A few weeks ago we went over an interesting way to pivot from breached data passwords to a target by virtue of the lazy way many people reuse the same passwords for multiple emails. In a very similar manner, we see that people all share similar methods in creating accounts and emails.
When we start with an email, it’s important to not just view this as a singular piece of data. Email addresses speak to us. They tell a story about the target. As the internet has evolved over time, companies have come and gone. Sites have grown and decreased in popularity, and culture never stops its march forward (or in circles–it depends on your point of view).
Let’s look at this fictitious email: firstname.lastname@example.org
What are some things we could do to learn about our target? What are some insights this address gives us?
What are some guesses we could make about this address:
Rustin Cohle is a character on True Detective. Maybe he is a fan.
He could have been born in 1972.
His name might be Rustin Cohle.
At first glance, if you’re familiar with True Detective, this guy seems like a fan. However, there’s more to this story. Hotmail was one of the earlier free email services available as far back as 1996. However, Microsoft bought it, and by 2013 the Hotmail service had been shut down. This means no new accounts could be made after 2013. True Detective came out in 2014–there is a very low chance that the target is a fan and it’s more likely that this is his actual name.
While there are near limitless questions we can ask about email, a few we should always consider are:
How old is the provider? Is the mail provider popular in a specific country? Does the target own the mail server? What can we learn from the name? Does it look absurdly unique (email@example.com)? This likely means it’s a throwaway, or our target wants to stay as anonymous as possible.
Another thing to consider when looking at an email is the fact that many people use the first part of the email as an id or alias in more than one place. Think maybe a twitter handle or very commonly another email platform.
While this all may seem basic, it’s a step I see many people overlook when starting a search for a person on email.
We’ve provided a few new transforms in SocialNet to help with the process of doing this very thing. It’s simple, but can be very powerful in our target acquisition.
Two clicks and we have a set of 20 different email account and alias to start our search with.