Synthetic Identity Theft–Fast Growing Consumer Fraud

Thanks to Deb Vosejpka , who posted this article about synthetic ID theft from the KNX News Radio website.  An interesting read, it explained how synthetic ID theft is different from “true-name” identity theft.  Basically, in classical identity theft, the perpetrator secures your social security number and other personal information and opens accounts in your name, operating for all intents as a second you. 

In synthetic identity theft, a real social security number is married to information of other people or just simply fictitious information in order to create one or several new identities.  Since only the social security number is real, it can be impossible to detect and the crimes may continue for years.  The only way to know if your social security number has been used in this way is to check your social security records and see if the reported income is higher than your actual income.

The story reports the court case of Deon Mims, who plead guilt to scamming banks out of $2 million in fraudulent withdrawals, by creating an small army of synthetic identities and using them to form fake companies, open business accounts, and create fake customers to generate fake sales at the fake companies.

Credit reporting company Experian has a great article on their web site that covers this in more detail.  An excerpt follows:

Here’s an example: Let’s say a thief uses a real Social Security number from a real person, yet changes the name, thereby creating a “new person.” The Social Security number is real, but the name is fake. But now, this means that even fake people can get credit. Or, the thief establishes credit histories for fictitious persons by creating false businesses to establish credit accounts and to establish an employment history.

Let’s back up a little. Think of it this way: rather than traditional identity theft, where a crook steals someone’s personal identity, synthetic identity theft involves stealing “bits and pieces” of it. For example, a stolen Social Security number. For the synthetic identity thief, this gets the ball rolling. Consider that, with a stolen Social Security number, a thief can open new bank accounts, obtain new credit cards and even use it to get a job.

You can protect yourself by looking for or doing the following:

  • Shred everything.  Do not throw out mail with your information on it, including credit card applications, utility bills, phone bills, tax information, receipts, and so forth. 
  • Review your credit reports – you can order free reports once a year from the three credit bureaus.  If you space out your requests by 4 months, you can keep tabs on your credit year around.
  • Check your annual Social Security Statement and make sure your reported income is not greater than your actual income.
  • If you are denied credit, make sure the denial was based on your information and not someone else’s.
  • Watch for mail sent to your home address that is for another name, especially for things like credit or debit cards you did not request, or tax refunds you did not file for.  Contact the fraud department of the sender to report the incident and close the account.
  • If you start getting collection calls for debts that are not yours, you will need to contact the credit bureaus and open a dispute to get the claim removed from your credit history.
  • Consider Identity Theft insurance.  This may be available from your home owners insurance company, or it can be purchased from companies such as LifeLock or Legal Shield that specialize in these products.

You think that you are being careful with your online information, and you probably are.  You think this can’t happen to you, but you are wrong.  The release of your PII, your personally identifying information, including your social security number, most likely will happen when a supposedly “secure” database somewhere on the Internet is breached by trained professionals.  The lesson is that no matter how careful you are, it could be the poor practices of someone else that releases your PII.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.