Insurance Archives

Stolen Images & Identities in Social Media & Online

There should be a new reality TV show called, “People Post the Darndest Things.” I think most people would be shocked to see what Social Media Investigators see on a daily basis. It has helped thousands of fake workman’s comp cases because people will post things like jumping off a diving board after filing a claim for an injured back. Remember the guy who “faked” falling in the office cafeteria and it was caught on video?

Images online are a Social Media Investigator’s best friend because once identified as the correct person of interest, it can lead you to much more information and data online. Recently, one such image was discovered by one of our OSINT specialists. While searching online, she discovered the following picture. Something about the image just didn’t look right. This was true given the fact that she had other photos to compare it with.

Using one of our software platforms we were able to search the web for this exact image. We didn’t find one exactly like this, however we did find one that we realized was the original.

Fake Image — Photoshopped image using mirroring feature.

By conducting a reverse image search we found the original image online. This is the image of actress Aubrey Plaza.

Many celebrities deal with this every day and it is a contributing factor in fake news online and in social media.

In Digital Trends‘ article, “Can you spot a Photoshopped picture? Here are 9 ways to identify a fake photo“, Author Hillary K. Grigonis, shares how to become better at spotting a fake.

Three Tips We Love:

Look for bad edges: Cropping around the edges of an object is tough to do. Zoom in on the photo in question and look at the edges of the objects. Overly sharp edges or jagged edges are a telltale sign that the object was simply pasted in over the original photo.

Be wary of poor quality: A low-resolution image file can help hide the signs of a faked photo. It’s difficult to see if the edges of the flag in that Seahawks photo blend because the entire image is pixelated, a good warning sign that something’s not quite right. With the widespread availability of high-speed internet today, it’s rare that an image would be uploaded at such a low resolution.

Look at the metadata: Digital cameras embed “invisible” data inside the image file. While you can’t see the information in the image, accessing it is easy using a photo editor or even free online software.

Are your photos safe online?

For the most part, yes. However, there is a new undercurrent trend online that is growing with social media image sharing platforms like Instagram. Conducting a Google Reverse Image is one way to check to be sure photos are not being used without your approval.

But That’s Not Our Guy – Why Social Media & Online Research Can Be Frustrating

DIY platforms and other data gathering programs are great, but before you consider them to be inaccurate or not helpful, keep in mind that they are only as good as the person using them for research.

For many professions, including private investigators, law firms, and insurance companies, social media and online research on individuals has opened a new venue for assisting with investigations into court cases, insurance fraud, and other situations.

While it can be done, it can also be time consuming and frustrating. The more common the name, and the less information that is being used to search for a person’s online activity, the longer it can take. One roadblock is information that does not actually belong to the person you’re looking at – their information is getting mixed up with someone else with the same name.

In talking with folks in the industry, this is a pain point that not only makes it more difficult to search for people online, but it also gives the impression that the quality of such searches is not great. This can make investigators leery and question the benefit of conducting such research.

It’s important to remember a few key points when considering options for conducting social and online research:

1. Software is good, but will never be perfect. Whether it’s a DIY online search platform or TLO/Tracers/IDI report, there is a chance that information will be provided that does not in fact belong to the individual you’re interested in, whether it’s a phone number, email address, or social site. The opportunity for false positives is there no matter what platform is being used.

It’s important to utilize multiple software platforms – what one will pick up, another will miss, and what one provides as a “false positive” another will not pick up at all. Each platform works off its own algorithm, or process for producing search results based on what information is provided about an individual.

If an investigator is using such programs to conduct a search, they can be very valuable. However, it is important to keep in mind that not all information provided will be accurate; these are meant to be used as a starting point in an online investigation – manual research & identification will be needed to confirm whether a piece of information really belongs to the person you’re looking at. Typically, if it’s not readily clear from the initial search, a good rule of thumb is to find three pieces of confirmation to ensure it’s the person’s social account or site.

Here’s an example: if you find a Facebook page that you think belongs to the individual, but perhaps it’s not really clear just from looking at the user name or “About” section, take a look at their friends list, places they’ve checked in, “About section” to see if birthdays or employers are listed, etc. If you can identify the location of the individual whose Facebook page you’re looking at, or maybe confirm that some of their Facebook friends are relatives that correspond with findings from a TLO report, then you can be more certain that it’s the right account.

2. What may seem to be inaccurate information can actually be a key to what you’re looking for. Sometimes people will see social reports and say something like, “That phone number for Joe is so old and hasn’t been used in years. This report isn’t accurate at all. I want his current phone number.” Valid point, but here’s something to keep in mind: Joe may have accounts, comments, or forum membership tied to these old numbers. While he’s not currently using the phone number, the accounts still live online and are easier to tie to Joe. Sometimes these old accounts are long forgotten, which means they’re not being scrubbed if they are involved in a situation where a lawyer tells them to “clean up their online presence.” This means that there could be valuable information to find based on what seems to be inaccurate information.

3. DIY programs are great, but they are called DIY for a reason. There are many companies who will allow you to purchase a subscription to an online search product to find content posted by or about an individual. As this type of research has evolved, the services have greatly improved. There is definitely a place for do it yourself search programs – but you have to do it yourself. No matter what the company claims, it will not be as simple as entering some information about an individual and being presented with all of the person’s online activity without any false positives or inaccurate information. It’s going to take you (the “yourself” part in DIY) to validate, investigate, and determine the validity of the results. Before deeming a DIY program as not useful, remember its actual purpose and that it is not meant as a be all end all service. And, if the company is promising that it is, you may want to reconsider using it.

4. There is no magic bullet – online research takes a lot of time. There’s no way around it. While we all wish a software platform would be created to give us instant and completely accurate results, this will likely never happen. Why? Things are changing all the time, whether it’s social media privacy laws, Google algorithm updates, or any number of things that can change in an instant. This is where online and social media research gets tricky and frustrating, leaving people to give up easily. Software can not be relied on as a standalone product – manual research is needed to confirm the validity of the information provided, and then take that information as a starting point and fleshing out what can be found through manual searching. When multiple platforms and other similar products are used simultaneously, the time spent can be greatly reduced. This is why it can be useful to turn to a full-service social media and online research service – they often have efficiencies in place to search quicker and provide more accurate results, which saves a lot of time for those needing to conduct investigations.

DIY platforms and other data gathering programs are great, but before you consider them to be inaccurate or not helpful, keep in mind that they are only as good as the person using them for research. Take them for what they are and realize that they will not be the magic bullet to quickly investigate an individual’s online activity.

The Government Turns to Social Media for Social Security Fraud

Playing outside with your grandchildren, casting a fishing line or running a marathon can seem like harmless, healthy fun. But physical activity could lead to denial of Social Security disability benefits if your activity shows up on Facebook or Instagram. Is it fair for the government to go through your social media? On the other hand, is it fair for you to apply for benefits if you can do these activities?

These are all questions the Social Security Administration is weighing, as Acting Social Security Commissioner Nancy A. Berryhill has told Congress in written explanations over the last week. Facebook and other social media feeds are already being reviewed if agency investigators suspect someone is fraudulently collecting benefits and they are looking for corroboration, the agency said in the documents it gave to lawmakers. But now the agency is “evaluating how social media could be used by disability adjudicators in assessing the consistency and supportability of evidence in a claimant’s case file,” Berryhill said in the submission to Congress.

The idea has drawn praise as well as criticism — praise because more attention to people’s social media could cut down on fraud, some say. Fraud and abuse do exist in the program, and it should be weeded out to protect taxpayers and legitimate claimants.

The Pros

Mark Hinkle, acting press officer for the SSA, notes that the agency uses data analytics and predictive modeling to detect fraud, and has created new groups dedicated to detection and prevention. Asked to comment on plans for expanded use of social media to detect fraud, he confirmed that SSA investigative units already use social media, and that the agency has “studied strategies of other agencies and private entities to determine how social media might be used to evaluate disability applications.”

The Social Security Administration said that in December, 8.5 million people of all ages received a total of $10.5 billion in disability benefits, with an average monthly sum of $1,234. It said 68 percent of the private-sector workforce has no long-term disability insurance.

The risk of disability rises with age, and people are twice as likely to collect disability benefits at age 50 as at age 40 — and twice as likely at age 60 compared to age 50, according to the Center on Budget and Policy Priorities, a liberal Washington think tank.

“Social media can provide valuable evidence to support or deny individuals’ disability claims,” Rachel Greszler, a research fellow at the Heritage Foundation, a conservative Washington think tank, wrote last year. “For example, a disability claimant may say that she is unable to leave her home, while her social media pictures show her out and about regularly.”

In one case, a 57-year-old Louisiana man pleaded guilty last month to theft of government funds. He had received $2,177 a month in benefits — a total of $242,000 — while employed by companies that did demolition work and job site cleaning. He also operated heavy construction equipment. He told federal investigators that the companies had been registered in the names of family members, rather than his own name, “so y’all wouldn’t find out about it,” according to court records.

In its latest financial report, Social Security estimated that it made $3.4 billion in overpayments to disability insurance beneficiaries in 2017, in part because of their failure to report work activities. The program has been “riddled with problems, including fraud and abuse,” said Greszler. When people who can work collect benefits, she said, “it drains the system for those who truly cannot work and support themselves.”

The Cons

Advocates for people with disabilities say the use of social media in this way would be dangerous because photos posted there do not always provide reliable evidence of a person’s current condition. Someone may not want to upload a picture or video that shares how he or she deals with a disability on a daily basis.

Social media reviews could also delay the time it takes for applicants who are already out of work to be approved. “This proposal starts with the discriminatory assumption that people with disabilities do nothing socially in the community, or have lives, so that anything the person does on social media can be classified as some form of fraud,” said Eric Buehlmann, deputy executive director of public policy at the National Disability Rights Network, a nonprofit membership advocacy group. He told AARP that methods to detect fraud already exist. If the Social Security Administration “is interested in rooting out fraud,” Beuhlmann said, “spying on people’s social media accounts is not the way to do it.”

“It may be difficult to tell when a photograph was taken,” said Lisa D. Ekman, a lawyer who is the chairwoman of the Consortium for Citizens with Disabilities, a coalition of advocacy groups. “Just because someone posted a photograph of them golfing or going fishing in February of 2019 does not mean that the activity occurred in 2019.”

Program statistics do not support the allegation that SSDI is riddled with fraud and abuse. In the government’s fiscal-year 2018, the SSA’s Office of the Inspector General (OIG) reported about $98 million in recoveries, fines, settlements/judgments, and restitution as a result of Social Security fraud investigations. The OIG states that most the recovered funds were from recipients of SSDI and Supplemental Security Income (SSI), a means-tested welfare program for low-income seniors, blind and disabled people.

That sounds like big money. But in fiscal 2018, the SSA paid out $197 billion to beneficiaries of SSDI and SSI. And keep in mind that the recovered $98 million was for benefits paid out over several years, not just in 2018. SSA data shows that the rate of overpayments for all its programs was well under 1% of benefit payouts in each of the last three fiscal years – and not all improper payments are fraud.

More often, overpayments occur due to administrative delays at the SSA in making adjustments to benefit amounts due to errors and paperwork snafus. A federal government list of programs at highest risk for making improper payments compiled by the Office of Management and Budget does not even mention Social Security.

Greszler has readily acknowledged that fraud rates are low. “Outright fraud is actually a pretty small component of the program’s problems,” she said. “Most people perceive fraud as a big issue but what they might consider fraud – people receiving benefits when they have the ability to work – is often just abuse of the system by taking advantage of certain rules and structures that allow people who can perform some work to nevertheless receive benefits.”

What constitutes abuse of the rules? An example, she said, would be claiming SSDI and receiving unemployment benefits at the same time, or claiming based on the argument that a disability prevents a worker from performing certain types of jobs, Greszler and other SSDI critics often point to the rise of SSDI applications and award grants coincident with the rise of unemployment during the Great Recession as evidence of abuse.

Open Source Network Tools for Investigations

What is Open Source Intelligence (OSINT)?

Open Source Intelligence (OSINT) is defined as data and information that is collected legally from open and publicly available resources. Obtaining the information doesn’t require any type of secretive method and is retrieved in a manner that is legal and meets copyright requirements.

The Internet has all the information readily available for anyone to access. Collection of information using these tools are referred to as open source intelligence. Information can be in various forms like audio, video, image, text, file etc. A few of the data categories available on the internet include:

Social media websites like Twitter, Facebook, Instagram, etc.
Public facing web servers: Websites that hold information about various users and organizations.
Mass media (e.g. newspapers, TV, radio, magazines and websites)
Code repositories: Software and code repositories like Codechef, Github hold a lot of information but we only see what we are searching for.
Public records databases
Government reports, documents and websites
Maps and commercial imagery
Photos and videos
The dark web

Who Engages in Open Source Intelligence gathering and analysis?

Anyone who knows how to use the tools and techniques to access the information is said to have used the process. However, the majority is used formally by the United States intelligence community, the military, law enforcement, IT security professionals, private businesses and private investigators.

Gathering the information manually can eat up a lot of time, but now there are tools that can help collect the data from hundreds of sites in minutes, easing this phase. Let’s say, for example, you want to identify whether a username is present and if so, on which/all social media websites. One way is to log in to all the social media websites (and there are more than you know!) and test the username. Another way is to use an open source tool that is connected to various websites and check the usernames presence on all the websites at once. This is done just in seconds using OSINT.

List of Open Source Intelligence Tools

The tools and techniques used in Open Source Intelligence searching go much further than a simple Google search. Following is a list of helpful, time-saving open source intelligence tools. Note: most are free, although some have advanced features available for a fee.

Email Breach Lookup – Have I Been Pawned

This site allows you to find out if a particular email address was affected by one of the many data breaches that have occurred over the years

Fact Checking Websites – Hoaxy, Media Bugs, PolitiFact, SciCheck, Snopes, Verification Junkie

Hacking and Threat Assessment – Norse

OSINT Image Search – Current Location, Image Identification Project, TinEye

Public Records (Property) – Melissa Data Property Viewer, Emporis Building Search

Sites like Zillow, Trulia, Realtor.com, etc. are always useful and should be a part of your investigative toolbox. But the two mentioned above provide various twists on property records searching and are definitely worth checking out.

OSINT Search Engines – Google Correlate, Google Search Operator Guide, Million Short, Shodan, TalkWalkerAlerts

OSINT Social Media Search Tools – Facebook Search Tools, TweetBeaver

OSINT Tool Websites – IntelTechniques

Software – Hunchly, Maltego, SearchCode

Surveillance Cameras – Earth Cam, Insecam

Username Check – CheckUserNames, Knowem.com, Namech_k

Virus Scanner – VirusTotal

Website Analysis – BuiltWith.com

The main benefit of OSINT is how the technology can help us in our day to day tasks. With all that information freely available multiple actors can accomplish various tasks. A security professional can use the information for data protection, security testing, incident handling, threat detection, etc. A threat actor, on the other hand, can gain information to perform phishing attacks, targeted information gathering, DDOS attacks and much more. The key is to select the right tools and techniques. Since this is all free, users can make their decision regarding how best to access the information they need.

The Dark Web: What’s New?

Even if you haven’t heard of the term “dark web”, you can probably discern that it’s not a great place to be.

This anonymous, virtually untraceable area of the internet makes it ripe for illegal activity.

When you surf the internet, you’re just scratching the surface. “Only about 5% of the internet is actually indexed by search engines like Google, Yahoo and Bing,”said Justin Yapp, a PhD student studying cyber security. The other 95% is the “deep web,” with most of the internet unreachable for search engines.

The dark web is an even smaller and more hidden chunk and requires special software — like Tor, which stands for “the onion router.” The name comes from the layers of encryption, which are like the layers of an onion. The information bounces from computer to computer around the world, peeling off encrypted layers until it reaches its destination. It’s anonymous and virtually untraceable — even for law enforcement. “There’s a lot of illegal activity that goes on,” Yapp said. The dark web is notorious for drugs, weapons, child porn and for selling stolen personal information.

Here’s what you should know about dark web websites:

There is bad stuff, and crackdowns means it’s harder to trust

Many dark web marketplaces for drugs and hacking services featured corporate-level customer service and customer reviews, making navigating simpler and safer for newbies. But now that law enforcement has begun to crack down, the experience is more dangerous. “The whole idea of this dark net marketplace, where people are able to review drugs that they’re buying from vendors and get up on a forum and say, ‘Yes, this is real’ or ‘No, this actually hurt me’—that’s been curtailed now that dark marketplaces have been taken offline,” says Radware’s Smith. There are still sites where drugs are reviewed, says Smith, but they have to be taken with a huge grain of salt.

Also, many dark web drug manufacturers will also purchase pill presses and dyes, and create dangerous look-a-like drugs. “One of the more recent scares that I could cite would be Red Devil Xanax,” he said. “These were sold as some super Xanax bars, when in reality, they were nothing but horrible drugs designed to hurt you.”

Smith says that some traditional drug cartels make use of the dark web networks for distribution, “it takes away the middleman and allows the cartels to send from their own warehouses and distribute it if they want to. You know how there are lots of local IPA microbreweries?” he says. “We also have a lot of local micro-laboratories. In every city, there’s probably at least one kid that’s gotten smart and knows how to order drugs on the dark net, and make a small amount of drugs to sell to his local network.”

Not everything is for sale on the dark web

We’ve spent a lot of time talking about drugs here for a reason. Smith calls narcotics “the physical cornerstone” of the dark web; “cybercrime—selling exploits and vulnerabilities, web application attacks—that’s the digital cornerstone. Basically, I’d say a majority of the dark net is actually just drugs and kids talking about little crimes on forums.”

Some of the scarier sounding stuff you hear about being for sale is often just rumors. Firearms, for instance: as Smith puts it, “it would be easier for a criminal to purchase a gun in real life versus the internet. Going to the dark net is adding an extra step that isn’t necessary in the process. When you’re dealing with real criminals, they’re going to know someone that’s selling a gun.”

Some sites seem perfectly innocent

Matt Wilson, chief information security advisor at BTB Security, says “there is a tame/lame side to the dark web that would probably surprise most people. You can exchange some cooking recipes—with video!—send email, or read a book. People use the dark web for these benign things for a variety of reasons: a sense of community, avoiding surveillance or tracking of internet habits, or just to do something in a different way.”

Of course, not everything is so innocent, or else it wouldn’t be found on the dark web. Still, “you can’t just fire up your Tor browser and request 10,000 credit card records, or passwords to your neighbor’s webcam,” says Mukul Kumar, CISO and VP ofCyber Practice at Cavirin. “Most of the verified ‘sensitive’ data is only available to those that have been vetted or invited to certain groups.”

“There are alot of countries that block social media,” Yapp said. Even journalists working to spread content in countries where information is restricted, like China, use the dark web. “I would not recommend anybody go and try it unless they know what they’re doing,” Yapp said.

About Us:

We have been mining social media since 2007 for our clients. By utilizing best in class software programs, we offer a service called eChatter.

eChatter works with you to obtain your objectives in a fast, accurate and reliable facet. By keeping our strengthened principals, yet evolving with this industry, we lead in social media monitoring. Since 2007, we have been dedicated to providing our customers with the most authentic data.

We offer: Social Media Investigations
www.e-chatter.net