Overview

By combining real and fabricated information to create fake identities, scammers have developed a new avenue through which to commit fraud. This synthetic identity theft can be hard to detect and prevent but, by applying similar security practices to traditional identity theft, you can safeguard your information.

Synthetic identity theft is one of the fastest growing forms of identity theft, with criminals piecing together an entirely new profile with bits of real and fake information.

On paper, this synthetic identity looks like a real person’s so it can be used to steal money, apply for credit, hide a criminal past, or get medical treatments. 

How synthetic identity theft happens

With traditional identity theft, only your personal information — specifically your correct information — gets hijacked.

On the other hand, criminals blend real personal information with fabricated details to carry out synthetic identity theft, especially credit fraud.

For example, by combining a stolen Social Security number purchased on the dark web with other stolen personal information they create a rounded-out “person.”

Then, they’re able to apply for a line of credit. Even if their application is rejected by the credit bureau, a credit profile is created in the bureau’s system.

With this credit profile, fraudsters may now target people with a good credit history by adding themselves as an authorized user — a process known as “piggybacking.”

Once this fabricated "person" appears credible, they can start establishing a credit history and eventually apply for loans or a credit card using real personal details.

Some criminals spend years nurturing a synthetic identity profile before cashing in on it. That means your PII may be compromised and your credit history may be damaged long before anything suspicious surfaces. 

Fast Facts

The impact and cost of synthetic identity theft

  • Socure, a fraud analytics group, determined that approximately 2.48 million fake bank accounts in America belong to fabricated identities.

  • Datos Insight, another top financial research firm, projected that synthetic identity theft related credit losses would reach $2.4 billion this year.

How to prevent synthetic identity theft

Fortunately, you can apply many of the same best practices you use for preventing traditional identity theft to prevent synthetic identity theft, including:

  • Being conscious of — and conservative with — your digital footprint. Your digital footprint consists of much more than you might think, even your offline actions. When you register in person for a store’s loyalty program, include your email address on application forms, or apply for a new line of credit, you increase your digital footprint. Your digital footprint can also grow without you taking any action at all (for instance, organizations you trust may sell your information to third parties). This is why monitoring your digital footprint and being informed about the PII you share is critical. 

  • Turning on two-step authentication. Establish two-step authentication (2FA) as the default protocol in your device settings and apps. With 2FA enabled, you can only sign into an account with your username and password and a required, one-time-use-only code — usually sent to you via text or email. Accounts with this layer of protection are more secure than those without it.

  • Monitoring your credit report. National credit bureau Equifax warns that synthetic identity theft commonly happens to children, older generations, and homeless individuals because these groups don’t regularly check their credit scores. Make it a habit to check your credit report at least once a year, and if you're a parent and you're concerned that your child's information has been used to open credit accounts, check with Equifax, Experian, and TransUnion. 

  • Guarding your Social Security number (SSN) and card. Store the physical card at home, shred documents that note your SSN before disposing of them, and only share your SSN when absolutely necessary — never over email or aloud in the company of others.

  • Staying alert to phishing attempts. Phishing occurs when scammers trick you into divulging your PII or clicking on links that allow them to hack your devices. To steer clear, verify that a request comes from a legitimate source and don’t click on links from people or companies you don’t know or any links that don’t begin with “https,” the sign of a secured site.

  • Activating an identity protection service. With Allstate Identity Protection, members are more protected from even the most sophisticated forms of identity theft, such as synthetic identity theft. We can monitor your digital footprint, detect risks, and assist you if issues arise.