Module 2.5 — Synthetic Identity at Scale
50-minute lecture · Day 2 afternoon
Learning objectives
By end of this module, students can:
- Identify the three primary attack surfaces for synthetic identity: KYC enrollment, vendor onboarding, and executive impersonation on professional networks
- Cite documented 2024-2026 cases of AI-generated profiles used for B2B fraud
- Recognize the KYC-vendor disclosure landscape (Onfido, Jumio, Persona) and what their reported metrics tell you about the attack surface
- Apply the workflow-gap principle from Module 2.4 to identity-verification workflows
The threat class
Module 2.2 covered synthetic audio. Module 2.3 covered synthetic video. Synthetic identity is the structural extension: AI-generated people used to defeat verification workflows at scale.
Three primary attack surfaces:
Surface 1: KYC enrollment fraud
The attacker creates synthetic identity documents (driver’s licenses, passports), synthetic faces (GAN-generated), and synthetic voice samples. They submit these through a KYC enrollment workflow at a bank, exchange, payment processor, or government service. The objective: open an account or claim a benefit in a synthetic identity that has no real human behind it.
Pre-AI, this required physical documents and photoshoots. With 2024-2026 generative AI, the cost of producing convincing synthetic KYC packages has dropped near-zero. Attackers can generate hundreds of synthetic identities per day.
Surface 2: Vendor onboarding fraud
A more sophisticated B2B attack: the attacker builds a fake vendor over months. Real-looking LinkedIn company page, AI-generated executive profiles, AI-written press releases, fabricated reviews. The fake vendor establishes a customer relationship with the target organization. After trust is established, the vendor submits invoices with fraudulent payment instructions, or requests a change to its banking details that redirects future payments.
The City of Baltimore case (covered below) is a documented example of this pattern.
Surface 3: Executive impersonation on professional networks
The attacker creates AI-generated LinkedIn profiles impersonating real executives at target organizations, or creates entirely fabricated executive profiles to establish trust networks. These profiles connect with real staff at the target, build social-proof through endorsements and engagement, then leverage that proof for spear-phishing, recruitment fraud, or vendor fraud.
This pattern is the substrate for several of the BEC cases in Module 2.1. The attacker doesn’t have to impersonate the CEO on a call if they already have a believable LinkedIn profile claiming to be the CEO’s chief of staff.
Documented 2024-2026 cases
City of Baltimore synthetic vendor fraud — 2024 ($1.5M)
The City of Baltimore reported approximately $1.5M in losses to “synthetic vendor” fraud in 2024. Attackers impersonated a known legitimate vendor over months using AI-enhanced profile nurturing — fake LinkedIn, fabricated email communications, AI-generated documentation — before submitting a banking-details-change request that redirected future payments to attacker-controlled accounts.
The fraud was discovered after the legitimate vendor inquired about non-payment, months after the fraudulent banking-details change had been processed.
Detection lesson: vendor-management workflows had no out-of-band verification for banking-details changes. The Module 2.4 workflow-gap pattern applies at the vendor-master-data layer just as it does at the wire-transfer layer.
Workforce impersonation on LinkedIn — ongoing 2024-2026
Multiple vendor reports (eftsure, Veridion, others) document increasing prevalence of GAN-generated professional profiles on LinkedIn used to establish trust networks with internal staff at target organizations. The pattern:
- Generate convincing AI executive profile (face, employment history, education)
- Connect with 20-50 real employees at the target organization, building social-proof
- After 60-90 days of established presence, use the network for spear-phishing or vendor introductions
- The eventual fraud (BEC, vendor onboarding, recruitment) appears to come from a “trusted” connection
Detection lesson: professional-network reconnaissance against new LinkedIn connections, especially from accounts with short connection histories despite senior titles, can surface this pattern. LinkedIn’s own controls have partially addressed it but the cat-and-mouse continues.
UK Recruitment industry deepfake candidates — March 2025
Coordinated fraud campaign using deepfake video candidates to pass video interviews for high-paying remote technical roles in the UK recruitment industry. Once hired and granted system access, the “employees” submitted fabricated invoices or harvested sensitive data. Estimated losses across multiple firms: £1M+.
Detection lesson: video-interview workflows need liveness challenges (Module 2.3) and document-verification cross-checks. The Ability AI case (referenced below) caught one of these by recognizing audio-video synchronization lag during the interview.
FAMOUS CHOLLIMA (DPRK) IT-worker scheme
Covered in Module 1.1 from the state-actor angle. From the synthetic-identity perspective: CrowdStrike’s 2025 Global Threat Report documented FAMOUS CHOLLIMA using AI-generated LinkedIn profiles with believable backgrounds and AI-generated profile images to deceive recruiters. The DPRK IT-worker scheme infiltrated 320+ companies in 12 months (220% year-over-year increase) — substantially driven by the AI-generated profile pipeline.
The KYC vendor disclosure landscape
The vendors providing KYC-as-a-service (Onfido, Jumio, Persona, Veriff, ID.me) have publicly disclosed alarming metrics about deepfake attempts at the enrollment surface:
Onfido (Entrust)
Onfido reported in their 2024 fraud-report that deepfakes now comprise 24% of biometric fraud attempts, with an attack occurring every 5 minutes globally. The shift since 2022 is dramatic — biometric fraud attempts were dominated by physical mask/photo attacks pre-2023; AI-generated faces and videos now dominate.
Jumio
Jumio launched their “Liveness Premium” tier in mid-2025 specifically to address an 88% surge in digital injection attacks (attackers bypassing the device camera by injecting AI-generated video files directly into the camera buffer). Digital injection is the hardest class of attack to detect because the device sensor never sees the attacker’s face — only the AI-generated stream.
Persona
Persona reported blocking over 75 million AI-based face spoofing attempts in 2024. Persona’s strategic response shifted toward “hardware fingerprinting” — detecting virtual cameras and emulation environments used for real-time deepfake injection — rather than relying solely on artifact-level deepfake detection.
These vendor disclosures are the empirical face of the threat. The detection engineer working on KYC pipelines should:
- Validate the vendor’s claims against your own data. Run periodic red-team exercises with internal AI-generated identities against your vendor’s pipeline; measure detection rate.
- Layer the vendor’s controls with your own workflow-gap detection: even if the KYC vendor passes a synthetic identity, downstream account-funding workflows can require OOB verification, holding periods, transaction limits.
- Subscribe to the vendor’s threat-intel feed. Most KYC vendors share known-fraud-network indicators (device fingerprints, IP ranges, document templates) with customers. Integrate these into your SIEM.
FinCEN / FBI scale picture
From the financial-system angle:
- FBI IC3 2024 cyber-enabled fraud total: ~$13.7 billion
- FBI IC3 2025 AI-related fraud (first formal tracking): ~$893 million directly attributed
- FinCEN/industry estimate of US synthetic-identity-fraud economic impact: $30-35 billion annually
The synthetic-identity loss number is larger than the BEC number because synthetic identity is upstream of multiple downstream fraud types (account takeover, loan fraud, benefit fraud, money laundering). A single successful synthetic-identity enrollment can sustain months or years of downstream fraud.
The workflow-gap principle applied to identity
Just as Module 2.4 applied workflow-gap detection to wire transfers, the same principle applies to identity workflows:
Vendor onboarding workflow
The detection pattern: vendor banking-details change OR new vendor invoice payment, WITHOUT a corresponding “vendor-identity-verification-completed” event in the past N days, fires the alert.
Detect: vendor_banking_details_changed OR vendor_first_payment_authorized
Require: vendor_verification_completed event for same vendor_id within 30 days
Alert if: required event absentThis is the same Sigma 2.0 correlation pattern from Module 2.4, applied to the vendor-master-data domain.
Executive new-account / new-channel workflow
The detection pattern: when an “executive” reaches out through a new channel (new WhatsApp number, new email, new Slack DM) requesting a financial action, the IT/finance/comms systems should require explicit verification of the executive’s identity through a trusted channel.
This is harder to encode in SIEM because the “new channel” is often outside the org’s control (an external WhatsApp number isn’t in your asset inventory). The practical implementation is at the policy + training layer: any executive financial-action request through a new channel goes through a documented verification step, and that step is logged. The SIEM rule then detects when the financial action proceeded without the verification log entry.
KYC enrollment workflow
The detection pattern: at the KYC vendor layer (Onfido/Jumio/Persona/etc.) — track per-applicant detection scores and flag patterns indicating injection attacks, even when the vendor lets the applicant through. Apply additional in-house verification (manual review, holding period, transaction limits) to applicants who scored marginal on the vendor’s checks.
Discussion questions (~10 min)
- Your org just procured a KYC vendor that reports “99.7% accuracy on deepfake detection.” Based on Onfido/Jumio/Persona disclosures (24% deepfake biometric fraud, 88% surge in injection attacks, 75M blocked spoofing attempts), is “99.7% accuracy” the right number to evaluate the vendor on? What additional metrics would you ask for?
- The City of Baltimore lost $1.5M to a synthetic-vendor fraud across months. What workflow-gap detection would have caught it after the first or second fraudulent payment? Why didn’t it exist in the city’s procurement process?
- FAMOUS CHOLLIMA infiltrated 320+ companies in 12 months using AI-generated LinkedIn profiles. The recruiter at each company performed a video interview. What was missing from the recruiter workflow that allowed deepfake candidates to pass? Map this to one of the Module 2.3 liveness techniques.
Common mistakes
| Mistake | Better approach |
|---|---|
| Trusting KYC vendor accuracy claims at face value | Run periodic red-team tests with internal synthetic identities; measure detection rate in your environment |
| Treating LinkedIn connections as identity verification | LinkedIn profiles can be entirely AI-generated; require organizational-channel verification before trust |
| No out-of-band check on vendor banking-details changes | Apply workflow-gap detection at vendor-master-data layer just as you do at wire-transfer layer |
| Skipping liveness on video interviews because “candidates would refuse” | Liveness is a 5-second prompt; framing it as standard practice removes friction |
| Treating digital injection attacks as a vendor problem | Layer your own controls (transaction limits, holding periods) on top of vendor KYC |
What’s next
Module 2.6 closes Day 2 with the IR playbook for deepfake-suspected incidents — what the SOC does in the first 30 minutes, how to preserve forensic evidence, what regulatory notifications fire, and how to coordinate transaction-reversal windows that may close within 4-24 hours.