The Latest Fraud Problem: Synthetic Identities
By combining some factual stolen information with completely fake information, thieves convince banks and credit monitoring companies that a fake identity is real. The "bad guy" is not pretending to be the person whose information was stolen or acquired; rather, the data is being used to create a brand-new identity. Thus, the phrase "synthetic identity theft" is born.
But how do these scams work?
Synthetic Identity Theft Method No. 1
Fraudsters specializing in synthetic identity theft focus on stealing Social Security numbers by looking for underutilized SSNs, such as those belonging to children, seniors or incarcerated individuals. Once a number is found, it is added to a new identity, and the thief applies for a credit card or loan. Though the application may be rejected, it generates an inquiry with a credit rating institution. And once that exists, it's easier to legitimize the synthetic identity.
Now, when a new application for a credit card or loan is submitted, it's more likely to succeed. Thieves can then open small accounts designed for people with little or no credit history and work on building a positive credit profile. And once that positive history is there, the fraudster can draw increasingly larger lines of credit.
Eventually, the real owner of the SSN gets messages about accounts that aren't being paid. Whoa! It's like getting slapped in the face. You never knew that your SSN was stolen because credit checks didn't initially appear on your credit reports.
Synthetic Identity Theft Method No. 2
Credit Profile Numbers, nine-digit numbers that look like SSNs, are created by credit repair companies. They're at the core of this scam. The object is to defraud financial institutions by creating a new persona and using it to apply for credit cards or loans rather than having to use an SSN that's attached to a poor credit history. It's illegal to use a CPN in place of an official SSN. But you know who's selling these CPNs? Yes, illegitimate credit repair companies, and they're creating trouble for their clients.
How can you protect yourself from synthetic identity theft?
Sadly, with current technology, it's almost impossible to prevent synthetic identity theft. It's extremely difficult to track down and verify that the information is stolen until after the damage has been done. But there are ways to minimize the risk and to check whether you've become a victim.
- Regularly acquire copies of your credit reports. You're looking for a fragmented file — a sub-account within your credit report. This would reveal any accounts opened with your SSN under a different name.
- Don't throw private information in the trash. Avoid throwing in the garbage anything with SSNs or other personal identifying data. Make sure to shred documents and mix the shreds so they can't be pieced back together.
- Don't click on unknown or strange links online. And don't enter information into unsecured websites. Some hackers use links that take you to fake websites. Make sure you see "HTTPS" in the web address. If you don't, it's not secure. Only secured, verified websites receive high-level HTTPS TLS/SSL certificates from official certificate-granting authorities.
- Create strong passwords and change them every six months. Strong passwords combine letters, numbers and symbols. Also avoid using the same password for all your accounts.
- Don't carry your Social Security card with you. Put the card somewhere in your home where it is secure.
If identity theft happens to you or someone you know, many public and private entities exist to help identity theft victims recover from fraud. The federal government provides resources to help you understand your rights and responsibilities. You can start with the Federal Trade Commission.