Help! I Have An Email, What Can I Do?



Help! I Have An Email, What Can I Do?


Emails can be a rich source of publicly available information and exploiting them can generate potential leads to follow.  Today we are going to briefly talk about five things we can do when we have an email that we need to look into. 


  1. Email Reputation Score


What is an email reputation score? I like to think of it as a credit score for an email.  If it has a high reputation score, this usually means that the email has existed for a while and has been used to create accounts or register for services online.  If it has a low reputation score there is a good chance that it is used for scams, spam, or is a throwaway account. 


When checking an email reputation score a good site to use is emailrep.io. Emailrep.io will also inform you of some of the sites where the email was used. This is useful for identifying site and services to start your searches on.


  1. Reverse Whois Search


Seeing if an email has been used to register a website is always something I like to do when I have an email.  Not only can this potentially lead to a website of interest that I can go and exploit, but it can also lead to additional identifying information like a name, address, and phone number. 


There are several sites that will run this search for you, but I usually use viewdns.info.



  1. Has it been Seen in Data Breaches?


Data breaches seem to be more and more common in today’s world.  Facebook, T-Mobile, the United States Government, and various other companies have had information about their employees and users stolen and posted online.  This data can include things like SSNs, phone numbers, emails, names, and much more

When I want to see if an email has appeared in a data breach I like to use haveibeenpwned.com. This is another great way to identify additional places to start researching and attempting to find their profiles.


  1. Epieos Tools


Epieos.com is a great place to search emails, especially if you have a Gmail. Like many of the services already talked about in this post, it will inform you of sites an email has been used to register accounts. However, if you have a Gmail, it will provide you with their profile picture (don’t forget to run a reverse image search on it!) and links to see if they have posted photos and reviews to Google Maps.


  1. Google


This wouldn’t be an OSINT tutorial with at least mentioning Google and search engines. Researching an email on Google is always something you should include in your workflow. There are many different ways to run your research, and I will just give you a couple here.


 Run your email in quotation marks, especially if the email includes periods or hyphens. I also like to run an intext search as well. Additionally do not forget to take the first part of the email and run that as a username search!


Hopefully, you learned something useful here today, and do not forget to reach out to us if you want more in-depth OSINT training!



Comments

Post a Comment

Popular posts from this blog

A Quick Guide to Bypass the LinkedIN Login

Image
A Quick Guide to Bypass the LinkedIn login LinkedIn is a treasure trove of valuable information. Employment history, education, coworkers, skills, and resumes are all things that we might want to know about a person of interest. A lot of people will lock down their social media accounts, but never seem to lock down their LinkedIn.  Why is that?  Well, LinkedIn is a social networking site related to finding jobs. The above information is usually what you need to have visible to be contacted by a recruiter.   So why would you want to bypass logging into LinkedIn? Chances are you already know the answer to this if you are here but in case you aren't in the know, a LinkedIn profile owner could potentially be notified if someone looks at your profile.  That is usually something we do not want to do when conducting our investigations. So how do we go about this? It really is a simple four-step process outlined below: 1. Have the target profile's URL. 2. Put the URL in...
Read more

An Introduction To Google

Image
 First things first, before getting into how to best use Google, we should talk about how Google and other search engines generally work. Search engines and web crawlers go out to sites on the internet and save all of the text, URLs for images, style sheets, and other information on a website and all of its pages. After they collect this information they save and organize it on their own servers. So when you go out to Google and conduct a search you are really just searching their own databases for the requested information. We can use some advanced searches to find some really amazing and useful information.  With that real basic understanding of how search engines work, let us go out to Google and start with the settings... (Highlighted in the picture below) Once we click on settings we are going select "Search Settings" and go over a couple of useful things found there. The first thing I like to change is the Results per page. I set it to 50, but the world is your oyster. ...
Read more