It’s still pretty easy for a good social engineer to steal an identity and exploit it swiftly. Identity thieves can collect data from many sources, including trash and recycling bins, discarded mail. IT organizations should never use online resources that are widely available over the Web. Sites that deal with family reunions, genealogy, and sports statistics may seem harmless, but they can become great resources for valuable personal data. IT departments should constantly monitor themselves for vulnerabilities, says author. A vulnerability can often be found in a system that may seem to be relatively unimportant to the enterprise.”]
Source: https://www.darkreading.com/analytics/how-identity-theft-works