BACK

Westend61/ Getty Images

Legal, Regulatory, and Privacy Issues

Guard the last 4 digits of your Social Security number

A recent phone call I received about a financial account taught me a new lesson about how to protect my Social Security number

Summary

A recent phone call I received about a financial account tested my “pay-dar” – my internal warning system for scammers out to make me pay by stealing my personal information – and taught me a new lesson about how to protect my Social Security number.      

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

A recent phone call I received about a financial account tested my “pay-dar” – my internal warning system for scammers out to make me pay by stealing my personal information – and taught me a new lesson about how to protect my Social Security number.

The caller identified himself as an employee at a bank where my husband and I have a mutual fund. He said he had a question about a recent transaction. Caller ID showed the name of my bank, so when he asked for my date of birth and the last four digits of my Social Security number, I started to rattle them off. But then I hesitated.

I happened to have been working on a story about identity theft, and the call set off alarm bells. I knew that fraudsters could spoof a phone number – making it appear they’re calling from a recognizable number. I also knew not to give my personal information out unless I had made the call.

I asked the caller to give me a number where I could call him back. He did, and he also gave me a case number to reference. I hung up and checked my bank statement. The phone number he gave was not listed, so I called the number on the statement and told the person who answered about the situation, including the case number my caller gave me.

Turns out the call was legitimate. A transaction regarding automatic deposits that I’d thought was completed four days earlier by phone wasn’t, in fact, done. The agent on the phone helped me finish the transaction and all was fine. It took about five minutes longer than if I had just given out my information to the caller.

Was I overly cautious or rightly concerned? The latter, says Steven Weisman, of Amherst, Massachusetts, author of “Identity Theft Alert” and writer of the blog Scamicide.

He says I was wise to withhold information from the caller and instead call a phone number I knew was connected to the account.

“Your caller ID can be spoofed so it can be made to appear legitimate,” Weisman says. “My rule of thumb is anytime anyone calls you on the phone or sends you an email and requests information, you shouldn’t give it because you can’t be sure.”

See related: Should I periodically replace my card to deter fraud?

Last four can reveal more

One of the things that had made me question my suspicion was the fact that the caller had asked for my date of birth and only the last four digits of my Social Security number – not all nine digits.

My sense of security was misplaced, Weisman says.

“For most of us, the first two sets of digits deal primarily with where you were born and when you born,” he says.

He pointed me to a 2009 study by researchers at Carnegie Mellon University that showed that predicting the first five digits of a person’s Social Security number is fairly easy.

Before 2011, Social Security number assignments were based on the ZIP code of the mailing address shown on the SSN application. So, for example, the Social Security Number of someone in Virginia requesting a SSN begins with 225. The second set of numbers in a SSN is the Group Number and it ranges from 01 to 99.

Using data available from online social networks, government sources and commercial data, the Carnegie Mellon researchers found they could identify in a single attempt the first five digits for 44 percent of deceased people born between 1988 and 2003. The researchers’ percentage of success identifying all nine digits slipped to 8.5 percent in 1,000 attempts, but fraudsters have computer programs to simplify the task.

The Social Security Administration switched to random number assignment in 2011, but if a fraudster knows where your SSN was requested (which could be where you were born, the location of your first job, etc.) and the last four of your Social Security number, he’s in business.*

“If someone asks for the last four digits, you’re basically turning over the keys,” says Weisman. “If it’s a sophisticated criminal, that’s all they need.”

I gave myself a little pat on the back for ignoring the constant prompting from Facebook to complete my profile by adding where I am from.

My takeaway from the whole event: Even though this particular caller actually was who he said he was, being cautious is wise. That extra five minutes finding my statement and calling the bank was time well spent.

Getting my identity stolen would have created countless hassles and eaten up a lot more time.

* Correction: The first three numbers of a Social Security number issued prior to 2011 are based on the ZIP code of the mailing address shown on the application for a Social Security number. This blog post originally incorrectly stated that SSN assignments were based on where and when people were born. See CreditCards.com corrections policy.

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Legal, Regulatory, and Privacy Issues

Credit balances: what happens if you overpay your card bill

Your money is protected by federal banking rules, but getting it back requires effort, and a big overpayment can trigger a fraud investigation

See more stories
Credit Card Rate Report Updated: March 25th, 2020
Business
14.34%
Airline
16.33%
Cash Back
16.55%
Reward
16.49%
Student
16.51%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.