WALNUT CREEK, Calif. - When Gina Titus became a victim of identity theft after her wallet was stolen, she expected to have her credit cards used for some unauthorized purchases. What Titus didn't expect was to get hit with a maternity bill.

"They used the checking account and credit cards before I could cancel them," said Titus, a 28-year-old public relations account executive from San Francisco. "Then several months later I get a letter from a collection agency and found they had opened a checking account in my name. I had a Discover card I never opened. The extent of what they were able to do was astounding."

The biggest surprise came when Titus started getting maternity bills for the baby born to a woman who was using her identity.

"I'm blond. She has brown, curly hair. She had checked into the hospital with my insurance card. It just seemed like things kept coming. I'm definitely more vigilant now," said Titus, who eventually was able to reclaim her financial life after spending hours on the phone with creditors.

The physical manner in which Titus had her identity stolen nine years ago - her wallet was stolen from a car that was broken into - did not involve the sophisticated techniques used by identity thieves who turn to cyberspace.

And although identity theft can involve the Internet and computers, more often than not it involves physical methods such as a stolen or lost wallet, a burglarized mailbox or someone you know ripping you off.

Many people worry that using a credit card for an online purchase can lead to identity theft. But it's a stolen or lost wallet that provides a far more likely scenario for that happening, according to a survey released earlier this year by Javelin Strategy & Research Inc., a Pleasanton, Calif., consulting firm for the financial-services and payments industries.

Among other things, the 2008 survey looked at how identity theft is accomplished. Of the one out of three identity-theft victims who knows how the information was taken, more than three-fourths said it involved a physical method such as a stolen wallet, a phone or mail-order sale, stolen mail, or a theft by someone they knew, compared with 14 percent who reported that it involved online access.

"We are not saying [online access and data breaches] are not significant factors," said James Van Dyke, Javelin's president and founder. "But the point is that it has really been overblown. I think it is to the detriment of consumers to focus exclusively on these electronic methods of communication."

That is why consumers need to take steps to prevent identity theft, whether by not mailing paper checks or by making sure your computer's antivirus software is current, he said. Consumers must monitor financial-account activity to determine whether they have become a victim of identity theft.

The annual survey continues a five-year trend that shows identity theft dropping in the United States as more online security procedures are put in place and consumers take more preventive measures. Last year, there were an estimated 8.1 million identity-theft cases, or 3.58 percent of adults, resulting in $45 billion in fraud, compared with 8.4 million cases, or 3.84 percent of adults, resulting in $51 billion in fraud the previous year. But it is not all good news for consumers. Fewer people who were victims of identity theft could say how their information was stolen: 35 percent in the 2008 survey compared with 42 percent in 2007.

It's not known why fewer people know how the crime happened, Van Dyke said.

"We could speculate, but we just can't know for certain," he said. "Certainly, we are getting increases in reports of data breaches, but there are still a lot of data breaches that never get reported."

The low-tech means through which Titus became a victim of identity theft has a much lower profile than the high-tech online methods such as phishing, or a computer data breach. Phishing is when identity thieves trick consumers into revealing financial information by sending a fake e-mail reporting that there is a problem with a financial account.

"If you've got your credit card in your wallet and suddenly unauthorized charges appear on your credit card account, you have no idea how it happened," said Claudia Bourne Farrell, a spokeswoman for the Federal Trade Commission. "Most people don't know how someone gets their information."

On a statewide basis, California had the highest number of identity-theft complaints - 43,892 - filed last year. It also had the country's second-highest rate of per-capita identity theft, with 120 complaints filed per 100,000 people.

Arizona, with 137 complaints per 100,000 people topped the statewide list.

A California region better known for its vineyards, Napa County, had the country's highest level of identity-theft complaints among the country's 50 largest metro areas.

"Why Napa? We're Wine Country. This is not supposed to happen," said Andy Lewis, commander of the Napa Police Department's investigations division.

It is hard to say why the region was ranked at the top nationwide for identity-theft complaints made last year, he said. Lewis pointed out that some of the other metro areas with high rates had significant populations of undocumented workers. To obtain work, employees typically have to provide a Social Security number.

"This is what I'm hearing from other areas that have undocumented workers. It would be a little bit premature to say that about Napa," he said.

How to Prevent Identity Theft

The following can help you lower your risk of becoming a victim.

Protect your Social Security number and don't carry the card in your wallet. If your health plan (other than Medicare) uses your Social Security number, ask the company for a different number.

Scam artists "phish" for victims by pretending to be banks, stores or government agencies. Don't give out your personal information - unless you made the contact. Don't respond to a request to verify your account number or password. Legitimate companies do not request this kind of information in this way.

Shred or tear up papers with personal information before you throw them away. Shred credit card offers and "convenience checks" that you don't use.

Protect your personal information on your home computer. Use strong passwords, with at least eight characters, including a combination of letters, numbers and symbols - easy for you to remember, but difficult for others to guess.

Use firewall, virus and spyware protection software that you update regularly. Steer clear of spyware. Download free software only from sites you know and trust.

Don't install software without knowing what it is. Set browser security to at least "medium." Don't click on links in pop-up windows or in spam e-mail.

SOURCE: California Office of Privacy Protection.

Quiz yourself on identity safety and find more information at