Assumed Identity Abuse is on the Rise, and Fraudsters Are Getting Better at It

Identity theft is a massive problem; here at SentiLink we flag more than 45,000 identity theft attempts every single day. But one check on how much most identity fraudsters can steal is that the victims generally notice their identity has been stolen, and can take measures to fight back, such as reporting the theft to FIs and freezing their credit.

But increasingly, SentiLink and our partners are seeing a surge in a form of identity theft where there's no check on the fraudsters because the victims generally don't know the theft has happened: Assumed Identity Abuse. 

What is assumed identity abuse?

Assumed identity abuse (AIA) involves fraudsters exploiting the identities of real people who entered the US months or years ago using nonimmigrant visas such as J-1 (exchange visitor) or F-1 (student) visas, but who are no longer living in the United States.

In some cases, these people may be aware of the theft and complicit with the fraudsters, because they don't intend to return to the US and therefore don't care about the credit status of their identity here. But we suspect that in most cases, these victims are wholly unaware of the fraudulent activity their US identities are being used to facilitate. 

That means that the true victim will never report their identity has been stolen or freeze their credit, making it more difficult for FIs to tell that the applications associated with those identities are illegitimate. (Sometimes, however, the fraudster will report the identity as stolen as part of a credit washing scheme or to prevent other fraudsters from using and potentially damaging the credit of "their" identity.)

The identities used in AIA once tended to have thin files with limited phone, email, and address history. This historical data can often be an important signal for FIs assessing an application's fraud risk, so the relative lack of it made catching AIA cases a challenge. Increasingly, though, we're seeing AIA fraudsters intentionally build up history with dedicated phones and emails for their identities, making identifying these cases even tougher.

Moreover, because the fraud victim is no longer present in the United States, there's no recent legitimate user activity to compare the fraudulent activity against. In traditional identity theft, for example, the contact details provided by the fraudster can be contrasted against contact details listed on any applications submitted by the legitimate owner of the identity during the same time period. Noticing that the same identity has submitted two applications within a short period with two different emails or phones can be a strong sign that one of those applications is probably identity theft. But with AIA, the legitimate identity owner has left the country, so there will be no recent applications from the legitimate identity owner to create this contrast— whatever contact details the fraudster has chosen will generally be consistent across all recent applications from that identity.

AIA is growing fast

Assumed Identity Abuse is still a comparatively rare form of fraud, but it's growing quickly.

Over the past year, SentiLink has observed a 2.3x increase in the number of applications flagged as high risk for AIA:

(Note: the AIA numbers above come from a subset of partners undergoing a significant AIA attack. AIA is generally low-incidence; for broader coverage of AIA see our 2H24 Fraud Report).

And these applications are very costly – in a SentiLink analysis, we found that AIA-flagged applications resulted in 11.4x higher losses for FIs than applications from the general population.

How do fraudsters use AIA identities?

SentiLink's Fraud Intelligence Team manually reviews tens of thousands of cases each year, and we have observed a number of patterns associated with the use of AIA identities.

First, for the fraudsters, this is a long-term play. They will steal and "incubate" identities quietly for several years to build credit before busting out. In mid-2025, for example, we're seeing a burst of activity from identities that fraudsters first acquired and began incubating in 2023. 

This incubation behavior may include opening credit lines and paying them back to build credit, as well as establishing history with the emails and phone numbers they're using for the identities. A real identity applying for credit using an email or phone number that has not previously been associated with it is a common red flag indicating identity theft – these fraudsters know that, and they're putting in the time and effort to age these emails and phones in the hopes their applications won't be flagged.

In some cases, they may even pay rent and/or taxes in the name of the identity they've stolen, presumably to make the application look even more legitimate when they ultimately apply for large amounts of credit. During this incubation period they also seem to be creating or acquiring documents that they can use to "prove" their identities, such as forged identity cards.

Once the identities start to be used for fraud, we see almost all of them tied to at least one DDA account, and ultimately the fraudsters also frequently apply for unsecured credit cards and other unsecured credit products. The typical pattern is a relatively quiet "incubation" period, ultimately followed by a flurry of activity as the fraudster attempts to attain as much credit as possible before busting out. 

How is AIA changing?

Over time, we've observed significant changes that indicate an increasing level of sophistication is being applied to these schemes. For example:

• In the past, fraudsters often picked identities that had left the US many years ago, leaving a big gap in their credit history between the real person's legitimate use of the identity when they were in the US and the fraudster's illegitimate use of it years later. Now, we're seeing fraudsters leveraging identities with shorter gaps, making these cases more difficult to identify. 
• In the past, we often saw fraudsters using the same address in association with five or more different stolen AIA identities. Now, we're seeing them spread identities out more, with just one or two linked to each individual address. 
• In the past, fraudsters have seemed to target primarily the identities of people with specific nationalities. Now, we're seeing a much greater spread of targeted identities, with victim identities from all over the world.

How can FIs identify and stop AIA?

The quick and easy answer is to leverage SentiLink's recently-updated Assumed Identity Abuse flag, which automatically assesses incoming application identities for signs of AIA and flags high-risk applications in real time.

Another approach would be to request an IRS Form 4506-T for applications where AIA is suspected, although this does add quite a bit of friction to the application process for affected users. 

However, if reviewing applications manually or building a bespoke set of rules to identify AIA, there are some key signs to look for, including:

• Relatively inactive phones and emails – while the fraudsters are incubating identities so that they're not using brand-new contact information, these phones and emails often don't see much use until the fraudster gets to the high-activity, ready-to-bust-out phase of this fraud lifecycle. It's common to see an AIA application with phones and emails that are a couple of years old, but that haven't been used on many (or any) previous applications.
• Familiar email naming conventions – the same fraudsters tend to use similar patterns for the emails they create for all of their AIA identities, meaning that if you can identify one AIA application that uses a specific pattern such as jyjt-435@myyahoo.com, applications with emails using similar structures (e.g. gdsg-567@myyahoo.com) are likely worth taking a close look at. 
• Ties to odd addresses – while it's certainly not always the case, we've seen a number of AIA identities used on applications listing addresses that are actively for sale or, in some cases, soon to be up for auction. 
• Ties to fraud-linked addresses – it's not uncommon for the addresses on AIA-flagged applications to also be associated with applications that are high risk for other forms of fraud, including third-party synthetic fraud and garden-variety identity theft. 

That said, there's no getting around the reality that identifying AIA is difficult. If you're seeing applications you think might be AIA, reach out and we can help you take a look. (And of course, if you're a SentiLink partner already, you can always escalate tricky cases to our Fraud Intelligence Team).