Key insights
- Fraud doesn’t look like fraud anymore. AI is helping synthetic identities and fake documentation blend in, so “surface-level” checks and pattern-based validation are increasingly easy to bypass.
- Synthetic identity fraud hides in plain sight, and lingers. Because these identities aren’t tied to a real person monitoring activity, they can build “legitimacy” over time, making cleanup harder.
- You can reduce the risk of synthetic identity fraud with practical, well-established steps.
Build stronger safeguards against fraud.
Synthetic identity fraud has become a persistent challenge for taxpayers, financial institutions, and public agencies. Unlike traditional identity theft, which involves the misuse of an existing person’s information, synthetic fraud relies on the creation of an entirely fictitious identity.
As artificial intelligence (AI) becomes more accessible, the methods used to support fraudulent activity continue to evolve.
To spot this kind of fraud before it causes real damage, it helps to understand how synthetic identities are created — and why they’re so hard to detect once they take hold.
Understanding the mechanics of synthetic fraud
Synthetic fraud begins when bad actors combine a legitimate piece of personal information like a Social Security number with fabricated names, dates of birth, and addresses.
The resulting identity does not correspond to an actual individual. Because there’s no real person monitoring activity connected to that information, irregularities often go unnoticed.
These fabricated identities may remain active for an extended period. During that time, the fraudster may build a credit history, file documents, or interact with systems that don’t immediately detect inconsistencies. When fraudulent activity eventually occurs, it can be difficult to distinguish legitimate records from those tied to the synthetic profile.
How artificial intelligence is influencing fraud techniques
AI has made certain types of fraud easier to execute, including synthetic identity schemes. Tools once limited to specialized users are now widely available. These tools can generate tax documents, pay statements, and other materials resembling authentic records.
Generative AI can reproduce the format and language of updated IRS forms, incorporate new deduction categories, or reflect recent changes in income reporting rules. As a result, fabricated documents may appear consistent with current tax guidance. Automated validation systems that rely on formatting or expected patterns may not identify these materials as suspicious.
In some cases, discrepancies surface only during deeper verification or audit procedures. By that point, fraudulent refunds or payments may have passed through several accounts intended to obscure their source.
AI doesn’t change the underlying nature of fraud, but it influences the speed at which documents can be produced and the level of detail they contain.
What we’re seeing with our clients isn’t just more fraud, but better-disguised fraud. AI has lowered the barrier to creating convincing synthetic identities, which means organizations can no longer rely on surface-level validation to manage risk. Dan Resnick, CLA managing principal of service, digital/cybersecurity
Using the IRS identity protection PIN as a preventive measure
The IRS Identity Protection PIN, also known as an IP PIN, is one of the strongest tools taxpayers can use to prevent unauthorized filings. This six‑digit number is issued by the IRS each year to individuals who enroll in the program or who have previously experienced identity theft.
The IP PIN functions as a second form of authentication. A tax return can’t be filed under a Social Security number unless the correct PIN is included. If someone attempts to file using your information without your IP PIN, the IRS will reject the return. For individuals who want a reliable way to reduce the risk of fraudulent refund claims, the IP PIN offers meaningful protection.
Steps to take after a breach or misuse of information
If you learn your information has been used in connection with a synthetic identity, act quickly and document each step.
1. Report the identity theft
Complete an identity theft report at IdentityTheft.gov. This report serves as formal documentation you are disputing accounts or credit activity linked to the synthetic profile.
2. Place a security freeze
Place a security freeze with each of the three major credit bureaus. A freeze restricts new credit from being opened in your name. This can help prevent additional misuse while you work to correct records and separate your identity from the fraudulent version.
How CLA can help with synthetic identity fraud
Addressing synthetic identity fraud often calls for deep tax experience and a strong understanding of cybersecurity risks. CLA works with individuals and organizations to help spot issues early, respond quickly, and put safeguards in place. We help clients make sense of rejected tax returns or IRS notices tied to possible identity misuse, gather the right documentation, and set up tools like the IRS Identity Protection PIN.
Our cybersecurity team supports efforts such as cybersecurity assessments, reviews of identity verification practices, and incident readiness planning through our digital cybersecurity services. When concerns arise, we help clarify what happened and outline practical next steps.