They may acquire this information by:
- Stealing mail or rummaging through rubbish containing personal information (e.g.
- Retrieving information from abandoned equipment, like computer servers that have
been disposed of carelessly (e.g. at public dump sites or given away without proper
- Researching about the victim in government registers, internet search engines, or
public records search services.
- Stealing payment or identification cards, either by pick pocketing or secretly obtaining
information electronically from a compromised card reader (e.g. skimming.)
- Remotely reading information from an RFID chip on a smart card, RFID-enabled credit
card, or passport.
- Eavesdropping on public transactions to obtain personal data (e.g. shoulder surfing.)
- Stealing personal information in computer databases (e.g. trojan horses, hacking)
- Sometimes databases are leaked to the public due to improper handling or malicious
actions and may include identity information. (e.g. a company breach)
- Advertising bogus offers to which the victims will reply with their full name, address,
resume, telephone numbers, or banking details (e.g. phishing.)
- Obtaining castings of fingers for falsifying fingerprint identification.
- Browsing social network sites (e.g. MySpace, Facebook, etc.) online for personal
details that have been posted by users.
- Changing your address with the USPS or in the directory of other companies thereby
diverting billing statements or other information to another location to either
get current legitimate account info or to delay discovery of fraudulent accounts.