The most common identify theft is synthetic. By combining some factual stolen information with completely fake information, thieves convince banks and credit monitoring companies that a fake identity is real. The “bad guy” is not pretending to be the person whose information was stolen or acquired; rather, the data is being used to create a brand-new identity. Thus, synthetic identity theft is born.
How do these scams work?
Synthetic Identity Theft Method No. 1
Fraudsters specializing in synthetic identity theft focus on stealing Social Security numbers by looking for underused SSNs, such as those belonging to children, seniors, or incarcerated individuals. Once a number is found, it is added to a new identity, and the thief applies for a credit card or loan. Though the application may be rejected, it generates an inquiry with a credit rating institution. Once that exists, it is easier to legitimize the synthetic identity.
Now, when a new application for a credit card or loan is submitted, it is more likely to succeed. Thieves can then open small accounts designed for people with little or no credit history and work on building a positive credit profile. Once that positive history is there, the fraudster can draw increasingly larger lines of credit.
Eventually, the real owner of the SSN gets messages about accounts that are not being paid. You never knew that your SSN was stolen since the credit checks did not initially appear on your credit reports.
Synthetic Identity Theft Method No. 2
Credit Profile Numbers (CPN), nine-digit numbers that look like SSNs, are created by credit repair companies. They are at the core of this scam. The object is to defraud financial institutions by creating a new persona and using it to apply for credit cards or loans rather than having to use an SSN that is attached to a poor credit history. It is illegal to use a CPN in place of an official SSN. Who is selling these CPNs? The illegitimate credit repair companies are selling the CPNs and creating trouble for their clients.
How can you protect yourself from synthetic identity theft?
With current technology, it is almost impossible to prevent synthetic identity theft. It is extremely difficult to track down and verify that the information is stolen until after the damage has been done. There are ways to minimize the risk and check whether you have been a victim.
- Regularly acquire copies of your credit reports. You are looking for a fragmented file — a sub-account within your credit report. This would reveal any accounts opened with your SSN under a different name.
- Do not throw private information in the trash. Avoid throwing in the garbage anything with SSNs or other personal identifying data. Make sure to shred documents and mix the shreds so they cannot be pieced back together.
- Do not click on unknown or strange links online. Do not enter information into unsecured websites. Some hackers use links that take you to fake websites. Make sure you see “HTTPS” in the web address. If you do not, it is not secure. Only secured, verified websites receive high-level HTTPS TLS/SSL certificates from official certificate-granting authorities.
- Create strong passwords and change them every six months. Strong passwords combine letters, numbers, and symbols. Also avoid using the same password for all your accounts.
- Do not carry your Social Security card with you. Put the card somewhere in your home where it is secure.
If identity theft happens to you or someone you know, many public and private entities exist to help identity theft victims recover from fraud. The federal government provides resources to help you understand your rights and responsibilities. You can start with the Federal Trade Commission.