Identity theft can affect all aspects of a victim's daily life and often occurs far from its victims. The attackers use both traditional, that is human-based, methods as well as computer-based techniques.

1. Human-based methods: These methods are techniques used by an attacker without and/or minimal use of technology

• Direct access to information: People who have earned a certain degree of trust (house cleaners, babysitters, nurses, friends or roommates) can obtain legitimate access to a business or to a residence to steal the required personal information.
• Dumpster diving
• Theft of a purse or wallet: Wallet often contains bank credit cards, debit cards, driving license, medical insurance identity card and what not. Pickpockets work on the street as well as in public, transport and exercise rooms to steal the wallets and in turn sell the personal information.
• Mail theft and rerouting: It is easy to steal the postal mails from mailboxes, which has poor security mechanism and all the documents available to the fraudster are free of charge.
• Shoulder surfing: People who loiter around in the public facilities such as in the cybercafes, near ATMs and telephone booths can keep an eye to grab the personal details.
• False or disguised ATMs ("skimming"): Just as it is possible to imitate a bank ATM, it is also possible to install miniaturized equipment on a valid ATM. This equipment (a copier) captures the card information, using which, duplicate card can be made and personal identification number (PIN) can be obtained by stealing the camera films.
• Dishonest or mistreated employees: An employee or partner with access to the personal files, salary information, insurance files or bank information can gather all sorts of confidential information and can use it to provide sufficient damage.

2. Computer-based technique: These techniques are attempts made by the attacker to exploit the vulnerabilities within existing processes and/or systems.

• Backup theft: This is the most common method. In addition to stealing equipment from private buildings, attackers also strike public facilities such as transport areas, hotels and recreation centers. They carefully analyze stolen equipment or backups to recover the data.
• Hacking, unauthorized access to systems and database theft: Besides stealing the equipment and/or hardware, criminals attempt to compromise information systems with various tools, techniques and methods, to gain unauthorized access, to download the required information.
• Phishing
• Pharming
• Redirectors: These are malicious programs that redirect users' network traffic to locations they did not intend to visit.