What if you were to wake up tomorrow with a ruined credit rating, huge demands for unpaid bills, and law enforcement investigating your every move? It could happen, thanks to a criminal trend called synthetic identity theft.
As we’ll see, synthetic identity theft is one of the most important online threats faced by today’s web users, and it can have devastating consequences. This article will look at what it is, why it matters, and what ordinary people can do to avoid becoming victims.
What is synthetic identity theft?
Synthetic identity theft could be one of the most devious crimes of all, and you could be a victim without knowing anything about it.
SIT basically involves creating a fully-functioning but fictional replica of a real individual.
There’s no need for advanced robotics or cloning. Instead, criminals use what is known as personally identifiable information (PII) to construct a digital version of their target.
That’s why it’s called “synthetic.” Criminals need to put together enough pieces of information to enable them to step into the persona of an individual. And when they do this, it gives them enormous power.
For example, scammers can pose as somebody and take out numerous credit cards in a matter of hours. Before you know it, they could have purchased holidays, jewelry, sports cars – you name it.
However, SIT doesn’t always happen in the short term. Sometimes, scammers take things much more slowly. If they have your social security number, they can link this to a specific address and receive statements there. They can build up a credit rating in your name without you ever seeing a single letter from the bank.
Over time, as the fake individual’s credit rating improves, the criminals prepare to strike. And when the moment is right, they can devastate your finances.
What is the scale of the SIT problem in the USA?
You might still question whether synthetic identity theft is actually such a big deal. After all, it seems like so much work to nurture credit ratings, steal data, and create a believable persona for fake individuals. Surely that couldn’t be done on a mass scale?
Think again. Rings of organized criminals have developed that specialize in managing fake profiles. And with the SIT “sector” netting around $800 million (at least) in 2017, the work these rings put in pays off, big time.
And the problem isn’t restricted to high worth individuals. Actually, some of the most innocent, defenseless people in society are most likely to fall victim.
For instance, law enforcement experts have noted a trend towards children being victimized. Scammers can harvest social security details when children are well under 18, providing a really unpleasant surprise when victims come to apply for their first credit card.
Given all of this, the obvious question is what can we do about synthetic identity theft? Thankfully, there some proven countermeasures that can help before and after thefts occur, and everyone needs to know about them.
What counts as personally identifiable information?
The most important challenge when avoiding SIT is keeping your Personally Identifiable Information locked down. What counts as PII? This list should help you get a handle on the situation:
- Social Security numbers
- Date of birth
- Cellphone number
- Credit card and bank details
- Street address
- Mother’s maiden name
- Biometric details
- Place of work/previous employers
- Medical enrolment records
- Driver’s license details
These pieces of information tend to be classified as either “linked” or “linkable.” Both play a role in allowing scammers to build synthetic profiles.
Linked details include information which directly identifies the individual concerned. This could be your driver’s license, passport number, or date of birth.
Linkable details don’t identify individuals on their own, but allow scammers to make their profiles more believable. This could include your place of work, gender, race, or city of birth.
As you can probably tell, that includes a huge amount of information for each and every person in the USA. And it only takes a few pieces of linked and linkable data to start posing as somebody else.
How to keep your personally identifiable information secure
Given the danger of SIT, everyone should have a strategy in place to protect their PII, but very few people do. We routinely “overshare” on social media and fail to protect data online. And that can be a fatal error.
However, there are ways to build an effective anti-fraud strategy:
- Be really careful about using social media – firstly, audit all of your public profiles and assess whether you need to share personal information or not. It’s nice to tell people who we are, and what drives us. But do you need to tell people your place of work or which car you drive? As a rule, share as little as possible on all social media sites.
- Become savvy about phishing – sometimes, scammers harvest personal data due to poor digital security practices. For instance, they can implant malware onto your system when you download malicious email attachments or visit fake websites. So tighten up your game where security is concerned. Never click unsolicited attachments, double check links in emails, and be really careful when shopping online.
- Work on your password security – criminals can also access PII by cracking or brute forcing weak passwords. Don’t give them the opportunity. Instead, use password managers like DashLane and always use strong, hard-to-guess passwords for every web portal you use.
- Update your antivirus software regularly – this is a no-brainer for so many reasons. Criminals can use malware or viruses to register your keystrokes and online activity, which can then contribute to SIT. But if you update your antivirus software as you should, then you’re in a better position to neutralize malicious agents before they cause any harm.
- Steer clear of businesses with poor digital security – sometimes, SIT results from no fault of your own. Corporations regularly “lose” vast amounts of PII via data breaches, which is then sold to criminals via the Dark Web. While you can’t be 100% certain that companies are secured against data breaches, it’s good practice to double check that they use encryption, and if they have suffered in the past from leaks, try to stay clear.
How a VPN can help protect your PII
One countermeasure stands out from the crowd and should be a key part of every anti-identity fraud toolkit. Virtual Private Networks (VPNs) should be a go-to tool when keeping your PII safe. In fact, you can’t really use the web safely in public without one.
VPNs work by applying encryption to all of your web traffic and routing that traffic through servers across the world. In the process, they anonymize your identity – making life hard for people who want to steal your data.
This is most important when you are surfing the web via public wifi networks. on your smartphone or laptop. These networks are well-known for security vulnerabilities, and it’s relatively easy for scammers to use them to steal your PII. If you don’t conceal that information behind encryption, that is.
Stay safe and avoid becoming an identity theft statistic
All around you, people are falling victim to serious fraud without knowing anything about it. But you don’t have to be like them.
By adopting security practices like strong passwords, regular antivirus updates, using a good VPN, and becoming aware of phishing risks, anyone can minimize the dangers posed by SIT.
This takes work, there’s no denying it. Sometimes, people need to change their entire online behavior, which can be a real challenge. But when the risks outweigh the effort required, that’s a challenge everyone needs to meet.