In the spirit of Halloween and the classic tale of Frankenstein, a fitting analogy can be drawn to the world of cybersecurity and the growing issue known as “Frankenstein fraud.” This term refers to the phenomenon of synthetic identities, which, like the infamous creature brought to life by Victor Frankenstein, are composed of various parts, usually a combination of stolen Personal Identity Information (PII) and fabricated data. These synthetic identities are created with a specific purpose in mind, much like Victor Frankenstein’s intent to craft a being of beauty.
While the analogy of Frankenstein has been used in the past to describe synthetic identities, it might be more apt to consider Mary Shelley’s alternative title for her novel, “The Modern Prometheus.” This reference to Greek mythology and the character of Prometheus holds a deeper relevance to the evolving world of synthetic identity fraud.
In Greek mythology, Prometheus was a titan who dared to defy the gods by stealing fire and gifting it to humanity in the form of knowledge and technology. His actions symbolize human pursuit of knowledge and the inherent risks of overreaching and unintended consequences. In the context of synthetic identity fraud, the analogy to Prometheus becomes more fitting.
Synthetic identities, often crafted through the combination of genuine and fake PII, have become a fast-growing global threat, estimated to cause losses ranging from $20 billion to $40 billion globally. These identities are no longer a mere creation of academic researchers; they have evolved into a complex challenge for businesses and security professionals.
The origins of synthetic identity fraud can be traced back to the 1990s, with early projects like the 1997 Video Rewrite program, a precursor to modern deepfakes. The concept of “synthetic identity” emerged when credit borrowers made subtle adjustments to their names and Social Security numbers (SSNs) to thwart credit bureaus. The term itself was inspired by the android Lance Bishop in the movie “Alien.”
Advancements in generative AI, readily available toolkits on the open web, and the use of hyper-realistic 3D masks have elevated synthetic identities to a new level of sophistication. Fraudsters have become adept at leveraging and refining these synthetic identities, enabling them to remain under the radar. They start with minimal lines of credit, gradually obtain larger loans or credit, and only reveal their true intentions at a later stage. It is worth noting that synthetic identities currently account for a staggering 85% of all fraud cases, with the average amount stolen by fraudsters before detection estimated at $97,000.
The methods used to construct synthetic identities are constantly evolving. Basic attacks involve a mix of genuine and fake PII, with a stolen, valid SSN purchased from the dark web. Fraudsters may also target specific vulnerable groups, such as children, the deceased, or the homeless, using their SSNs alongside fabricated information. More advanced attacks incorporate biometrics, 2D or 3D masks, and sophisticated synthetic documents. Fraudsters are not bound by any specific approach; they are willing to experiment and adapt, as seen in the rise of deepfakes and synthetic media.
There is no simple solution to eliminate synthetic identities or the risks they pose to both businesses and consumers. However, a layered approach to fraud prevention can significantly enhance security. Digital businesses must adopt a combination of identity verification, intelligence, and fraud detection methods to create a robust defense against synthetic identity fraud. This layered approach allows them to detect if an SSN is genuine, if a mask is being used, or if the user is transacting from a high-risk region.
Furthermore, fighting synthetic identity fraud requires a collaborative effort across industries. Fraudsters operate without regard for geographical boundaries, use cases, or devices. They share information openly on the dark web, and as a countermeasure, the cybersecurity community needs to collaborate effectively. The fight against synthetic identity fraud is akin to a cybercrime war, and the establishment of peer-to-peer digital consortiums across industries is crucial.
In conclusion, synthetic identity fraud is not merely a cobbled-together monster; it represents a significant and multifaceted challenge in the realm of cybercrime. The analogy to Frankenstein’s monster falls short of capturing the depth and complexity of this modern threat. Synthetic identities are more appropriately compared to cybercrime’s modern Prometheus. They symbolize the relentless pursuit of evading security measures, evolving and adapting to new technologies, and potentially causing havoc in various criminal activities, including money laundering, account takeovers, trafficking, and terrorist financing. As technology continues to advance, the nightmare of synthetic identity fraud becoming nearly indistinguishable from genuine identities is a real concern. The pursuit of sophisticated and harder-to-detect synthetic identities mirrors the unintended consequences faced by Prometheus in his quest for knowledge. Cybersecurity professionals must remain vigilant, collaborative, and innovative to combat this ever-evolving threat effectively. Read article here.