A 101 Guide to Synthetic Identity Theft

Synthetic identity fraud is one of the fastest-growing financial crimes, yet it remains one of the most difficult to detect.

According to a 2025 study, synthetic identity fraud was the largest share of fraud losses by U.S. online merchants.

In 2022, more than $6 billion was lost to fraud from central banks in the U.S. In the following years, losses from online payment fraud rose to $44 billion. Experts predict that by 2029, e-commerce fraud will surpass $100 billion.

So, what can be done?

Let‘s unpack how synthetic identity fraud became so popular for fraudsters and why identity authentication is becoming harder than ever.

What is synthetic identity fraud?

Synthetic identity fraud is a type of fraud used to create new identities that appear to be a real person to defraud financial institutions.

Identity thieves combine fabricated credentials with real identifying factors found through social media profiles, phishing scams, and data breaches on the dark web.

The result is a synthetic identity using potentially valid Social Security Numbers (SSNs) with accompanying false personally identifiable information (PII), used to create false credit profiles.

How do fraudsters create fake identities?

How do you create a synthetic ID?

Cybercriminals may use a combination of real and fake identifiers to create synthetic identities:

• Social Security Numbers (SSNs): Often stolen from individuals who don‘t have a credit history (such as children or deceased persons).
• Fake or altered names: Fraudsters might slightly change real names or generate entirely new ones to appear legitimate.
• Fabricated date of birth: Cybercriminals use false dates to create a convincing backstory and evade verification checks.
• Fraudulent addresses: To bypass fraud detection, threat actors use either real addresses that don‘t belong to them or entirely made-up locations.
• Phone numbers: Fraudsters may use disposable or fraudulent phone numbers when applying to financial institutions to cover their fraudulent activity.

Online platforms such as OnlyFake, an AI-powered neural network used to generate fake IDs, were used by criminals to generate IDs for only $15.

Identity theft is used to defraud…

Once the threat actors have a fake identity ready, the stolen information is used to defraud financial institutions and credit bureaus.

The most common victims of synthetic identity fraud are persons who don‘t use their SSN or credit regularly, including children, the elderly, and homeless citizens. For example, 1 million children had their PII used in fraud in 2017.

False identities are used to open accounts, such as credit cards, where small purchases are made to build up a line of credit. Once the credit has been established, cybercriminals take out large loans without the intention of repayment.

If a fraudster uses your SSN for synthetic identity theft, it can lead to a split or fragmented credit file—when details from another individual are attached to your SSN, becoming a part of your credit history.

Fraudsters also use new credit and stolen SSNs to defraud the government of welfare payments or access medical care to avoid paying for treatment.

Real cases of synthetic identity theft

Financial fraud and abuse of financial services are becoming more common as fraud prevention is becoming more difficult for financial institutions.

AI machine learning platforms make it easy for anyone to create fake identities. The technology is advanced enough to mimic holographic features, fonts, microprints, and even the texture of the document itself.

#UK 🇬🇧 – Over 1,000 NHS Accounts Leaked Online

A database containing more than 1,000 NHS email accounts, passwords, and personal details has been leaked on a dark web forum, raising serious privacy and security concerns.https://t.co/AbRDtwfWN7#darkweb #databreach… pic.twitter.com/cHdiU3FvOQ

— Dark Web Intelligence (@DailyDarkWeb) October 22, 2024

X post highlighting the prevalence of data breaches used for identity theft.

A group of 11 criminals used synthetic IDs to defraud banks by $3 million

In 2019, 11 fraudsters were charged for their involvement in a synthetic ID scheme to defraud banks, making approximately $3 million in charges that were never repaid.

“As alleged, the defendants operated a ‘bust out’ scheme using fraudulently obtained credit cards to finance expenses, ranging from furniture to real estate and totaling $3 million. Now they will be held accountable,” stated United States Attorney Donoghue.

The FBI found that the criminals used names, dates of birth, and Social Security numbers from different individuals to create the synthetic IDs, before then using the new credit cards to open 3 mortgages on residential properties in Queens, New York.

The fraudsters also used shell companies to record hundreds of thousands of dollars on the fraudulently obtained credit cards. They used these businesses to charge large amounts on stolen credit cards and then collected payments from banks and credit card companies for these fake transactions.

Florida man steals $24 million in COVID-19 relief funds

In 2021, the FBI charged a Florida man with working alongside co-conspirators to steal $24 million of COVID-19 relief money by using synthetic identities and shell companies.

The fraudster and his co-conspirators used complex computer data storage and virtualization machines to manufacture synthetic identities, automatically open bank accounts and shell companies, and monitor bank activity tied to the synthetic IDs.

When the COVID-19 pandemic broke out, the team turned its sights on the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act that offered US small businesses forgivable loans to help keep businesses afloat.

To date, COVID fraud cases total $10 billion according to the IRS, with more cases being discovered every year.

Couple defrauds Medicare of $54 million

In 2024, a couple was arrested for defrauding Medicare of more than $54 million via hospice and diagnostic testing services.

It‘s alleged that the pair fraudulently declared offering hospice and diagnostic testing services (which were never provided), which was then laundered to disguise their illicit proceeds to buy millions of dollars worth of gold bars and coins.

Synthetic IDs were used by the fraudster to disguise the funds, transferring the payments to an account in a fake name.

What impact does synthetic identity fraud have on businesses?

Synthetic identity fraud poses a significant threat to businesses. According to reports, banks can lose between $50-$250 million a year from synthetic ID fraud-related unpaid debt.

On average, fraudsters take out loans of $15,000 before abandoning the identity, causing banks to lose billions. In the long term, this form of identity theft hinders the service provided by lenders.

Here‘s how synthetic ID fraud hurts businesses:

• Financial losses: Fraudsters use synthetic identities to open accounts, apply for loans, and commit credit card fraud, causing substantial financial damage to banks and businesses.
• Regulatory risks: Companies face compliance challenges as fraudsters exploit synthetic identities to evade sanctions and regulatory scrutiny, making it harder for authorities to track illegal activities.
• Reputational Damage: Falling victim to synthetic identity fraud can erode customer trust, especially in industries like financial services, where security is paramount.
• Operational Disruptions: Businesses must invest in fraud detection and prevention technologies, increasing operational costs and diverting resources from core activities.

Why is synthetic identity fraud difficult to detect?

It‘s difficult for financial institutions to accurately detect synthetic ID fraud because the information provided by the fraudster is a mix of real and fake data.

In the US, many credit institutions rely solely on credit scores and algorithms rather than identity verification to vet new applicants.

When a fake identity is used, there‘s no real “victim” to report any suspicious behaviour, allowing the fraud to continue undetected. Moreover, fraudsters build credibility over time by maintaining good credit behavior, making their synthetic profiles appear legitimate.

If a child is the victim of SSN fraud, they may not realize it until they attempt to open a credit card account in the future.

SSN randomization makes it more difficult to verify identity

A major contributing factor to the heightened risk associated with synthetic identities is the implementation of SSN randomization, which took effect in 2011.

The Social Security Administration (SSA) eliminated geographical and sequential patterns in SSNs to make fraud more difficult to commit. However, the new approach inadvertently made fraud more difficult to detect, too.

Financial institutions can no longer pair an SSN with the applicant‘s residence and date of birth, making identity verification almost impossible.

AI technology makes forgeries more convincing

The rise in AI technology enables criminals to create convincing deepfakes to bypass identity verification procedures during the KYC onboarding process.

In a Widening Threat Landscape, Deepfakes Stand Out

AI can even be used to bypass biometric checks to gain unauthorized access to an account.

In Indonesia, a financial institution found that over 1,100 deepfake fraud attempts were made to bypass the bank‘s loan application security process.

Fraudsters use AI to create a “Frankenstein” of data from a real person and fake data to perform their attacks:

• Face-swapping technologies allow attackers to seamlessly substitute one person’s face with another in real time, using only a single image.
• Virtual camera software is used to alter biometric data, playing pre-recorded videos to imitate live facial recognition.
• Voice cloning technology allows fraudsters to imitate a voice that can‘t be traced back to them, bypassing voice recognition security features.

New: inside the underground site where "neural networks" churn out fake IDs
– I tested, made two IDs in minutes
– used one to successfully bypass the identity verification check on a cryptocurrency exchange
– massive implications for crime, cybersecurityhttps://t.co/hCjHWbKJPf pic.twitter.com/sd8ofmdEOE

— Joseph Cox (@josephfcox) February 5, 2024

X post from an investigative journalist showcasing fake IDs made with AI neural networks.

How to detect synthetic identity fraud

According to cybersecurity experts, there‘s no one indicator of compromise (IoC) for detecting a synthetic identity. Instead, experts suggest looking for a pattern to indicate that the identity may be a fake.

Businesses can look for red flags when vetting a potential customer:

• A large amount of unsecured debt is a tell-tale sign of a fraudulent account. Fraudsters utilizing synthetic identities tend to focus on acquiring unsecured credit, such as credit cards, rather than secured credit, such as home mortgages.
• A high volume of credit inquiries can indicate fraud. During the credit build phase of creating a synthetic identity, fraudsters will submit a high number of credit applications until one or multiple applications are eventually approved
• Discrepancies between the account holder’s age and duration of credit history. For example, it would be reasonable to expect a consumer born 30 years ago would have approximately 10 years of credit history beginning around the age of 18.
• “Piggybacking” inflates credit depth. Actors rapidly build credit by adding synthetic identities as authorized users on established accounts, a tactic called “piggybacking.” This lets them inherit strong repayment histories, boosting both credit duration and status.
• Shared contact information on multiple accounts. Similar customer information spanning across multiple accounts is an indicator of synthetic identity fraud.

Protect your personal data from identity theft

Over 6 years ago, the Federal Reserve published a white paper detailing the rise of synthetic identity theft, labelling it the fastest-growing form of fraud.

Although government agencies are aware of fake information and identity theft proliferating in the financial industry, detection is still difficult.

To protect your personal data, the FBI recommends following these steps:

• Monitor your credit regularly: Check your credit reports for unfamiliar accounts and suspicious activity. Fraudsters build synthetic identities over time, so early detection is crucial.
• Check your children‘s credit reports: Check if any credit reports are attached to your child‘s SSN. If you find that your child does have an extensive credit history, credit bureaus can freeze the credit line to ensure no further fraudulent activity occurs.
• Freeze your own credit: Placing a credit freeze prevents fraudsters from opening new accounts in your name. This is important if your SSN has been compromised.
• Social security statements: Fraudsters employed under a synthetic ID may have their income appear on your end-of-year earnings statement. If you notice a discrepancy between your income and actual earnings, contact the Social Security Administration to address it.
• Watch for unusual emails or mail: Receiving bills or financial statements for accounts you didn’t open could indicate fraud.

Combat Financial fraud with CybelAngel

Synthetic identity theft is on the rise, with technology like AI helping cybercriminals to skirt around laws and regulations.

CybelAngel‘s suite of cyber intelligence platforms and services can help your organization detect exposed digital identities on the dark web before they are exploited, and provide early data breach prevention alerts before fraud occurs.

Book a demo.