Most anyone who has ever spent time in their kitchen preparing dinner is able to follow some basic recipes and prepare a decent meal. But the best chefs in the world don’t always follow recipes; instead, they experiment by adding a new ingredient, swapping out other ingredients, then adding a touch of a new seasoning and exploring different ingredient combinations – until the dish is uniquely theirs and is ready to serve.
That’s kind of what synthetic identity theft is – and, according to the Federal Reserve, it’s the fastest-growing form of identity theft in the country. A cybercrook will start with a key ingredient, like a Social Security number that he or she stole. Then, they’ll add a new name, a different address, swap out a different phone number, and new birth date, and they will have created a new, synthetic identity. Synthetic, because the person never existed before the cybercrook began their nefarious work. OneRep has published an informative article on this important topic.
A Recipe for Disaster
The key, the golden goose, the holy grail – is Social Security number (SSN). Combining a real number with stolen names and other identifiers is how the cybercrook cooks up a synthetic identity. So, how do they get access to a Social Security number? Sadly, it’s easier than you think. One way is to steal a child’s SSN; in fact, over 1 million children’s SSNs are stolen each year, and 66% of those children were 7 years old – and younger.
Another way they get a Social Security number is when someone loses their wallet or purse, and the person made the mistake of carrying their SSN inside. The cybercrook can also hack into tax preparation services to steal Social Security numbers, or hack into personal computers to get it. In addition to children, cybercrooks target the elderly, who often don’t monitor their credit reports or bank activity. They can also purchase personally identifiable information from people-search sites that provide plenty of sensitive and financial information, which can lead them to an SSN. Cyberthieves also like to steal Credit Privacy Numbers (CPN), which can work like a Social Security number when they’re creating synthetic identities.
If the cybercrook uses a real person’s name with the stolen SSN, the person, or victim, may end up with bad credit. Some estimates are that these victims end up spending $15,000 or more to solve their problems due to synthetic identity theft. But the biggest victims are the financial institutions. Since there’s no real person most of the time to go after, it’s the banks and credit card companies that end up dealing with the charges.
Another problem with stealing a child’s SSN is that they probably won’t discover the theft until they’re much older. This is when they go off to college or start applying for credit, or try to buy a car, only to find out their credit is in shambles. It’s sad, and it will take a lot of time, effort, and money to straighten the mess out.
How Cybercrooks Work
A cybercrook may purchase identity information on the dark web, or buy it from people-search sites. They take the real SSN and marry it to a fictitious name. They begin applying for credit, and even if declined, it helps them build a credit history. Once they gain access to credit, they work to build up a high score. They’ll apply for multiple credit accounts, max the credit and then disappear, leaving the high balances for the credit card companies to deal with.
Avoiding Synthetic Identity Theft
Preventing synthetic identity theft is undergoing a major push because it’s becoming so rampant. While it’s not easy to avoid it, there are some steps people can take to help prevent the theft.
The key is avoiding having your Social Security number stolen. To begin with, you need to remove all of your unauthorized personal data from people-search sites, because that’s where cybercrooks like to purchase sensitive information – often enough info that can lead to discovering the person’s SSN. There are more than 100 people-search sites, like US Search, Spokeo, and Whitepages, and each one has its own unique way of deleting information and opting out of the account. While it’s difficult and very time-consuming, it’s one of the best ways to prevent becoming a victim of synthetic identity theft.
Another way cybercrooks get information is by stealing passwords because they’re responsible for 80% of computer hacks. You need to have a strong password for protection, which means a minimum of 10 characters that include numbers, letters, and symbols. Plus, you should only use the password for one account and generate a new one for every other account that is password protected. Doing this can end up being a full-time job. Instead, use password management software to generate and manage all of your passwords. Some of the top ones include LogMeOnce, Keeper, and 1Password, among many others.
Also, a person should always check their own credit report. You’re entitled to do this for free on the web, or you can contact one of the major credit bureaus – Experian, Equifax or TransUnion. By requesting a copy of your own report, you can verify that the information contained in the report is accurate, and there is no suspicious activity on your account. If there is, report it immediately to the FTC, and if you know that you’ve been victimized, put a credit freeze on your account. That will prevent cybercrooks from indiscriminately opening any accounts in your name.
By following the recommendations and tactics outlined above, you’ll help to avoid becoming a victim of synthetic identity theft, saving you from the lengthy, costly and arduous road of regaining your good credit history.