How to Fight Frankenstein Fraud: Synthetic Identity Theft Is Cybercrime’s Fastest-Growing Threat | #cybercrime | #infosec

Identity fraud hit record levels in the final quarter of 2024, driven by the rise of easily accessible AI tools, according to the annual ID Fraud Report by IDScan.net. Fake IDs are now sold on the dark web for as little as $5, with banks remaining the primary target.

Using stolen personal information for financial fraud is nothing new. But synthetic identity fraud — when criminals mix real and fake data to create a new, fictitious identity is a relatively recent development.

Unlike traditional identity theft, which targets real individuals, synthetic fraud uses elements like a stolen Social Security number (SSN) from someone with little credit activity, combined with fake names, addresses, or birthdates.

These synthetic identities are then used to open fraudulent accounts, apply for credit, or commit other types of financial crime. With synthetic identities, fraudsters can open credit cards or loans, drain bank accounts, file fraudulent tax returns, etc.

According to the report, fraudulent ID attempts were most commonly associated with IDs claiming to be from Colorado, Arizona, California, Nevada, and Texas. The average age on flagged IDs was 31, with more than 64% of fraudulent IDs were marked as male.

How Synthetic Identity Fraud Works

Here are the steps fraudsters follow to exploit financial institutions:

Creation of the Synthetic Identity. Fraudsters obtain an unused SSN (often from children, the deceased, or homeless individuals). They pair it with a fake name, address, and phone number.

Credit Building Phase: The fraudster applies for secured credit cards or small loans. They make small, regular payments to establish a good credit score.

Bust-Out Fraud: Once the synthetic identity has strong credit, the criminal applies for large loans or high-limit credit cards. They max out the credit lines and disappear, leaving banks with unpaid debts.

Monetization: Fraudsters may sell synthetic identities on the dark web. They may also use them for money laundering, tax fraud, or medical scams.

Who are impacted by synthetic identity fraud

Banks and lenders face the greatest financial losses, with a 2023 report from Thomson Reuters estimated losses between $20 billion and $40 billion — and rising.

Consequently, consumers face higher interest rates and fees as institutions offset fraud risks. Society at large is impacted when synthetic identities enable other crimes such as money laundering, human trafficking.

The finance industry remains the most attractive target for fraudsters, experiencing more than twice the number of attempted fraud cases as other sectors.

In an analysis of its finance and banking clients, IDScan.net found that identity fraud in 2025 is already 34% higher than during the same period in 2024. However, spikes were also reported in the cannabis, hospitality and logistics industries.

The logistics sector saw a 61.4% increase in fraud activity in the fourth quarter of 2024, reflecting ongoing global economic and supply chain pressures.

For nightlife and hospitality, fraud has predictable peaks during spring break, Halloween, and the holiday travel season. April 20, colloquially known as 4/20, marks a peak date for cannabis-related ID fraud.

How malicious actors leverage AI

AI has become a powerful tool for cyber criminals, enabling them to create, scale, and automate synthetic identity fraud with alarming sophistication.

Cyber criminals leverage different techniques including AI-generated fake identities/Deepfake and synthetic photos, AI-generated personal data, AI-enhanced social engineering, phishing and voice Cloning, behavioral mimicry, and adaptive fraud strategies.

How individuals and organizations can combat it

Synthetic identity fraud is difficult to detect because there is no immediate victim to report the crime. Criminals often take a long-term approach, and the fraud can go undetected for years.

As a cybersecurity expert with more than 20 years of experience, I recommend that both individuals and organizations take the following steps to protect against and detect synthetic identity fraud.

For individuals:

• Freeze your credit with all three major bureaus (Equifax, Experian, and TransUnion) to prevent unauthorized account openings.
• Limit sharing of personally identifiable information (PII) and stay vigilant about where and how it’s used.
• Use strong, unique passwords for every account and enable two-factor authentication (2FA) wherever possible.
• Be cautious of phishing attempts—never click on suspicious links or download unexpected attachments.
• Consider identity theft protection services, such as LifeLock, IdentityForce, or Credit Karma.
• Regularly monitor your credit reports through trusted sources like AnnualCreditReport.com, which offers free reports annually.

For businesses and financial institutions:

• Require multi-factor authentication (MFA) for all customer and employee account access.
• Implement AI-driven fraud detection systems to identify suspicious or anomalous transaction patterns.
• Use dark web monitoring tools to identify compromised credentials being trafficked online.
• Enforce strong Know Your Customer (KYC) protocols to validate identities before opening new accounts.

AI/ML capabilities fighting Frankenstein Fraud

While AI empowers fraudsters, it also arms defenders with advanced detection and prevention tools. These AI/ML capabilities can be leveraged to fight synthetic identity fraud:

1. AI-Powered Fraud Detection: ML models can identify suspicious patterns, such as sudden credit score jumps or inconsistencies in personal information. Additionally, AI/ML-powered biometric verification enhances facial recognition and liveness detection, helping to prevent deepfake-based spoofing.
2. Predictive Risk Scoring: AI assesses risk in real-time by analyzing device fingerprints, behavioral biometrics such as mouse movements, typing speed and historical fraud patterns to identify fraudsters.
3. Natural Language Processing (NLP) for fraud analysis: Scanning application text for inconsistencies such as mismatched employment history, AI-generated content in fake documents.
4. AI-Driven Continuous Authentication: Adaptive verification of authentication instead of static passwords can help resist synthetic identity fraud.
5. Blockchain-Based Identity Verification: Leverage immutable digital identities stored on the blockchain to prevent tampering, forgery, and unauthorized alterations.

Synthetic identity fraud is not just a financial crime — it’s a systemic challenge that demands proactive technology, collaboration, and consumer awareness.

While AI has empowered fraudsters, it also provides the best tools to combat them. Staying ahead requires constant vigilance and innovation across all sectors.

About the author: 

Abdul Alim is a seasoned cybersecurity architect with over two decades of hands-on experience securing complex enterprise networks across on-prem, cloud, and hybrid environments. His expertise spans Zero Trust frameworks, multi-cloud infrastructure, and AI-driven threat detection, making him a go-to authority for building secure, scalable systems. He’s fluent in the tools that power modern cybersecurity from Palo Alto firewalls, Cisco ISE, and Forescout NAC to AI-enhanced monitoring with Microsoft Sentinel, Splunk, and log analytics. Alim also leverages automation with Terraform, Ansible, and PowerShell, designs container-secure networks for Kubernetes (AKS, EKS, GKE), and ensures compliance with standards like NIST CSF, CIS Benchmarks, and PCI-DSS. Whether stopping ransomware in its tracks or securing AI models from data poisoning, he focuses on what works: robust architecture, practical defenses, and relentless adaptation to an evolving threat landscape.