funsec mailing list archives
Re: Re[4]: The end of Phishing in sight?
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Wed, 19 Oct 2005 11:33:57 -0600 (MDT)
On Tue Oct 18 21:00:41 2005, Aditya Deshmukh wrote:
DFC> Why is ID theft a non-issue in Europe? There are many many differences in the way social security works - my social security number/card won't get you anywhere. You can't do anything with any of my bank account numbers,This is find really disturbing - anyone with an account number can do a lot of things without the signature of the account holder. And there are Thousands of ways to get the account number. The social security number is only required by buinesses when he transaction amount is over $5000. Has anyone tried to give false numbers where it not legally required? Does this work over there in US ?
I use an EIN instead of my SSN. (EIN = employment identification number.) Anyone with an SSN can get an EIN in about 10 minutes from the SSA. Here's how the process works: - Download the EIN form. http://www.irs.gov/businesses/small/article/0,,id=98350,00.html - Fill it out. - Call the 1-800 number. - Read to the operator what you entered into each box. - They will tell you your new EIN and send you a confirmation letter later. You are supposed to have a business reason for getting an EIN. (And I do have one.) But truthfully, anyone asking can get one. If you need to give a company name and don't have one handy, give "Your name, sole proprietor". Many times, they don't ask. (Or pay $5/yr for a registered trade name...) The neat thing about an EIN (or so I'm told -- I have not yet been in a position to actually test all of these): - It looks like an SSN. (Usually written with different hyphen positions, but it just looks like an SSN.) - It can be used to open new bank accounts. BUT: most still want an SSN to verify the person opening the account. The EIN becomes the registered account identity. (This is how you open a corporate bank account.) BUT: The SSN does not need to be related to the EIN! - An EIN cannot be used to open a new credit card or establish a line of credit. I'm told that "credit ratings" are not associated with EINs. Using an EIN to purchase a car won't work -- so caching out for carders becomes difficult. (For anyone with a corporate credit card, I'm sure you remember giving them your SSN to link to the card... That's because an EIN won't work.) - It can be used almost anywhere an SSN can be used. Tax records, 1099, etc. are fine -- just specify the EIN. (Good for business partners that are explicitly not trustworthy.) - The IRS keeps a link from SSN to EIN, but not from EIN to SSN. This means, stealing an EIN only compromises the EIN and not the entire SSN. They can compromise my EIN number, but not steal my identity. (Then again, if you're a big company like IBM, then having your EIN stolen can be VERY bad...) - Resolving a stolen EIN is much easier than resolving a stolen SSN. (One phone call, and no credit bureaus.) If I'm wrong about any of this, I'm sure someone with tell me. :-) Do any European countries (or anywhere else besides the USA) have a concept similar to an EIN? -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: The end of Phishing in sight?, (continued)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Jeff Rosowski (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Fergie (Paul Ferguson) (Oct 18)
- Re: Re[4]: The end of Phishing in sight? Dr. Neal Krawetz (Oct 19)
- Re[6]: The end of Phishing in sight? Pierre Vandevenne (Oct 19)