1. Articles
  2. Synthetic Identities, Proxies & Real Identities for Sale

Synthetic Identities, Proxies & Real Identities for Sale

Learn how synthetic identities can be used to bypass onboarding and KYC to impact your business.

 

Fraudsters aren’t sitting still—and neither should we.

Over the past year, we’ve seen a major shift in how fraud works. Synthetic identities are getting more sophisticated, fraudsters rotating proxies making it easier to hide, and now real identities are being sold online like commodities. 

We’re talking full profiles: names, social security numbers, emails, phone numbers—even selfies. Layer in a clean IP address and a believable device fingerprint, and you’ve got traffic that looks totally legit.

That’s the game now. These attacks slip through onboarding, pass KYC, and behave like real users. Until they don’t.

 

Static Signals Can’t Keep Up 

If your fraud detection is still running on stale IP lists you’re playing from behind. Fraudsters are constantly rotating their proxy networks using fresh-looking residential IPs, and what seems “safe” in the morning can be running a credential stuffing attack by lunch.

Worse, many signals don’t come with the context needed to act confidently. Without knowing what kind of abuse happened—or when—you’re left guessing. That’s how false positives creep up and real fraud goes undetected.

 

What We’re Seeing in the Field

We've been working closely with fraud and security teams across fintech, e-commerce, and SaaS platforms, and there’s a clear pattern: attacks are evolving quickly, and detection needs to be faster, deeper, and smarter.

Here are a few of the top attack types we’re seeing:

  • Account takeovers using residential proxies – Credential stuffing and session hijacking from IPs that look completely clean.

  • Synthetic identity fraud during onboarding – Fake identities that pass identity verification and get approved for credit, promos, or access.

  • Automated attacks on login/signup flowsBots mimicking user behavior to brute force, farm, or scale abuse.

It’s getting harder to separate real users from bad actors—especially when the signals you’re relying on are 12 hours old.

 

How We’re Tackling It

We’ve been testing a new capability with a few partners: a real-time IP Address Abuse Feed that refreshes every few minutes. It flags verified threat activity like proxy usage, automated behavior, and malicious traffic patterns—enriched with risk scores and abuse types.

But this is just one piece of a bigger strategy. At IPQS, we take a multi-layered approach to fraud prevention—combining IP reputation, device fingerprinting, email and phone risk signals, behavioral patterns, and threat intelligence into a unified view. Alone, each signal has limits. Together, they tell a much clearer story.

What’s been especially powerful is the scale of visibility. We're now providing abuse intelligence for more than 50 million IP addresses, and what we’re seeing is eye-opening. The same abusive IPs are popping up again and again—often cycling through tens of different proxy networks in a single day. This type of behavior is nearly impossible to catch with static lists or one-dimensional risk models, but becomes crystal clear when you’re watching traffic in real time.

 

Key Takeaways: Smarter Signals, Sharper Defenses

At the end of the day, protecting against this new wave of fraud means staying ahead of the patterns. Look for behavior—not just credentials. Prioritize fresh, contextual signals over static ones. And above all, layer your defenses. No single signal is perfect, but when you combine IP reputation, device data, behavioral cues, and threat intelligence, you start to see the full picture.

Fraud is evolving fast. If your detection signals aren’t keeping pace, you’re missing the real picture. We’re learning a ton from the teams we work with, and always open to comparing notes.

If you’re seeing these kinds of challenges—or testing new approaches—I’d love to hear how your team is thinking about it. Drop a comment or send a message. Let’s talk.

 

About the Author

Shea Craft is the Head of Solution Consulting at IPQS, where he works closely with fraud and security teams to solve real-world detection challenges. Shea helps teams build smarter, more scalable ways to fight fraud—without sacrificing the user experience.

 

 

Share this article

Related Articles

View All News & Articles
13 Dec 2023
Prevent Fraudsters: Your Guide to Fraud Detection in 2023
Leveraging Fraud Detection Techniques Against a Rise in Fraud Attacks Imagine a world where your bu...
02 Jan 2023
How to Prevent Fake Account Creation Fraud
Prevent Fake Accounts & New Account Creation Fraud Account creation fraud affects over 90% of we...
27 Jun 2025
Fighting Fire with Fire: How to Stop Agentic AI Before It Hits You
  Agentic AI isn’t science fiction anymore—it’s already reshaping how fraud ...
Call Us: (800) 713-2618

Ready to eliminate fraud?

Start fighting fraud now with 1,000 Free Lookups! We're happy to answer any questions or concerns. Chat with our fraud detection experts any day of the week.

Start Your Free Trial Schedule a Demo