Staying Anonymous in the Information Age
From DocDroppers
| Author: | Lucky225 |
|---|---|
| Date Released: | ??/??/???? |
| Added to DD: | 13:57, 30 Nov 2004 (EST) |
Identity theft is a growing crime, many people do not realize just how easy it is to obtain information and use it. Personal information such as your name, phone number, and address can be obtained as easily as making a phone call to a utility company such as your local electric or phone company. In this article I will run by a few social engineers I have used in the past that have proved time and time again reliable, I will also provide some soloutions to help protect your information.
Contents |
Scenario 1: Have name and address but need phone number
A simple call to the electric company is usually all that is needed, the following pretext will show how easy it is to obtain an unlisted phone number.
Electric Company Representative: Thank you for calling Edison Electric Company, How May I help you?
You: Yea, I'd like to check my account balance
Electric Company Representative: Okay, what's your service address?
You: 2600 Hertz Ave, Beverly Hills 90210
Electric Company Representative: Okay, I show a current balance of $92.68
You: Thank you, and could you verify the phone number on my account, I tried entering mine at the automated prompt
and it said it was invalid
Electric Company Representative: The one we have on the account is 555-1212
You: Thanks
Scenario 2: Resident has recently changed their phone number
A lot of people that like to keep their phone number private believe that if someone whom they don't want having their phone number somehow obtains the phone number that they will be safe by simply calling the phone company and having their number changed. A simple easy social engineer proves otherwise.
Telco Rep: Thank you for calling Bell, How can I help you?
You: Hi, I recently changed my phone number, and the problem is I lost the paper that I wrote the new number down on, I
feel so stupid.
Telco Rep: Oh, that's okay, what was the old phone number?
You: 555-1212
Telco Rep: Okay, and you are?
You: John Smith
Telco Rep: Okay, your new number is 555-1313
You: Thank you so much.
Scenario 3: Have phone number but need address.
Reversing phone number to address is probably the easiest out of all the scenarios, an easy way to do it is to call a number such as 888-735-2872. This automated number is supposed to send you free information about Florida in case you are planning a trip there, they ask for your phone number and when you enter it it will read back the address associated with the number and ask if the information is correct. How can they do this? They get their information from magazine subscriptions and companies that sell such information. Another good way of reversing phone numbers to addresses is to call pizza delivery companies like Pizza hut, a lot of the times these companies use your phone # to pull up your address quickly, all you have to do is call Pizza Hut and tell them you're making a delivery, they'll then ask for your phone number and after you give them it they'll say, "And you still live at 2600 Hertz ave?" And yet another social engineer involving a popular utility company can come in to play.
Telco Rep: Thank you for calling Bell, How can I help you? You: I'd like to check my balance Telco Rep: Okay what's your phone number? You: 555-1313 Telco Rep: I show a current balance of $56.78 You: Okay, my bill hasn't shown up in the mail yet, can I verify it's going to the right address? Telco Rep: I show 2600 Hertz Ave You: Thanks
A lot of the times people use PO boxes for their billing address, but you'd be suprised how many representatives will give you the real address if you simply ask them to verify the service address on the account, the service address being the address where the phone service is.
Scenario 4: Obtaining Social Security Number information
This is probably one of the harder social engineers to actually pull off due to the sensitivity of the information, however I have been able to do it using the following social engineer. You will probably need name, address, phone number, date of birth, possibly more information on the account, however I have successfully obtained SSN information without much verification, the good thing about this is you can try it on almost ANY utility company.
Utility Company: Thank you for calling how can I help you
You: Hi, I'm trying to sign up for online billing so I can check my account through the internet
Utility Company: Okay, How can I help?
You: well, I went to your website and every time I try to sign up it keeps telling me invalid social security
number, I was wondering if you could help me out.
Utility Company: Sure, what's your user name/address/phone number(depending on what utility you called)
You: <insert information here>
Utility Company: Okay, the social security number I have on file is 000-00-0000, is that yours?
You: Yes, I guess the website is just messed up or something, I'll try later thanks.
Okay, now that I've shown just how easy it is to obtain information over the telephone, I'm going to give some tips to help protect your information. First of all in the state of California, a utility company can not deny you service simply for refusing to give your social security number, however another form of ID such as a driver license may be requested. Cellular companies are exempt however
because there has been no legislation restricting them, however the California PUC has this to say:
The Commission recognized that a carrier does not need a customer's social security number to obtain a copy of his or her credit report in Lewis v. Cellular One Communications. In Lewis, a customer filed a complaint against SB Cellular because it required him to give his social security number to initiate service.
His only alternative to giving his social security number was to pay a $1,000 security deposit. Although the Commission dismissed Mr. Lewis complaint because he lacked standing as an individual to challenge a carrier's tariffs, the Commission made a firm statement against SB Cellular's requirement of a social security number:
"There is no requirement...that requires one to disclose his or her social security number as a condition precedent to obtaining telephone service." While a social security number may be requested as a form of identification, there is no requirement for a consumer to accede to that request...In retrospect, it is apparent that SB Cellular could have easily verified complainant's creditworthiness by other methods, such as by address, dates, and places of employment, mother's maiden name, or a host of other means less invasive of privacy concerns. In the future, SB Cellular is advised to take great pains to train its agents and staff to avoid a repetition of this type of incident.
As the Commission recognized in this decision, a carrier can obtain credit information about a potential customer without his or her social security number. Imposing a rule on CMRS Providers prohibiting them from requiring a social security number would not harm their businesses in any way, since credit information can be obtained without a social security number. As a result, requiring a social security number is an unnecessary and invasive practice that violates customers privacy rights and expectations that should be consistently prohibited by the Commission.
By the way I recently obtained service through AT&T without providing my social security number. Another option w/ AT&T would be to go with their GO PHONE prepaid, but I needed more minutes so I signed up for the contract.
If you are more concerned with people having your phone number more than your address get yourself a pager or a voicemail box and give that out to anyone other than whom you trust as your phone number. If you are concerned about your address information you should have all your bills going to a PO Box or private mail box, the only thing is your service address remains your real address. You should put a password on all of your utility accounts. Never give pizza places your real phone number or name if delivering, or simply don't have things delivered to your house. Don't subscribe to anything and have it coming directly to your house, use your PO BOX or PMB as if it is your address. If you are concerned that giving out your phone number may result in the phone company giving out your service address information, you can use a cell phone and have the bill going to a P.O. box, or simply have prepaid cellphone service, or if you have broadband internet you can sign up for voice over ip phone service at www.packet8.net or www.vonage.com.
