eChatter

Who is Tied to This Email Address?

We have had a few requests over the years asking if there is a way to search an email address to see who it is tied to. There are actually numerous ways in which to do this on several different sites. Many of them require payment of some kind. You can try basic searches in Google, Bing and Yahoo first, however if you come up empty there, where do you go?

Interestingly enough, data breaches over the years have become an open source researchers’ best friend. In part this is due to the fact that when there is a large-scale data breach, it is often obligatory for the business to provide a site in which a user can check to see if they are part of the breach.

When searching for an email owner, we may want to know if the email is valid. Does it even exist or is it a made up, dummy email? By using some of the resources in this post, you can at least get confirmation that the email is valid. For example, if you discover the email has been part of a data breach, chances are it is a real email address. We can go one step further to say, with a degree of confidence, that it is most likely tied to other discoverable items in the deep web.

Not all data breach sites allow the user to look up another person’s email address. Most want to verify you are indeed the owner of the email address and genuinely want to know if your email has been compromised. There are a few that are not as strict. Two example sites that offer a quick and easy scan are:

Have I been Pnwed?

A quick search here will tell you if the email address has been part of a data breach or not. While it isn’t going to give you any details, it will give you a number of times it has been included in a breach of some kind.

You can see that a quick scan of this email address indicates it has been a part of 5 breached sites but doesn’t tell you which ones. It does let you know that it is most likely a “real” email address.

Avast Email Check

Another site you can try is Avast. This is one of the newest sites that provides users the opportunities to scan for a “friend’s email address”.

Marianne’s email was linked to MySpace, which leads me to think that she had an account at some point tied to this email address. I would search on the site to see if anything still exists in MySpace.

You may also want to try variations of the email address just in case you find closely configured email addresses. Use Google, Bing to search them to see what you come up with.

Small Business Acquisitions as a Growth Strategy

I remember when 9-11 happened and the tremendous shock that resonated throughout our country. The pain felt for all the lives lost. The fear that an enemy could attack us the way they did. The crash of our economy and the uncertainty of what was ahead. President Bush told America that the stock market was, “on sale” , and it was a great time to invest. At the time, I remember questioning that. However, I now understand it and embrace it.

Fast forward to today and I am feeling a lot of the same feelings. Economically, we must embrace a new normal. Small business owners are now adapting to these changes. I have been watching it across multiple industries and many have surprised me by their creativity. Learning to look at things differently and adapting to change can be very beneficial to the small business owner.

I can’t help but wonder if this is a good time to consider small business buyouts. Would this be a beneficial growth strategy? We hear about this all the time with large corporations, but is it smart at the small business level?

Acquisition of a Small Business

According to McKinsey, “acquisitions as a growth strategy can be used to meet many business goals. A business owner may want to acquire a competitor and consolidate their market. It may also make sense to acquire a new product, which you can then scale. It may be faster and cheaper to acquire a competitor that has better technology, so you don’t have to build the tech yourself. Lastly, you may identify a business that you believe you could grow substantially and turn into a winner. All of these strategies should be on the radar for small business owners who want to grow their companies.”

Identifying a business you believe could grow right now, after we are through this COVID-19 pandemic, may be a smart move for your company.

Do you have a company in mind? Start with a solid plan and investigate. Investigative due diligence refers to the research and analysis of an individual or organization done in preparation for a business transaction. A proper due diligence check list covers corporate filings, finance, operations, management and employee health, just to name a few. This occurs after preliminary discussions have taken place between the parties involved.

Online Background Check

But, sometimes things are not always as they appear to be. Conducting a thorough online background check on a business and key owners/executives may either give you the confidence to move ahead or justify a pause to collect more information.

More and more documents are stored online and are open sourced; you only need to know and understand where to look.

I will be writing more on this subject in the weeks to come because I think it is valuable information right now. We are seeing a rise in this type of online research and if you would like to discuss this further, please feel free to reach out.

Linkedin Loop Holes: How to Use Them in Your Search

Could Linkedin be an OSINT analyst’s secret weapon? Whenever we speak to Private Investigators about OSINT techniques, we always point out that each social media platform can be used like a search engine. Trial and error is the course of action many of us experience when searching for a business or person in social platforms and Linkedin is not an exception. This can be time consuming but if you hit it right, it can reveal a lot about a business or person. Linkedin indexes pages within the platform to Google.

Facts About Linkedin

As of 2017 Linkedin got rid of their advanced search option.
There is a difference of what you will uncover if you have a free version vs. paid subscription.
You can use Boolean Search techniques.

When I conduct manual searches, I like to use whatever string of words I can to highlight, right click and search Google. The same holds trues when you are in LinkedIn. In other words, don’t be limited to the name of an individual or their profession. Another rule of thumb here is to think outside the box. Not everyone puts their title in their description field. In fact, many people will place all kinds of info there, depending on where they are in their career.

This result was found by searching “looking for a new opportunity” in Linkedin. It is a good example of what I am referring to.

Recently, a team member was working on a potential fraud case for a client. The individual was a Pharmacist. He did not list his name as “John Doe”, rather he used his middle name. He listed himself as “Ryan J. Doe” and instead of using “Pharmacist”, he used Pharm. That was a tough one, but when someone doesn’t want to be easily found, they will use all kind of name combinations. When I search for a white collar professional, and I can’t find a Linkedin profile, I figure something is off. That is when further digging can really pay off.

Don’t Forget About Image Search Using Linkedin

Many times the photo that a person uses for their Linkedin profile. they use in other spots on the web as well. Take advantage of that by doing a reverse image search on your POI.

The above example shows my photo being linked to an article in Customerthink.com , where I commented on the article written by someone else. This is also an example of how you can find information in the deep web. A recent blog post, “The Devil is in the Details” explains more about deep web searches.

Online Corporate Protection and Executive Security

Proactive approach to corporate security online.

One thing we know for sure; cyber criminals attack corporate executives. The bigger the company, the higher the stakes. Mid-size companies may also be a target because those executives are time poor & money rich. It is exactly that space that I believe Investigators have their biggest opportunity to grow their business by offering this protection. You may have even had opportunity to conduct this research for a client or two in your own experience. But doing an OSINT sweep once a year may not be enough. I would suggest an ongoing program and will walk you through how to pitch this to your business clients.

Understanding the Treat

Price Waterhouse Cooper (PWC) ‘s recent report, “23rd Annual Global CEO Survey,” reveals that around 80% of CEOs have changed their online behavior due to potential risks. Corporate Espionage is alive and well and needs to be taken seriously as more and more employees overshare in social media. This allows for competitors to gain excellent insight into a vast array of information that would not otherwise be easily obtained. Banning employees from using social media at work has proven to be a nightmare and monitoring their social media internally has major privacy concerns. However, when approached correctly this type of monitoring is very valuable to any business regardless of their size.

The Challenge of Balance

What makes this tricky, is that the company still has the responsibility to keep their employees safe, protect assets and data, mitigate risk for threats of fraud and monitoring reputation. High level executives travel to areas of the world that do not share the same security measures we do in the United States. All of this coupled with cyber security risks and you have a recipe for a potential disaster. In the photo below through the software we use, a Global Awareness search allows us to see natural disasters (i.e. earthquakes, fires, hurricanes,) as well as public security incidents’ in real time. A company’s HR team may wish to set a global awareness query around the area of travel and within the appropriate time frame. Real time alerts are set in place for immediate notification of potential risk.

In a nutshell, there are proactive steps that can be put in motion to ensure the safety of everyone.

COVID-19 Fraud: South Miami

Emerging scams due to the COVID-19 Pandemic.

The scams have begun around COVID-19 and it appears to be just starting. When people are hit with diversity, sadly we begin to see the good, the bad, and the ugly. In fact, Americans have lost over 12 million dollars to Coronavirus scams already. The concentration in South Miami has been because of numerous complaints. This alerted the US Attorney’s Office to launch a task force in connection with local authorities to combat this growing problem.

Education is the best defense and law enforcement is doing just that with a series of community alerts, media reports and social media posts. Alerting the public to the risks early in an attempt to counteract the schemes.

In one of our latest blog posts, Crime Never Sleeps COVID-19 Online Schemes & Insurance Fraud, we alerted our Private Investigators to what we were seeing as emerging trends in the insurance industry. Below, is a set of scams targeting individuals.

Here are some examples of COVID-19 scams, reported by Sabrina Lolo, of West Palm Beach News:

Unlawful Hoarding and Price-Gouging: The Department of Health and Human Services (HHS) has designated certain health and medical resources necessary to respond to the COVID-19 pandemic as “scarce,” including respirator masks, ventilators, and other medical protective equipment. These designated materials are subject to the hoarding prevention measures that trigger both criminal and civil remedies.
Testing Scams: Scammers are selling fake at-home test kits or going door-to-door performing fake tests for money.
Treatment Scams: Scammers are offering to sell fake cures, vaccines, and advice on unproven treatments for COVID-19.
Supply Scams: Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies.
Provider Scams: Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment.
Charity Scams: Scammers are soliciting donations for individuals, groups, and areas affected by COVID-19.
Phishing Scams and Cyber Intrusions: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into clicking on a link or opening an attachment that downloads malware that steals the user’s credentials, such as usernames, credit card numbers, passwords, and other sensitive information usually stored in internet browsers.
App Scams: Scammers are also creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.
Investment Scams: Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure COVID-19, and that the stock of these companies will dramatically increase in value as a result.
Stimulus Check Scams: Scammers are contacting people over email and are telling them that their check, as part of the stimulus package responding to COVID-19, is already waiting for them and that all they need to do is to provide personal information, such as bank account numbers and Social Security Numbers, which are the key pieces of information needed to perpetrate identity theft.
Other scams include fraudsters claiming to work for the government or banks/credit cards and offering assistance for student loan relief, foreclosure or eviction relief, unemployment assistance, debt relief, and direct financial assistance, like government checks.

Anyone who believes they were a target or victim of fraud, or knows about any hoarding or price-gouging of critical medical supplies, is asked to report it to the National Center for Disaster Fraud Hotline at 1-866-720-5721 or disaster@leo.gov.