Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Identity Fraud. Show all posts

How Synthetic Identity Fraud is Draining Businesses


 

Synthetic identity fraud is quickly becoming one of the most complex forms of identity theft, posing a serious challenge to businesses, particularly those in the banking and finance sectors. Unlike traditional identity theft, where an entire identity is stolen, synthetic identity fraud involves combining real and fake information to create a new identity. Fraudsters often use real details such as Social Security Numbers (SSNs), especially those belonging to children or the elderly, which are less likely to be monitored. This blend of authentic and fabricated data makes it difficult for organisations to detect the fraud early, leading to financial losses.

What Is Synthetic Identity Fraud?

At its core, synthetic identity fraud is the creation of a fake identity using both real and made-up information. Criminals often use a legitimate SSN paired with a fake name, address, and date of birth to construct an identity that doesn’t belong to any actual person. Once this new identity is formed, fraudsters use it to apply for credit or loans, gradually building a credible financial profile. Over time, they increase their credit limit or take out large loans before disappearing, leaving businesses to shoulder the debt. This type of fraud is difficult to detect because there is no direct victim monitoring or reporting the crime.

How Does Synthetic Identity Fraud Work?

The process of synthetic identity fraud typically begins with criminals obtaining real SSNs, often through data breaches or the dark web. Fraudsters then combine this information with fake personal details to create a new identity. Although their first attempts at opening credit accounts may be rejected, these applications help establish a credit file for the fake identity. Over time, the fraudster builds credit by making small purchases and timely payments to gain trust. Eventually, they max out their credit lines and disappear, causing major financial damage to lenders and businesses.

Comparing Traditional VS Synthetic Identity Theft

The primary distinction between traditional and synthetic identity theft lies in how the identity is used. Traditional identity theft involves using someone’s complete identity to make unauthorised purchases or take out loans. Victims usually notice this quickly and report it, helping prevent further fraud. In contrast, synthetic identity theft is harder to detect because the identity is partly or entirely fabricated, and no real person is actively monitoring it. This gives fraudsters more time to cause substantial financial damage before the fraud is identified.

The Financial Impact of Synthetic Identity Theft

Synthetic identity fraud is costly. According to the Federal Reserve, businesses lose an average of $15,000 per case, and losses from this type of fraud are projected to reach $23 billion by 2030. Beyond direct financial losses, businesses also face operational costs related to investigating fraud, potential reputational damage, and legal or regulatory consequences if they fail to prevent such incidents. These widespread effects calls for stronger security measures.

How Can Synthetic Identity Fraud Be Detected?

While synthetic identity fraud is complex, there are several ways businesses can identify potential fraud. Monitoring for unusual account behaviours, such as perfect payment histories followed by large transactions or sudden credit line increases, is essential. Document verification processes, along with cross-checking identity details such as SSNs, can also help catch inconsistencies. Implementing biometric verification and using advanced analytics and AI-driven tools can further improve fraud detection. Collaborating with credit bureaus and educating employees and customers about potential fraud risks are other important steps companies can take to safeguard their operations.

Preventing Synthetic Identity Theft

Preventing synthetic identity theft requires a multi-layered approach. First, businesses should implement strong data security practices like encrypting sensitive information (e.g., Social Security Numbers) and using tokenization or anonymization to protect customer data. 

Identity verification processes must be enhanced with multi-factor authentication (MFA) and Know Your Customer (KYC) protocols, including biometrics such as facial recognition. This ensures only legitimate customers gain access.

Monitoring customer behaviour through machine learning and behavioural analytics is key. Real-time alerts for suspicious activity, such as sudden credit line increases, can help detect fraud early.

Businesses should also adopt data minimisation— collecting only necessary data—and enforce data retention policies to securely delete outdated information. Additionally, regular employee training on data security, phishing, and fraud prevention is crucial for minimising human error.

Conducting security audits and assessments helps detect vulnerabilities, ensuring compliance with data protection laws like GDPR or CCPA. Furthermore, guarding against insider threats through background checks and separation of duties adds an extra layer of protection.

When working with third-party vendors businesses should vet them carefully to ensure they meet stringent security standards, and include strict security measures in contracts.

Lastly, a strong incident response plan should be in place to quickly address breaches, investigate fraud, and comply with legal reporting requirements.


Synthetic identity fraud poses a serious challenge to businesses and industries, particularly those reliant on accurate identity verification. As criminals become more sophisticated, companies must adopt advanced security measures, including AI-driven fraud detection tools and stronger identity verification protocols, to stay ahead of the evolving threat. By doing so, they can mitigate financial losses and protect both their business and customers from this increasingly prevalent form of fraud.


Combatting International Spoofed Calls: India's New Measures to Protect Citizens

 

In recent times, fraudsters have increasingly used international spoofed calls displaying Indian mobile numbers to commit cybercrime and financial fraud. These calls, which appear to originate within India, are actually made by criminals abroad who manipulate the calling line identity (CLI). 

Such spoofed calls have been used in various scams, including fake digital arrests, FedEx frauds, narcotics in courier schemes, and impersonation of government and police officials. To combat this growing threat, the Department of Telecommunications (DoT) and Telecom Service Providers (TSPs) in India have developed a system to identify and block incoming international spoofed calls. 

This initiative aims to prevent such calls from reaching any Indian telecom subscriber. The Ministry of Communications announced that TSPs have been directed to block these calls and are already taking steps to prevent calls with spoofed Indian landline numbers. In addition to this, the DoT has launched the Sanchar Saathi portal, a citizen-centric platform designed to enhance user safety and security amid the rising threat of fraud and international call scams. This portal includes a feature called "Chakshu," which allows individuals to report suspicious calls and messages. 

Chakshu simplifies the process of flagging fraudulent communications, providing an extra layer of protection against cybercriminals. Chakshu serves as a backend repository for citizen-initiated requests on the Sanchar Saathi platform, facilitating real-time intelligence sharing among various stakeholders. The platform also provides information on cases where telecom resources have been misused, helping to coordinate actions among stakeholders. 

Union Minister Ashwini Vaishnaw has highlighted additional measures, including creating a grievance redressal platform for reporting unintended disconnections and a mechanism for returning money frozen due to fraud. These efforts aim to address the concerns of citizens who may have been inadvertently affected by the anti-fraud measures. Since its launch in May last year, the Sanchar Saathi portal has been instrumental in enhancing the security of telecom users. It has helped track or block over 700,000 lost mobile phones and detect more than 6.7 million suspicious communication attempts. 

These efforts underscore the government's commitment to safeguarding citizens from cyber threats and ensuring the integrity of telecom services. The DoT and TSPs' proactive measures, along with the Sanchar Saathi portal, represent significant steps towards protecting Indian citizens from international spoofed calls and other forms of cybercrime. By leveraging advanced technology and fostering collaboration among stakeholders, these initiatives aim to create a safer digital environment for all.

FBI Reports Surge in Cryptocurrency Scams, Highlighting Growing Threat of Confidence Scams

 

The FBI has recently brought attention to a concerning trend in cybercrime: the rise of cryptocurrency scams, particularly through romance and confidence schemes, which have outpaced ransomware attacks in terms of financial losses. According to the FBI's data, individuals fell victim to cryptocurrency scams amounting to a staggering $4.57 billion in 2023, marking a significant 38% increase compared to the previous year's losses of $3.31 billion. 

These scams typically unfold over a period of several weeks, with fraudsters assuming false identities, often posing as attractive individuals, to establish relationships with their targets. As the relationship progresses, the scammers introduce the idea of joint cryptocurrency investments, recommending fake platforms or apps under their control. Victims are manipulated into making substantial investments, with the scammers fabricating gains to maintain the illusion of profitability. 

When victims attempt to withdraw their funds, the fraudsters employ various tactics, including impersonating customer support representatives and demanding additional fees, resulting in further financial losses for the victims. In contrast, ransomware attacks, a prevalent form of cyber extortion, generated comparatively minor losses of $59.6 million. 

However, the FBI acknowledges that this figure may not fully reflect the true extent of ransomware-related losses, as it fails to account for indirect costs such as business downtime. Moreover, the reported losses only encompass ransomware incidents reported to the Internet Crime Complaint Center (IC3), suggesting that the actual financial impact of ransomware attacks could be significantly higher. The discrepancy in reported losses between cryptocurrency scams and ransomware attacks underscores the evolving landscape of cyber threats and the shifting tactics employed by cybercriminals. 

While ransomware attacks continue to pose a significant threat to businesses and organizations, the surge in cryptocurrency scams highlights the effectiveness of social engineering techniques in deceiving individuals and extracting substantial sums of money. To combat these threats effectively, individuals and businesses must remain vigilant and exercise caution when engaging in online interactions. It is essential to verify the authenticity of investment opportunities and platforms, especially those related to cryptocurrencies, and to refrain from disclosing sensitive information or transferring funds without proper verification. 

Additionally, organizations should implement robust cybersecurity measures, including regular employee training and the deployment of advanced threat detection technologies, to mitigate the risk of falling victim to cyber scams and attacks. As cybercriminals continue to exploit vulnerabilities and devise increasingly sophisticated schemes, collaboration between law enforcement agencies, cybersecurity professionals, and the public is crucial in combating cybercrime and safeguarding against financial losses and data breaches. By raising awareness of emerging threats and adopting proactive security measures, individuals and organizations can better protect themselves against the pervasive threat of cybercrime in today's digital landscape.

Here's How a Lost Wallet Becomes a Nightmare for Your Credit and Identity

 

Theft of identity and the establishment of bank accounts in your name can result from losing your wallet. That can result in years of battling false creditors and claims, building up bad credit. Jessica Roy, an assistant editor on the utility journalism team at the Los Angeles Times, experienced this. 

In 2018, she claims that her wallet was stolen from her purse at a pub, but she didn't pay it much attention. 

I actually didn't keep that much in there. My driver's license, some cash, and a few credit cards were all there. The following day, I discovered they had completed a few transactions. I changed the cards and got those backward. I initially believed it to be the conclusion, Roy stated. 

But in the middle of January 2019, she began receiving a tonne of letters. “It was like, ‘Congratulations on your new Bank of America account. Congratulations on your new Wells Fargo account. We're following up on your Target card inquiry.’ And I realized they were using my identity to start opening new accounts.” 

Roy speculates that the hackers might have secured her social security information through the dark web. According to her reporting, that is typical. Many people dismiss the frequent data breaches and online intrusions that result in the theft of personal information like passwords or social security numbers. 

Roy claims that nobody is secure. She discussed the 2017 Equifax hack, which affected 147 million Americans, in her blog. That comes from a credit bureau and is private information. Our every financial move is being tracked by the credit bureaus, who aren't even protecting our data, which is why we need to keep our identity so secure. 

She always believed that because she was a reporter and was being thorough, she would be able to thwart false claims and transactions. 

I never imagined that I would experience this. And when it happened, I said to myself, "You know what, I'm going to start doing something." I'll be in control of this. I'm going to call the banks and demand that they put things right. And that will be the conclusion of it. And they're going to take care of it and shut these accounts in a really friendly manner. And everything will be a closed book. But it persisted. 

In Roy's instance, some arrests eventually took place, which she claims is unusual. “It wasn't because ‘oh, the police dug into my crime and worked night and day to solve this.’ It's because [the suspects] were pulled over and arrested for something else. And incidentally, they happened to have a bunch of my identity material in the car with them.” 

Roy claims that despite their repeated attempts, the criminals were unable to access her bank and email accounts because they were secured. Things like two-factor authentication stopped future problems from getting worse. 

“They called me impersonating my bank and asked me to repeat my password as if it were a security question. And I realized I was like, ‘Oh my God, this is them. They're calling me on Christmas to try and steal my identity some more,” she further added. I really think the conclusion that I came to in experiencing this and reporting this story is that yes, there are steps you can take. Nothing is foolproof, and this is a systemic issue that has to be addressed.” 

Roy advises users to proactively freeze their credit cards and set up two-factor authentication for each account, including email and bank accounts, to lessen the risk of identity theft.

KeyBank Suffers Data Breach, Third Party Steals Personal Information


KeyBank hit by data breach 

Hackers stole personal data: addresses and account numbers of home mortgage holders at KeyBank, social security numbers, the bank reports, in the compromise of the third party vendor that serves multiple corporate clients. 

The hackers stole the information on July 5 after hacking into computers at the insurance service provider Overby Seawell Company. 

KeyBank has its operations across 15 states, and has around $200 Billion in assets, the bank hasn't disclosed how many customers were affected or to respond to any other queries related to the breach. 

KeyBank's stand

In statement, KeyBank told that it came to know about the data theft on 4th August, and KeyBank systems and operations weren't compromised. Overby Seawell Company hasn't replied to any phone messages and emails that were sent to executives for comment. 

It sent a statement to the Associated Press, KeyBank mentions Kennesaw, Georgia based Overby Seawell was hit by a cybersecurity incident that breached data of its corporate clients. It refused to comment further. 

Further information 

As per the website, Overby Seawell's customers are banks, credit unions, finance companies and property investors, and mortgage servicers. The products consist a tracking system for real-time insurance monitoring that can be combined with other financial industry software forums. 

In an August 26 letter sent to Associated Press by an impacted mortgage holder, KeyBank said the information included in the Overby-Seawell breach linked to their mortgage consists their name, mortgage account number, address, and the first eight digits of their nine digits social security number. 

That is enough information for identity theft which the hackers can use while carrying out a serious fraud. 

Fraudsters Resorting to 'Synthetic Identity Fraud to Commit Financial Crimes

 

Identity theft is still a common tactic for hackers to damage the credit score. To steal even more and avoid discovery, an increasing number of fraudsters are turning to "synthetic identity fraud," which includes constructing spoof personalities to deceive financial institutions.

Michael Timoney, VP of Secure Payments at the Federal Reserve Bank of Boston stated, “This is growing. It’s got big numbers tied to $20 billion(Opens in a new window) plus (in losses), and we’re not really seeing a drop in it. Due to the pandemic, the numbers have gotten even higher."

Timoney described how the threat exploits a critical vulnerability in the US banking system at the RSA conference in San Francisco: when a customer applies for a credit card or a loan, many businesses do not always verify their identification. Timoney defined synthetic identity fraud as the use of multiple pieces of personally identifiable information to create a totally new person. 

He added, “It’s different from traditional identity theft because if someone stole my identity they would be acting in my name. I would go into my bank account and see my money is gone or I’d try to log into my account but I’d be locked out.” 

“Because of data breaches, there is so much information out there for sale. In other cases, the crooks will alter or make up the Social Security number and address data entirely, hoping the companies won't catch on. Once you apply for credit with your brand new identity, there is no credit file out there for you, but one gets created immediately. So right off the bat, you now have a credit file associated with this synthetic. So it sort of validates the identity. Now you got an identity and it has a credit record."  

The hacker will then strive to improve the credit rating of the spoof identity in order to secure larger loans or credit card limits before bailing without ever paying the lending agency. He added that the fraudster will settle their charges and request further credit. 

According to Timoney, the scammers have also been using the fraudulent personas to seek for unemployment benefits and obtain loans from the Paycheck Protection Program, which began during the pandemic to assist businesses in paying their employees. 

How to stop synthetic identity fraud?

To combat synthetic identity fraud, the United States is developing (Opens in a new window) the Electronic Consent Based Social Security Number Verification Service, which can determine whether a Social Security number matches one of these on record. However, Timoney stated that the system will only be offered to financial institutions and will not be open to other industries that provide credit to clients. 

In response, Timoney emphasized that it is critical for businesses to be on the lookout for warning indicators linked with synthetic identity fraud. This might include inconsistencies in the applicant's background. For example, consider a person who is 60 years old but has never had a credit history while having lived in the United States their whole life or an 18-year-old with a credit score of at least 800. 

Another method for detecting synthetic identity theft is to see if a loan application has any confirmed family members. One should be looking at a lot more than just the name, address, and Social Security number.