Criminals stealing and piecing together parts of your online identity to create fake identities might sound like something out of a science fiction movie, but it happens every day through synthetic identity fraud, or Frankenstein Fraud.
The FBI released a public service announcement in December regarding Frankenstein fraud, which happens when someone steals an individual’s Social Security number and combines it with personal information from other individuals, such as names, addresses and birth dates.
It’s difficult enough to determine whether synthetic identities are real and in this instance, cybercriminals target the Social Security numbers of easy targets: children, recent immigrants, the elderly, incarcerated people and even deceased people.
For example, most children in the United States have a Social Security number, but because they don’t have credit or credit history, there is no reason to actively monitor credit bureaus until they reach adulthood. In theory, there could be a decade-plus of fraudulent activity associated with a child’s SSN before they find out.
Criminals can purchase SSNs on the dark web, steal them from data breaches or con them from people through methods like phishing.
Synthetic identity theft flourishes because of a simple flaw in the US financial and credit system. When the criminal uses the synthetic identity to apply to borrow from a lender, it’s typically denied credit because there’s no record of that identity in their system.
The thieves are expecting this since children and teens may have no credit or a thin history, and elderly individuals may have poor credit scores.
Once an identity applies for an account and is presented to a credit bureau, it’s shared with other credit bureaus. That act is enough to allow credit bureaus to recognize the synthetic identity as a real person, even if there’s little activity or evidence to support that it’s a real person. Once the identity is established, the fraudsters can start borrowing credit from lenders.
With realistic synthetic images and voices, fake personas now easily pass onboarding and security checks. It’s no longer just about fake documents—entire digital identities are being created and the problem is growing. In 2022, 1,774 data breaches exposed the personal information of over 392 million people worldwide. Cybercriminals are combining this stolen data with AI tools to craft convincing fake identities, enabling scalable attacks like credential stuffing. Meanwhile, deepfake technology keeps getting more advanced, making the threat even worse.
To combat this, organizations must go beyond data integrity and adopt liveness detection to ensure the person behind the data is real.
How can individuals protect themselves? By checking credit reports regularly and signing up for free credit monitoring. They can also use an identity theft protection service or PII removal software such as MyPrivacy360.
