According to a blog post on their website, Socure, a “leading provider of AI-powered digital identity verification and fraud prevention solutions”, has identified “over 9,100 fraudulent checking and credit applications spanning multiple financial institutions” that are created with the stolen identities of Massachusetts residents born between 1975 and 1990.
The attackers have been using specific email domains, such as Outlook.com and Hotmail.com, with gibberish email handles. The applications used Massachusetts phone area codes, but the majority of these phone numbers were "flagged for limited activity or were recently reassigned." Area codes used included “339, 351, 413, 508, 617, 774, 781, 857, and 978.”
Many of the IP addresses didn’t align with locations in Massachusetts, pointing to possible VPN or proxy usage. In fact, over 89% of the suspicious applications originated from areas more than 100 miles away from the listed home address. Application activity within Massachusetts has also seen a sharp rise during overnight hours.
Where did the identities come from? Socure says that “the exclusive use of Massachusetts identities in this attack strongly suggests that a data breach is at the heart of this effort,” citing that in 2024, “7 million residents had their identities compromised.” Socure believes that there is an effort to utilize the Massachusetts-based identities with the phone Area Codes to build credibility.
Financial institutions should consistently be monitoring for unusual patterns in application volumes, verifying the authenticity of email addresses and phone numbers, and using analytics to detect anomalies in IP addresses and geolocations.