A review of Secret Service files has found that half of the cases of identity theft involved technological devices, such as computers, scanners and digital cameras, and only 10 percent were done exclusively through the Internet.
In 20 percent of the other cases, thieves stole personal data the old-fashioned way.
Low-tech tactics included rerouting mail by sending change-of-address requests to institutions handling credit-card and bank accounts, swiping items right from mailboxes, and "Dumpster diving" -- going through trash for personal information that can be used to produce counterfeit documents and to open credit accounts.
Researchers from Utica College's Center for Identity Management and Information Protection in New York analyzed 517 Secret Service cases of ID theft from 2000 to 2006. It was the first study of closed files from the federal agency, which is responsible for investigating identity theft and fraud.
Among their findings:
A fifth of the time, identity thieves stole personal data at their workplace. Of them, 60 percent were employed in the retail industry -- stores, car dealerships, gas stations, casinos, restaurants, hotels, hospitals and doctors' offices. Another 22 percent worked for financial services, such as banks and credit-card companies, and 9 percent were in government.
People were victimized by a family member or friend 16 percent of the time.
Personal information was stolen from someone's home, car, wallet or pocketbook 12 percent of the time.
Most of the thefts occurred in the Northeast and the South.
The median loss was just over $31,000, although in one case a thief spent millions on luxury vehicles and established shell companies to defraud more victims.
The study confirms a recent Consumer Reports poll that found Americans overwhelmingly believe they are more vulnerable to identity theft when a business has their Social Security number. Most respondents said they want companies to stop using the numbers to identify customers.
A Social Security number, coupled with your date of birth and address, is the Holy Grail for identity thieves, said Cindy Wofford, special agent in charge of the Secret Service's field office in Newark, N.J.
"In addition to shredding documents before discarding them, Wofford recommends not storing any passwords on your computer's hard drive. Hackers know how to retrieve them, she said.
Consumers have become more knowledgeable about Internet scams that try to trick them into divulging account numbers, passwords and other personal information.
Doug Bem, an inspector for the U.S. Postal Service, said residents should not use their home mailboxes for outgoing mail. And by no means should they raise the flag on the box if they do.
"That's as much an indicator to a thief, as it would be to a letter carrier, that there's mail to be had," he said.
To prevent fraudulent rerouting of mail, Bem said, the Postal Service uses a dual verification procedure in which confirmation letters are sent to both the old and new addresses to verify the request is legitimate before any mail is forwarded.
In the Federal Trade Commission's 2003 survey of identity theft victims, 4 percent indicated stolen mail was the source of their problems, he noted.
Peter J. Sampson writes for The Record in Hackensack, N.J.