It has all the hallmarks of a science fiction movie. Some disillusioned scientist is working in the basement of some clandestine laboratory, combining chemicals and potions to create something that never existed before. In most movies, the creation would kill the mad scientist. In real life, however, it’s not the creator that gets hurt. It’s the consumer.
Instead of science fiction, combining elements from separate entities is happening right now. It’s called synthetic identity theft, and it takes elements from a real person and combines them with the made-up identity from a cyber crook to create a new, or synthetic, entity. The criminals then use these new identities to steal from your bank accounts, create new credit cards in your name, steal your tax return, commit medical identity theft and so much more.
Creating a Synthetic Identity
Here’s what’s happening in the cybercrook’s lab. They steal a Social Security number, often from a child. In fact, over 1 million children had their Social Security number stolen last year, and two-thirds of them were 7 years of age and younger. Child identity theft is a growing problem, and a lot has to do with synthetic identity theft. According to the Federal Reserve, synthetic identity theft is the fastest-growing form of identity theft in the U.S. And it’s costing victims about $15,000 each.
Once the cybercrook has that Social Security number (your child’s or your own), or a Credit Privacy Number (CPN), they merge it with fake names, phony birth dates, different addresses and phone numbers, or other data, and come up with a hybrid of a real number and a made-up person. And that’s when the crook really gets going. Sadly, it’s not only children whose Social Security numbers end up in a synthetic identity scam. It’s elderly and, unfortunately, those who have recently died.
Once the synthetic identity is created, the cybercrook builds a credit history using phony names and information. After going on a credit theft rampage, they move on to a different synthetic identity. But the damage has already been done. They set up credit card accounts and charge on with no intention of ever repaying. They can also steal funds from banks, repair their own poor credit scores and perform many other nefarious activities.
How Did Synthetic Identity Theft Grow so Fast?
It seems like nobody ever heard the term “synthetic identity theft” a few years ago, and then it had become the fastest-growing form of identity theft in the US. How did this happen? First, Social Security changed its tactics. It used to be that a person’s SSN was tied to the state where they were born, which was discontinued in 2011. This made it harder for financial institutions to spot Social Security fraud.
Another problem is that a person’s personally identifiable information (PII) is easier than ever to access. All a cyber crook has to do is hack into a database that has customer information (these data breaches happen every year). Once the hack is completed, the cybercrook has volumes of personal information to merge with real Social Security numbers. Another tactic is to buy the information from people-search sites, which have millions of records of unauthorized personal information. Once they have the basic PII, they can search further and end up with an SSN and other information. The fraud begins.
Preventing Synthetic Identity Theft
While everyone is concerned about how fast synthetic identity theft is growing, all is not lost. In fact, there are ways to prevent it from happening in the first place.
One of the first steps is to delete all unauthorized personal information from people-search sites. It’s not an easy chore, but it can – and must be done. The problem is that there are more than 100 people-search sites, like ZoomInfo, PeekYou, and Spokeo. First, you need to find each one, and then delete the info, and opt out. However, each site has its own rules and regulations on how to delete information and permanently opt-out. It’s quite time-consuming, and if you hire someone to do it, plan on writing a large check.
Another tactic is to boost your online security by enhancing your password protection. Having a strong password is key – and that means one that’s at least 10 characters long, and includes numbers and symbols. In addition, you should have a different password for each and every account you log onto. Managing that would drive the average person crazy, so a password manager is the work-around that will generate and manage all of your passwords. The top ones include LastPass, 1Password, and Dashlane.
Limit your Social Security number exposure. Other than financial institutions you deal with or visit in person, or government entities you’ve verified, don’t hand out your SSN. In addition, limit the chance a thief can get access to Social Security correspondence by eliminating paper correspondence. Instead, use Social Security’s online portal to conduct all of your business.
If you think you’ve become a victim of synthetic identity theft, report it. Always check your credit reports to make sure there isn’t any suspicious activity, and if you find any, report it. You’re entitled to a free annual credit report, or you can request it from one of the 3 major credit bureaus – Experian, Equifax, or TransUnion. In addition to reporting fraud, be sure to put a credit freeze on your account. That way cybercrooks can’t open any accounts using your information or data. It’s free, and it doesn’t impact your credit at all.
Following these tips and recommendations will help to prevent you from becoming a victim of synthetic identity theft and help you avoid the cost and hassle it creates.