A new report looks at how victims of ghost broking are seeing their identities recycled across other frauds. Here’s the word;
Victims of motor insurance ‘ghost broking’ scams – where criminals posing as legitimate brokers sell fake or invalid motor insurance policies – have surged 93%, with two-thirds of victims’ identities reused in further fraud.
Analysis from the National SIRA shared risk intelligence consortium found that 66% of identities linked to ghost broking appear in additional cross sector fraud attempts – the highest reuse rate of any fraud type.
One insurer aware of the growing trend is Aviva.
Kat Cunningham, Underwriting Fraud Lead for the company, said: “In consumer research commissioned by Aviva, we found one in six young drivers who bought insurance from someone on social media also had their identity stolen, exposing them not only to the risks of driving without valid cover but also to the wider financial and personal consequences of identity fraud.”
Across all fraud types and sectors analysed, Synectics’ research found that:
• On average, 21% of compromised identities are reused in fraud attempts
• Most compromised victim IDs remain active for more than 90 days
The findings are published in Synectics’ Signals report.
‘Frankenstein synthetics’ part of the reuse trend
Synectics also found that of the stolen IDs that are re-used, 19% appear as part of Frankenstein synthetics – where legitimate credentials are spliced with AI-generated or fabricated information to create engineered personas.
Because these identities contain fragments of legitimate personal data, they can be particularly difficult for organisations to detect.
Recognising victims is key to disruption and protection
The harm inflicted by ghost broking is not isolated to young people, with almost two thirds of victims being over 50 years old. This scale and persistence – fuelled by identity reuse – is creating a growing challenge for insurers.
While fraud teams must stop repeat attacks, they must also ensure that individuals whose identities have been compromised are recognised and treated as victims rather than perpetrators when their details reappear in subsequent fraud attempts.
With regulatory expectations such as FCA’s Consumer Duty placing greater emphasis on protecting customers from foreseeable harm – and considering customer outcomes across the lifecycle – the ability to recognise victims of identity compromise is becoming increasingly important.
Richard Wood, CEO of Synectics Solutions, said: “Our new findings make clear that identity theft can no longer be treated as a single event to resolve. Our collective mindset must now shift from finding a fraud incident, to interrupting the harm that builds for victims throughout the identity misuse lifecycle.
By acknowledging and labelling a compromised identity early – and sharing that insight with others – we can help break the cycle of harm. This is one of the most effective ways to prevent an identity from being reused by fraudsters, and to ensure a victim is recognised by the financial ecosystem as someone to protect”.
A shared ecosystem challenge
The findings reinforce the view that identity fraud now operates as a shared ecosystem risk, rather than a problem confined to individual organisations.
Without broader visibility across organisations and sectors, institutions may encounter the same compromised identities weeks or months apart – often with only minor variations in personal details.
Improving cross-organisation intelligence sharing and victim labelling will be increasingly important in disrupting the circulation of compromised identities and preventing repeat attacks.
The full Signals insight report, which also includes analysis on mule identification, organised crime indicators and document fraud, can be found here.
Be the first to comment