Cybercheck Logo
Cybercheck  >  Insights  >  Synthetic identity fraud: How inbound marketing is feeding a rising wave of crime
Synthetic identity fraud: How inbound marketing is feeding a rising wave of crime

Synthetic identity fraud: How inbound marketing is feeding a rising wave of crime

Synthetic identity fraud: How inbound marketing is feeding a rising wave of crime
Colin HolderMon Feb 09 20265 min read

Synthetic identity fraud is one of todays fastest-growing cybercrime threats. Its surprisingly simple to do, yet conventional fraud detection systems often struggle to stop it.

What is synthetic identity fraud?

In traditional identity theft, criminals use stolen information to impersonate another real person and perform actions in their name. In synthetic identity fraud, however, criminals dont steal an entire existing identity. Instead, they create entirely new, fictitious identities by combining real and fabricated information.

For example, fraudsters might take a real social security number from a deceased person. They can pair this with a fake name and address, then build a credit history gradually over months or years. The tools and methods that fraudsters use to create fake identities include:

  • Stolen data: Information leaked in data breaches is sold on criminal marketplaces on the dark web and Telegram. Basic personally identifiable information (PII), such as names and credit card numbers, are the starting point for constructing fake identities.
  • Forged documents: Technology is making it easier to create fake identity documents that look convincing enough to pass through verification processes.
  • KYC loopholes: For decades, businesses have relied on KYC processes to verify that potential new clients are genuine and arent involved in illegal activities. However, these systems have serious weaknesses. Often, they only work with partial data, allowing synthetic identities to pass through initial screening.
  • Fake credit histories: Fraudsters gradually build a believable credit history for the synthetic identity by making small purchases and payments under its name.

How does a synthetic identity get created?

Fraudsters create synthetic identities by weaponising the marketing and onboarding processes of legitimate businesses.

The simplest and most effective method is to start by registering the fake identity with as many free loyalty-card schemes, newsletters, and online services as possible. For example, websites offering advice on fraud, credit cards, and investments, along with charities and special interest groups. To speed up the process, the fraudster opts into data-sharing and postal marketing wherever possible.

With this done, the fraudster can sit back and wait while legitimate businesses build the synthetic profile and background on their behalf.

Because no credit is requested initially, the organisations involved dont perform credit checks. Instead, their marketing teams actively send out offers and distribute the fake contact details to selected partners, who then repeat the process.

Early on, credit reference agencies become aware of anewindividual, complete with a name, address, mobile number, and marketing footprint. They add these details to their databases. Other firms may rely on this data later when they go to verify the identity. In this way, the fake identity is propagated through a network of systems that trust one another. The fraudster can then:

  • Start accepting credit card offers generated by the loyalty schemes. These offers are pre-approved and initiated by the lenders, so the identity is rarely challenged.
  • Apply for multiple debit cards and make small, routine transactions, further reinforcing the credibility of the profile held by credit reference agencies.

Before long, this manufactured history gives the synthetic identity the appearance of legitimacy, even though its entirely fabricated.

Synthetic versus traditional (stolen) identity theft

Traditional identity theft is directed against a real person. Eventually, theyll notice unauthorised activities or transactions carried out in their name and will report them.

By contrast, synthetic identity fraud has no real victim to raise the alarm. This allows the fraudsters to operate undetected for extended periods. They can build credit histories, open multiple accounts, and accumulate significant debt, then vanish without trace.

Why synthetic identity fraud is dangerous for businesses

Thomson Reuters reports that synthetic identity fraud is now the worlds fastest-growing form of fraud, surpassing credit card fraud and identity theft. The exact cost is unclear. However, according to BIIA, it could be $30 to $35 billion annually, in the US alone. To make matters worse, losses increased by 50% between 2022 and 2023 according to Equifax.

For businesses, this translates to vast unrecoverable debt and damaged relationships with legitimate customers.

How do fraudsters use synthetic identities?

Fraudsters use synthetic identities for various purposes, including:

  • Creating fake accounts: Opening bank accounts and credit lines to access funds and build credit histories and credibility.
  • Loan application fraud: Applying for personal loans, finance plans, or business credit using established synthetic identities with clean credit records.
  • Business identity theft: Setting up fake companies with synthetic executive profiles to secure loans or establish vendor relationships.
  • Employment fraud: Using synthetic identities to apply for jobs, particularly in remote work situations where verification may be less rigorous.

Protecting your business from synthetic identity threats

To protect your organisation:

  • Implement multi-layered verification processes: When onboarding new customers, cross-reference multiple data sources. Dont rely on single verification points.
  • Monitor customer behaviour: Watch for unusual patterns. For example, rapid credit building, inconsistent personal information, or multiple applications coming from similar IP addresses.
  • Provide security awareness training: Ensure your onboarding teams are aware of the dangers and know how to spot flags. For example, applications with minimal credit history, inconsistent contact information, or customers who seem unfamiliar with their own account details.
  • Audit your customer accounts regularly: Conduct periodic reviews to identify potential synthetic identities that may have slipped through initial screening.

How threat intelligence can prevent synthetic identity fraud

Fraud is fuelled by stolen data. Cybercriminals use information leaked in data breaches to build highly convincing fake identities and launch various types of attacks. However, if you use it smartly, breached data can help you build a powerful defensive shield for your organisation.

Advanced threat intelligence solutions track the forums where criminals buy and sell the raw materials for synthetic identities. At Cybercheck, we infiltrate and scan criminal forums and marketplaces for compromised credentials and PII that may have fallen into criminal hands due to data breaches or leaks.

By combining real-time credential monitoring with solutions to analyse behavioural patterns, device fingerprints, and so on, you can detect danger signals that conventional KYC checks miss. This can help you transition from KYC to a new mindset of PYO — protect your organisation.

Cybercheck Intel

Stay ahead of cyber threats: get the latest threat intelligence, expert insights, and cybersecurity trends delivered straight to your inbox.

Stay informed, stay secure.

Related posts

What is digital identity fraud? How businesses can detect and prevent it

What is digital identity fraud? How businesses can detect and prevent it

Read full post
Stop fraud before it starts: Using breach data and identity signals to power proactive fraud detection

Stop fraud before it starts: Using breach data and identity signals to power proactive fraud detection

Read full post
Deepfake fraud: How to spot and prevent AI-powered scams

Deepfake fraud: How to spot and prevent AI-powered scams

Read full post