Everyone’s heard of identity theft – it’s the fraudulent practice of using the name of another person to gain something of value; in most cases, we all hear of identity theft when a data breach of our personal accounts happen. In other cases, we might be informed of identity theft when someone tries to obtain loads or credit while using our name; however, what most people don’t know is that there are multiple types of identity theft – one of them is synthetic identity theft and that’s what we are exploring in this blog.
Some might call identity theft a fraudulent practice, some might call it a “process” – however, no matter what it’s called, the aim of it is almost always the same – the aim of identity theft is to steal your personal information and use it to the attacker’s advantage. Some attackers go even further and combine identity theft with credential stuffing – a practice in which cybercriminals use credentials obtained from a data breach of one service to cause harm (log in) to another unrelated service.
Synthetic identity theft is a little different, though – it’s a type of attack where a fraudster uses a combination of real and fake information to create a new identity for themselves. Synthetic identity theft – or synthetic identity fraud, whatever we want to call it – is arguably the fastest-growing type of financial crime in the United States because such a crime is:
Synthetic identity theft is a type of attack where a nefarious party steals information from a person to create a fake ID with some of the information attributable to the victim (e.g. SSNs, names, dates of birth, etc.), and combine the real information with bits and pieces of false information (false addresses, etc.) as well. Attackers using synthetic identity theft may be able to:
The results of synthetic identity theft can be devastating – no matter who is targeted, such an attack is very hard to detect and investigate due to its nature (see above), and it frequently provides a big financial upside for an attacker. Consider and weigh all of the variables, and you will see the reason why it’s growing so quickly.
As hard as it may be to believe, even large institutions and banks often fall prey to such an attack – and a very good part of that reason is that attackers keep providing a lot of legitimate information to such institutions – thus, they believe the fraudster.
According to research made by Carnegie Mellon University (CMU) in 2011, as far as identity theft attacks are concerned, attackers target children more and more frequently as well – on the 9th page of their paper, CMU notes that an attack rate on children is 51 times higher than an attack on adults. The paper also digs into other things – for example, whether child IDs are “preferable” for attackers, etc.
As dangerous as synthetic identity theft and it’s brother identity theft may be, we can easily secure ourselves by following basic cyber security advice. We need to make sure that we:
Ways to protect ourselves from synthetic identity theft are heavily interlinked with ways to protect ourselves from identity theft as well – however, at the end of the day, it all comes down to basic security measures. Employ them and you will be safe. However, if you’re running a company, you might want to employ a couple of additional security measures to prevent identity theft attacks both now and in the future – one of them amounts to employing the power of data breach search engines. The BreachDirectory API and data breach search engine serve two distinct purposes – the API provides all of its users (companies, universities, as well as individuals) with the ability to scour the data breach database for accounts or website domains that could have been victims of a data breach and receive a REST response, while the data breach search engine provides all of its users with the ability to evaluate whether their account has appeared in a data breach.
Dive deep into ways to best index your data and learn how to mysql if…
Dive deep into ways to load big data sets into MySQL with BreachDirectory. From MySQL…
Can the SQL EXPLAIN statement be a DoS vector and how to mitigate this threat?…
What is Cross Site Scripting, how does it work, and how can developers prevent it?…
BreachDirectory explains the risks of compressed files with a password on them for your infrastructure…
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…