Have you personally experienced identity theft?

Learn how you can protect yourself from Identity Theft

By PETER J. SAMPSON
STAFF WRITER

A first-ever review of Secret Service files has found that only half of the cases of identity theft involved technological devices, such as computers, scanners and digital cameras, and only 10 percent were done exclusively through the Internet.

In a fifth of the other cases, thieves stole personal data the old-fashioned way.

Low-tech tactics included rerouting mail by sending change of address requests to institutions handling credit card and bank accounts, swiping items right from residents' mailboxes, and "Dumpster diving" -- going through trash for information used to produce counterfeit documents and to open credit accounts.

Researchers from Utica College's Center for Identity Management and Information Protection in New York analyzed 517 closed Secret Service cases of ID theft from 2000 to 2006. It was the first study of such files from the federal agency, which is responsible for investigating identity theft and fraud.

Among their findings:

• A fifth of the time, identity thieves stole personal data at their workplace. Of them, 60 percent were employed in the retail industry -- stores, car dealerships, gas stations, casinos, restaurants, hotels, hospitals and doctors' offices. Another 22 percent worked for financial services, such as banks and credit card companies, and 9 percent were in government.

• People were victimized by a family member or friend 16 percent of the time.

• Personal information was stolen from someone's home, car, wallet or pocketbook 12 percent of the time.

• Most of the thefts occurred in the Northeast and the South.

• The median loss was just over $31,000, although in one case a thief spent millions on luxury vehicles and established shell companies to defraud more victims.

The study follows a recent Consumer Reports poll that found Americans overwhelmingly believe they are more vulnerable to identity theft when a business has their Social Security number. Most respondents said they want companies to stop using the numbers to identify customers.

A Social Security number, coupled with your date of birth and address, is the Holy Grail for identity thieves. You should never give out personal information over the telephone or Internet unless you know whom you're dealing with.

In addition to shredding documents before discarding them, the Secret Service recommends not storing any passwords on your computer's hard drive. Hackers know how to retrieve them, she said.

Consumers have become more savvy to Internet scams meant to trick them into divulging account numbers, passwords and other personal information. They know all about the Nigerian advance-fee scheme.

They may have become less vigilant about other tactics, authorities say.

"What we get a lot are people who work in offices, maybe a doctor's office, or your credit card is getting swiped at the gas station," said Assistant Bergen County Prosecutor Brian Lynch. "[Someone at] that doctor's office picks off your Social Security number and the next thing you know you've become the victim of a terrible identity theft," Lynch said.

Lynch urged people not to give their Social Security numbers when filling out any type of medical forms or applications.

"Just decline," he said. "They don't really need [it]."

Postal Inspector Douglas Bem said residents shouldn't use their home mailboxes for outgoing mail. And by no means, should they raise the flag on the box if they do.

"That's as much an indicator to a thief, as it would be to a letter carrier, that there's mail to be had," he said.

Anyone concerned about incoming mail should try to retrieve it as soon as it's delivered, and make sure to place a hold on it when they're away so it doesn't accumulate, Bem said.

Bem said there were few instances in which identity thieves rerouted mail by submitting a change of address card to the postal service. In the overwhelming majority of cases, he said, "the change of address was actually done directly with the bank or financial institution" that held the victim's personal information.

To prevent fraudulent rerouting of mail, Bem said, the postal service uses a dual verification procedure in which confirmation letters are sent to both the old and new addresses to verify the request is legitimate before any mail is forwarded.

In the FTC's 2003 survey of identity theft victims, 4 percent cited stolen mail as the source of their problems, he noted.

Although manufacturers offer a variety of lockable boxes to secure your mail, the postal service doesn't endorse any, Bem said.

Mail is more likely to be stolen at points along the distribution chain, he added.

"Many times we see mail that is stolen by organized groups who may have infiltrated airlines or private delivery companies or private mail rooms," Bem said. "It even occurs when couriers hired by the banks and financial institutions are picking up mail from post offices.

"It's not all residential mailboxes -- not by any stretch."

With the holiday season approaching, consumers need to be more watchful than ever, said J.R. Reagan, managing director of security and identity management for BearingPoint Inc., a McLean, Va.-based consultant.

"Certainly consumers are much more at risk now for having their information compromised than in the past, either by electronic, online or the low-tech means," said Reagan. "Just as in the real world, when you walk out of your house and you have to be watchful, careful and cognizant of your surroundings, that doesn't differ when it comes to your personal information. "It can become ruinous if it's in the wrong hands."