Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Over 10,000 Online ID Fraud Rings Uncovered in United States

Researchers at ID Analytics estimate there are more than 10,000 criminal rings dealing in identity fraud in the United States. Most of these rings consist of family and friends, not professional criminals, the researchers found.

Researchers at ID Analytics estimate there are more than 10,000 criminal rings dealing in identity fraud in the United States. Most of these rings consist of family and friends, not professional criminals, the researchers found.

While there are rings consisting of two or more career criminals working together, the majority are family members or groups of friends stealing victims’ identities or improperly using victims’ personal data on various financial applications, according to a report released Wednesday from ID:A Labs, the research division within ID Analytics. In the study, ID:A Labs researchers defined an identity fraud ring as a group of people actively collaborating to commit identity fraud.

The ring members may be misusing dates of birth and Social Security numbers when applying for credit cards, loans, or other financial services. Researchers determined collusion, where people were working together, when people used similar personal identifying information on different applications.

Selling identities, such as names and credit card numbers, is just one way cyber-criminals can make money, Richard Henderson, a security strategist at FortiGuard Labs told SecurityWeek.

ID:A Labs analyzed the data collected within the ID Analytics ID Network between January 2009 to September 2010 for the study. The network includes approximately 1.7 billion “identity risk events,” which include applications for credit cards, wireless phones, payday loans, utilities, and other financial services products, as well as requests to change names, addresses, dates of birth, and Social Security numbers.

The report examined “connections among bad people rather than studying individual activity,” said Stephen Coggeshall, CTO of ID Analytics. Understanding how fraudsters are connected helps customers make better decisions, Coggeshall said. The report excluded incidents where it appeared the family was sharing identities to avoid being flagged as a bad credit risk and focused on incidents where the intent was clearly fraudulent.

A large number of families were working together, using each other’s Social Security numbers and dates of births, ID Analytics found. For example, ID:A Labs identified a family of five in Florida, ranging in ages from 24 to 37, who had filed at least 130 fraudulent applications using more than eight Social Security numbers and 11 dates of birth over a three-year period.

Advertisement. Scroll to continue reading.

A six-member team operating out of Washington, DC was run by a pair of sisters, according to the report. The team used 10 Social Security numbers, multiple names and birthdates to commit fraud. The group also used stolen identities to complete more than 69 credit card applications, the report found.

Two families appear to have teamed up near McCallum, Texas, to submit 142 fraudulent applications, the report found. One part of the gang targeted wireless providers while the other focused on retail and bank credit cards, the report said.

“Crimeware syndicates aren’t going away anytime soon. In short, it’s way too profitable–crimeware equals high returns and almost zero risk for its creators,” Derek Manky, a senior security strategist at FortiGuard Labs, told SecurityWeek.

States with the highest number of fraud rings included Alabama, North and South Carolina, Delaware, Georgia, Mississippi, and Texas, the study found. When ID Analytics filtered the fraudulent activity on the first three digits of the zip code, researchers found that areas around Washington, DC, Tampa, Fla., Greenville, Miss., Macon, Ga., and Montgomery, Ala., had the most fraud rings. Fraud wasn’t limited to just the urban areas, either, as researchers found a “surprisingly high number” in rural areas.

While some states had more fraud activity in one industry over another, South Carolina and Georgia was a “hotbed” of fraudulent activity for three—wireless, bank cards, and retail credit cards—major industry sectors, the study found. ID Analytics also identified two fraud rings focused on bank cards in Gainesville, Fla., and Orlando each filed 200 applications.

Wireless carriers suffered the most fraudulent activity, according to the report.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...