Some governments like South Korea require the submission of a valid national identification number in order for users to register an account in Web services. Unfortunately, this validation system can cause a big privacy threat. Recently in South Korea, identifiers of about 2/5 Korean population were leaked by some hacking accidents. In order to lower the chances of forgery and privacy invasion using exposed information, Korean government introduced an alternative identifier system. However, we are concerned that neither old nor new identifer systems are safe against a phishing attack. In this paper, we empirically analyze the vulnerability of the alternative system. We conducted a real phishing attack experiment to complete our analysis.