Synthetic Identity Fraud: A Growing Threat

by Reese Kimmons, MS ISA

Even if you’re careful about what you do and share online and use security tools that protect your personal information and sensitive data, you can still become a victim of synthetic identity fraud.

According to management and consulting firm McKinsey and Company (, synthetic identity fraud is currently the fastest growing financial crime in the U.S., leading to 10-15% of account charge-offs due to defaults on unsecured loans.

Synthetic identity fraud occurs when bits of real personal data are combined with fabricated details to create a whole new identity that is then used to defraud creditors. The difference between this tactic and full-blown identity theft is that creating a new identity using readily-available bits of verifiable personal information is actually much easier.

Continue reading to learn more about this type of fraud and what you can do to protect yourself and your credit score.

How a Synthetic Identity Is Created

synthetic identity fraud

For years, personally identifiable information (PII) has been collected in data breaches, stockpiled on the Dark Web, and made available to cybercriminals. People search sites gather data on real people from online trackers and combine it with PII information from public records to build extensive personal profiles available to anyone who wants to pay for them.

Social Media Use

Social media users have become too comfortable with oversharing their personal information, exposing more data than they should. There are many sources perpetrators of synthetic identity fraud can tap into to gather the tidbits of PII needed to fabricate new fictitious identities.

The PII incorporated into these fake identity profiles could include birth dates and names along with information that can be used for identity confirmation, such as the street you grew up on, the make of your first vehicle, or your birthplace. Details like these are often shared on social media without consideration of how they might be misused. 

Social Security Breaches

Social Security numbers stolen in previous breaches are often used in conjunction with fabricated identity details. Bad actors especially like to use the SSNs of infants and young children because it can be years before the victim applies for their first credit card and discovers the crime.

Once the criminal has combined the authentic information with fake details like a made-up address or fabricated social media profile to build a new identity, he or she can begin applying for loans and defrauding creditors.

Common Synthetic Fraud Tactics

synthetic identity fraud

Some synthetic fraud users will create multiple synthetic identities they can use simultaneously, allowing them to apply for more unsecured loans. There is also a tactic known as “bust-out fraud” whereby criminals use fake profiles to obtain credit, establish a good payment history to increase the amount of available credit, then charge the maximum amount on the account before absconding with their profits.

Protecting Yourself from Synthetic Identity Fraud

Unfortunately, there isn’t a ton you can do to protect yourself from these types of fraud. There is already enough PII data available to facilitate the creation of massive numbers of synthetic identities. Going forward, however, you can take steps to ensure that you are sharing only the minimum amount of your personal data required.

Post Less on Social Media

Think about what you post on social media. If it’s something that might be an answer to a security question used for identity verification (first dog, first car, birthdays, mother’s maiden name, etc.), don’t post it. 

Make Up Personal Information

Make up fake information whenever possible. If, for example, you’re adding a streaming channel to your TV and are asked to provide PII data, make some up. Whenever you share your personal information, you are trusting that the entity you’re sharing it with will secure it and prevent it from being exposed in a breach. Often, that is not the case.

Use Password Managers

password manager

Beware of malicious websites. These may even appear to be authentic sites of companies you normally do business with, but are, in fact, sites designed to steal your PII, passwords, and other data. 

Consider using a password manager application. A good password manager app will not only generate complex passwords and securely store them for you, but will also run verification checks on the sites requesting your credentials to ensure that those sites are legitimate.

Freeze Your Credit

credit freeze

You may also want to consider placing a freeze on your credit. This will help to prevent all forms of identity theft. If you have children, consider freezing their credit as well. You’ll need to apply freezes with all three credit bureaus. 

Nerd Wallet posted a good article at that will guide you through the process of applying freezes for yourself and your children.

Final Thoughts…

Synthetic identity fraud is a rapidly-growing threat that impacts individual consumers, financial institutions and businesses, and government agencies. The information criminals need to build synthetic identities is already available online, and, in many cases, consumers are helping them to commit fraud by sharing even more personal data on social media and elsewhere. 

Unfortunately, aside from being more cautious about providing personal data going forward, there isn’t much the average person can do about the threat of synthetic fraud. The organizations being defrauded will have to come up with new ways to spot this fraud and put a stop to it before credit is extended.

About the Author:

Reese Kimmons is an experienced IT executive with an AAS in Applications Programming, a BS in IT Management and an MS in Information Security and Assurance. During his time in the IT industry, Reese has earned certifications in ethical hacking, forensics investigations, ISO/GIAC, and Cisco networking.

Leave a Comment

Your email address will not be published. Required fields are marked *