Criminals are crafting detailed fake identities using data belonging to newly born and recently deceased people, according to Sanjay Gupta, Vice President, Global Head of Products and Corporate Development at Mitek. On the CyberWire’s Hacking Humans podcast, Gupta explained how cybercriminals are taking advantage of these data to conduct long-term fraud.
“As people, you know, they die and their data is still available, these fraudsters, they've kind of gotten onto this,” Gupta said. “So in the previous days, the idea was called ghosting, where you would just steal information from a recently deceased person and maybe look at their bank account, et cetera. But recently, what's been happening is that they've been using these individuals' Social Security numbers and then tying it to the data that's been stolen to create a synthetic ID. So they would basically take a Social Security number, come up with a name, and address, use a date of birth. With the recent technology around deepfakes, you can also attach a photo to it. And so all of that would be used to create, let's say, an ID. And that ID would be used for very nefarious purposes.”
Gupta stressed that this technique is still new, so preventive technologies haven’t caught up to it yet.
“Currently, this is a new type of fraud that's coming into the kind of, you know, the financial institution and marketplaces,” he said. “Previously, it was more related to just real individuals trying to commit fraud or, you know, somebody stole my ID and they were trying to commit fraud....[T]he really hard thing is that these particular synthetic IDs and the fraudsters that are behind them, they're very, very, very patient. And they create the synthetic ID where they have real, you know, e-world – let's say email or a LinkedIn profile....[T]hey'll leave a digital trail, what we call a breadcrumb – a digital breadcrumb of these individuals. So they feel and look and behave like real individuals. In fact, sometimes they will even take out loans and pay them back slowly. So what they're trying to do is get as much loans and, you know, credit that they can get and then, after 18 months, do a massive bust-out.”
Gupta concluded that since companies are still trying to figure out how to deal with this type of fraud, people need to learn how to protect themselves before it affects themselves or their loved ones.
“This is a fairly new type of crime that's happening,” he said. “So I think the jury's still out on how to actually figure out from the perspective of the behavior of the patterns that are occurring. Those techniques are going to come in the future. So one thing the audience should realize is that these are things that a lot of companies are working on. So if you do the right thing upfront when you have somebody with a disease or if you have a new child that is born in your family, take the steps to kind of protect yourself.”
New-school security awareness training can give your employees the knowledge they need to defend themselves against fraud in their professional and personal lives.
The CyberWire has the story: https://thecyberwire.com/podcasts/hacking-humans/102/transcript