HR Professionals | 7 min read

Little Known Risks Causing Big Problems: Synthetic Identity Fraud and More

  

Want to get updates on InfoArmor News?

Credit card fraud is declining. The number of identity theft victims has dropped. And employers offering identity protection are set to double by 2021.

This is amazing news, and it wouldn’t be possible without business leaders and HR professionals taking a stand.

Unfortunately, identity thieves aren’t giving up so easily.

As organizations and employees get smarter, crooks get wilier. In today’s article, we’ll take a closer look at how cybercriminals are shifting tactics and what these trends could mean for employers and employees alike.

Let’s begin with one of the greatest risks of all — synthetic identity fraud.

Synthetic identity fraud

What is synthetic identity fraud?

Identity theft was once relatively straightforward.

A crook would obtain a victim’s personally identifiable information, exploit existing lines of credit, and open new accounts with the stolen data. Eventually, the victim would discover the crime and begin to rebuild his or her life.

Today, things are far more complicated.

Identity thieves are increasingly engaging in synthetic identity fraud — a form of identity theft where criminals combine a victim’s real data with fake information (or the real data of multiple victims) to create a fabricated credit profile.

For example, they may take Victim A’s social security number and pair it with Victim B’s work history to create Synthetic Identity #1. Or, a criminal can simply take Victim A’s social security number and associate it with a totally fake name and work history.

These approaches make detecting identity theft much harder than traditional methods. By blending together real and fictitious elements, thieves can more easily cover their tracks.  

Why does synthetic identity fraud matter?

Some criminals spend years perfecting a false identity before cashing in, which means an employee’s information can be compromised long before anything suspicious surfaces on their credit report. When this happens, it can take hundreds of hours and many months to fully restore their identity. 

This tactic is incredibly effective. In fact, synthetic identity theft may account for 5 percent of all uncollected debt. This includes as much as 20 percent of total credit losses. 

How PrivacyArmor helps

PrivacyArmor participants are protected from even the most advanced forms of identity theft.

We go far above traditional credit monitoring services, using human operatives and proprietary technology to scour the dark web for any credentials an employee registers. We immediately alert victims if we discover their social security, driver’s license, or credit card numbers where they don’t belong  — even when this information is associated with a synthetic identity.

Of course, dark web monitoring is just one of the ways we detect advanced forms of fraud. By analyzing a participant’s digital exposure report, high-risk transactions, and credit profile, we can see the bigger picture and identify meaningful inconsistencies. This allows us to detect and address risks much faster than our competitors.

New account fraud and account takeover

A troubling trend continues

While credit card fraud declined in 2018, new account fraud increased significantly.

This is particularly bad news for consumers. When it comes to fraudulent credit and debit charges, victims are offered many protections. However, they possess very few when it comes to new account fraud.

Often, this means paying out of pocket.

Account takeover has also skyrocketedtripling in recent years. Sometimes this involves a thief using a victim’s non-financial accounts to fraudulently order services and products on the victim’s behalf.

If a cybercriminal can compromise one or more of a victim’s accounts, they can often open a PayPal or Amazon account in the victim’s name. The thief can then use these “intermediary accounts” to make major purchases.

While account takeover can happen to any employee, CEOs are at a greater risk than most. This is especially true when it comes to social media. If criminals can access a CEO’s account, they can use it to defame their organization, phish employees and clients, and cause serious harm to the executive’s company.

How PrivacyArmor helps

With powerful PrivacyArmor features like Lost Wallet protection and social media monitoring, you can sleep easy knowing your employees are protected from new account fraud and account takeover. If employees choose to link their social media accounts and non-credit based accounts, we can also alert them to any suspicious behavior as soon as it’s detected.

Child identity theft

The big business of child identity theft

For an unscrupulous hacker, manipulating a child’s unblemished credit report can be as easy as 1-2-3. By simply adjusting the age on the credit profile — say, from 6 to 26 — a thief can open up a loan or go on a lavish vacation, all in an unsuspecting kiddo’s name.

Criminals will pay top dollar for a minor’s personal data. It’s an enticing blank page, and any manipulations are unlikely to be detected until the victim comes of age and applies for a student loan or credit card.

It makes sense, then, that of the one million minors who had their identities stolen in 2017, nearly two-thirds were under the age of eight. It sounds shocking, but child identity theft is actually quite common. In fact, minors are at a greater risk of becoming data breach victims than their parents or guardians.

How PrivacyArmor helps 

If participants are enrolled in a PrivacyArmor Family plan, their loved ones will receive the same quality service they do! One of the things we’re most proud of is our definition of family, which is the most inclusive of any identity protection provider.

We don’t drop children just because they head to college or turn 18. And if your employees are taking care of an aging family member that lives with them, that relative is also covered!

After all, we’re in this together.

Medical identity theft

Why is medical identity theft so popular?

Not all instances of identity theft are committed with the intention of financial gain. Many times, cybercriminals use compromised credentials for other purposes, like providing falsified documentation to police. Or, even worse, obtaining medical care using the victim’s insurance.

This can create significant problems for the victims, who often find their medical records have become intertwined with those of the thief. In fact, about 20 percent of medical identity fraud victims report receiving the wrong diagnosis or treatment as a result of the compromise.

Of course, thieves also stand to gain financially. On the dark web, sensitive medical documents can earn cybercriminals a big payout, selling at a rate that’s 20 to 50 times higher than other pieces of personal data. It’s no surprise, then, that healthcare was the most-breached industry in 2017. 

How PrivacyArmor helps

We realize a person’s identity is made up of more than their social security number and credit profile. That’s why PrivacyArmor also monitors any HSA account your employee registers. If the account is compromised, they’ll be alerted as soon as fraud is detected. If their medical records or insurance information are located on the dark web, our PrivacyAdvocates are available 24/7 to fully restore their identity.

Combating an evolving wave of threats

With thieves changing tactics so quickly, how can any company protect itself and its employees? Here are a few tips.

#1 Keep employees up-to-date on the latest security risks

One of the best steps you can take to safeguard your employees is to educate yourself on new and evolving threats, especially when it comes to phishing techniques

If your organization has an IT/security department, ask to receive routine briefs about security issues and emerging risks that could impact your employees. Additionally, you might consider working with a team of experts who alert your organization to emerging cybersecurity threats.

Of course, it’s not enough to educate yourself. You must keep your employees in the loop as well. Most organizations only offer security training during onboarding, if they offer it at all. This one-and-done approach simply isn’t effective.

You should provide guidance on an ongoing basis.

#2 Monitor your digital footprint — and encourage employees to do the same

Posting to social media. Signing up for a newsletter. Leaving a review.

All of these actions, along with many others, leave behind a trail of identifiable impressions. This is known as your digital footprint, and it consists of a lot more than you might think — including actions you’ve taken offline.

Registering for a loyalty program in-store, providing an email address to your gym, and applying for a new line of credit all increase your digital footprint. Of course, it can also grow without taking any action at all.

Organizations you trust can sell your information to third parties. And if you become the victim of a data breach, your information can be repackaged and sold countless times on the dark web without your knowledge.

It’s no surprise then that your digital footprint can consist of hundreds of items — many you might not recognize. This is why it’s critical to monitor the items in your digital footprint, and reevaluate the data you share and with whom you share it.

The same goes for your employees!

#3 Keep personal and work-related accounts secure

When possible, use two-factor authentication for online accounts.

This requires users to not only enter their password, but also a unique code sent via text or email. Keep in mind, many employees use the same passwords for both their personal and work accounts. So, it would be wise to encourage them to use two-factor authentication for even non-work accounts.

#4 Offer an employee identity protection benefit

If there’s one thing you can count on, it’s that cybercriminals and identity thieves will figure out new and creative ways to con your employees and their families.

However, by providing a quality identity protection benefit to your employees, you can rest assured knowing certified experts are monitoring and protecting them 24/7.

#5 Stay vigilant

Although this seems straightforward enough, staying vigilant in today’s digital era can be incredibly challenging. With data breaches occurring in record numbers, it’s easy to become fatigued. However, you must remain focused and vigilant at all times to protect your employees.

A brighter tomorrow

Protecting employees in the digital era requires HR professionals and business leaders to embrace their inner superhero. Although you may not realize it, this is what you’ve been doing the entire time – going above and beyond to protect your company, its employees, and their families.

Hackers, identity thieves, and cybercriminals will never give up. And that’s okay, because neither will we.

  
New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.