank or tax fraud? Or how about just plain identity theft, where someone steals your name and possibly your Social Security number?
Well, if you put down any of the above answers, you’d be wrong. Because the biggest identity theft right now is synthetic identity theft – a term most people are simply not familiar with. It’s hard to gauge how big a problem it is in terms of dollar amounts, because by the very nature of synthetic identity theft the victim isn’t even aware the problem exists. However, one government affiliate has estimated that the problem is now at $6B (yes, that’s “billion!”) and it’s rising.
Synthetic Identity Theft: A Closer Look
So, what is synthetic identity theft? As the name implies, it’s something that is created artificially from several different sources. Normally, the cybercriminal takes a person’s Social Security number and places it with a phony name, address and other personal information. The more skilled the cybercrook is, the more they can create a completely false, synthetic identity.
Just imagine your Social Security number being used with the name John Smith, who allegedly lives at 321 Main Street, Anywhere, California. All of a sudden, John Smith is opening new credit card accounts in his own name. Next, he appears as a co-owner of your checking account, with full access to your funds.
Synthetic identity theft is impacting all sectors of the economy, including financial, healthcare, the public sector, where benefits are illegally acquired, and the automotive sector, where new vehicles are being acquired using false information. Unfortunately, the problem is quickly growing worse. According to the Federal Reserve, it’s costing each victim an average of $15,000.
Victims are generally those who don’t have access to credit monitoring help, including children, who are the highest category, the elderly and the homeless. Carnegie Mellon University issued a report that found that children had a rate that was 51 times higher than adults, with over 10% of those children having their social security information stolen.
Synthetic Identity Theft – In A Class by Itself
Unlike standard identity theft, where a cybercrook steals a person’s identity, synthetic identity thieves steal a Social Security number or other key personal data and create a completely new identity. In traditional identity theft, a criminal pretends to be a real person using stolen information to gain access to their credit.
A synthetic cybercriminal, on the other hand, combines bits and pieces of real information with made-up information to create a completely new phony identity. This “synthetic” identity is then used to generate all types of fraudulent activity. This includes stealing benefits and money, which harms banks and other financial institutions, especially when credit card fraud is involved. It also includes identity theft that is used to create false documents for residency and work. In addition, the criminal creates a completely alternative credit history using their own name and another person’s Social Security number.
In most instances, the criminal needs to have either a Social Security number or a Credit Privacy Number (CPN) in order to make their scam work. When a cyberthief creates a new credit history or account, it’s done to improve credit ratings and establish a new account, which they use to build up credit card available credit, and then max out the cards and never pay.
Sadly, the original victim is usually a child who had his or her Social Security number stolen. When the victim reaches the legal age of 18 or goes off to college, they often apply for credit and that is when the fraud is discovered. It is devastating to the original victim, and can take an inordinate amount of time and money to resolve the problem.
Avoiding Synthetic Identity Theft
So, how do cybercriminals gain access to the information that they need to create synthetic identity theft? Remember, they need several pieces of real information in order to create a synthetic account. One way is through hacking into your home or work computer. The best way to prevent this from happening is by using two-factor authentication and by being vigilant on using unique passwords.
To be effective, you need a password that is at least 10 characters in length, and always having a different one for each account. It would be impossible to remember those passwords, so you should use a password manager like DashLane, Bitwarden and LastPass, among others. Never leave your computer unattended, and if you’re using a public WiFi network at an airport or coffee shop, always use a VPN (Virtual Private Network) like SurfShark, ExpressVPN or CyberGhost VPN.
Possibly the most important step you can take is to make sure all unauthorized private information is removed from people search sites like Whitepages, Lexis/Nexis People Locator, US Search and PeopleFinders. The problem you’ll face is that there are more than 100 people search sites, and each one has its own rules and requirements for removing information and opting out.
If you were to do this on your own, plan on spending a lot of time – not only locating all of the different sites, but understanding how to remove the information as well. Some people say it’s like having a second full-time job. Hiring someone to do this would be quite costly, as you’ll need someone with the expertise required to remove your data from these sites.
Following the tactics above will help you avoid synthetic identity theft, and safeguard your information and the information of your children.