Synthetic Identity Fraud: How Phone Calls Harvest the Data
How fraudulent phone callers pose as government agencies, banks, and healthcare providers to collect Social Security numbers and personal details used to construct synthetic identities.
Part of: Synthetic Identity Fraud
Last reviewed: 9 June 2026
Synthetic identity fraud requires assembling a set of real personal data fragments — most critically a Social Security number — combined with fabricated details to create a functional credit persona. Phone calls are one of the most productive collection methods for this data because a skilled caller can extract an SSN, date of birth, and address in the course of a single interaction that feels entirely routine to the target.
The phone call is particularly effective for SSN collection because the social dynamic of a call makes it difficult to refuse what seems like a routine verification request. Government agency impersonation calls — Medicare, Social Security, IRS, immigration — routinely seek SSNs under authoritative pretexts, and many people provide them without considering that no legitimate government call should require SSN disclosure to an inbound caller.
This guide covers how to recognise phone calls that are collecting data for synthetic identity construction and what to do after providing sensitive information on a call.
How this scam works on phone calls
The caller poses as a representative of a government agency or financial institution and states that they need to verify the target's identity before providing information about a benefit, claim, account, or legal matter. The 'verification' collects full name, date of birth, and Social Security number — the core data set for a synthetic identity.
Additional calls, or a continuation of the same call, may collect the address, mother's maiden name, and banking information. This combination enables both direct fraud and the creation of a synthetic profile that combines the real SSN with a fabricated name and address for credit applications.
Some callers are highly sophisticated, using accurate partial details about the target — obtained from data breaches or public records — to establish credibility before requesting the SSN for 'confirmation'. Providing the SSN to 'confirm' what the caller already knows feels different from providing it cold, which is exactly why this technique is used.
Common red flags
- Caller requests your Social Security number to verify your identity before providing any information
- Request for SSN, date of birth, and address in the same call from an inbound caller
- Caller demonstrates knowledge of partial personal details and uses them to seem legitimate
- Urgency about a benefit suspension, account hold, or legal action if you cannot verify immediately
- Caller cannot be reached when you call the organisation's official main number independently
How to protect yourself
- Establish a personal rule: never provide your Social Security number to an inbound caller for any reason
- Place a credit freeze with all three major bureaus so your SSN cannot be used to open new accounts
- If you have provided your SSN to a caller, place a fraud alert immediately and monitor your credit
- Review your Social Security earnings record annually at ssa.gov to detect any unexplained employment entries
- Report any inbound call requesting your SSN, regardless of pretext, to the FTC
How to report it
- Report to the FTC at reportfraud.ftc.gov and use identitytheft.gov for a recovery plan if data was shared
- Contact the Social Security Administration OIG at 1-800-269-0271 if your SSN was collected
- File a report with the IC3 at ic3.gov if financial fraud has resulted
- Place fraud alerts with Equifax, Experian, and TransUnion
Frequently asked questions
Why would a fraudster call me just to collect my SSN if they are not going to use my name?
Synthetic identity fraud uses a real SSN combined with a fabricated name. Your SSN is the anchor for the synthetic persona's credit profile. The fraudster does not need your name — just your number to build a credit history that they later exploit.
What should I do immediately after realising I gave my SSN to a suspicious caller?
Place a credit freeze with all three major bureaus immediately. Check your Social Security earnings record at ssa.gov. File a report with the FTC at identitytheft.gov and monitor your credit for new accounts you did not open.