Lets face it, we hate email spammers as much as the next email account owning person. Even worse when we don’t know who they are and we cant unsubscribe. This article talks about how to track down users by email address, find them, their old accounts, checkout website hidden emails, and get a little revenge. We’ve spoken about are dislike for email spammers previosly, consider this article an extended version of advice.
Every day we receive so many emails, personal, work related and random Viagra emails, that quite frankly, its pretty ridiculous. However, there is one aspect we dislike more than random email spammers, and that’s email scammers. I’m not talking about random emails from Nigeria (apologies for generalising) who claim to be the king. I’m talking about the phishing emails almost exactly alike to the organisation they are pretending to be. Thats a new kind of low, and we don’t like that kinda thing.
For those that may find statistics interesting, in 2019, 293.6 billion emails were sent and received on a daily basis. In 2020, this grew to 326.2 billion per day and the projected number for 2021 is an astonishing 364.4. It doesn’t take a genius to see the rapid growth. What is signifiant is jump in projected numbers for 2021. No doubt that has something to do with a rather minor world wide pandemic, perhaps.
This article will cover 5 steps of finding someone by email address. It covers common reverse email tools, tracking scammers to their house, finding hidden emails in websites, Google Dorking and hacked data dumps. It will also cover some of the lesser known techniques used by private investigators.
Other Information on finding emails
For those driven online readers, we have talked about other techniques on finding people online with limited information at hand. I summarise them here, in case they take your fancy:
- User Lookup : Search like a pro..without tools
- Hide and Seek : How to find anyone online (and hide)
- How to find profiles onilne? Discover if your partner has a secret dating profile (part 1)
- What can a hacker do with your Email?
- How to Find and Search for Someone on Tinder
As you can see, we do have a vast array of learning material for you. If you continue reading, we’ll hopefully encourage you to track down those scammers and perhaps keep them up at night. Perhaps you’ll find their base of operation from our article!
Reverse Email Lookup
What is a reverse email lookup? you may on your journey to trying to find out who owns an email, came across this term. You will no doubt come across various sites claiming they can do this…if you just hand them some money. Some of these sites would have asked for money. Those of you persuaded to do this are likely full of bitterness now. Yes we know, most of them don’t work.
For those not totally inside the OSINT communities, you may not have seen this term much. A reverse email lookup is an application that tracks down the identity who originally registered the email address. It also uncovers information social networks or dating sites that the email may be associated with it.
Thats quite a handy tool, right? with such a capability, I can see internet scammers running to the hills!
1) How to find the email sender physical location?
Those eagle eyed among you will know this technique from a previous article, but its so useful we mention it again.
If you go to the suspect email in question, you will see a button or tab (usually on the top right) called ‘view source’. This is what it will look like:
What you want to focus and look for is within the ‘recieved’ section of the header. Just to back track a moment for those who may be new to email headers. Email headers are sent with every email, it contains coded information about the sender, recipient, the route the email took and various authentication codes. Sometimes, email providers will add their own code in here which can misrepresent the information, so just be warey on the reliability. Always double-verify the information through other sources.
As we was saying, your interested in the IP within the ‘received’ section of the header. On this header, its the number 126.96.36.199. This IP number is essentially the phone number of the computer that was used to send the email. Sometimes, the IP is actual home router where the email was sent, other times it can be the ISP server location, and sometimes it can be the email provider server. As we mention, double verify the information so you don’t make false conclusions.
Track down that IP address…hackers style
Next, we want to actually track down that IP address, lets find out what country its from, and perhaps what street. You need to use a free online tool called Trace-route. This tool essentially bounces around the internet tracking down the IP address to the closest location it can get. There are loads of trace-route tools online, but for our exmaple we use tools.keycdn.com.
All you need to do is copy / paste the IP addres into the trace-route and watch the great looking trace take place. For us, this is what it looks like:
There you have it, we now have the physical location (address), of the email sender. The more advanced technology gets, the closer the networks can pinpoint IP addresses to the physical location. Try sending yourself and email and test out the trace route…then check it out on Google Maps, see how close you can get to your current location.
2) Do Email lookup tools work?
We’ve already mentioned you may have had some experience of reverse email lookup sites claiming their various capabilities. However, to save you searching, should you want to try them out, we list the more popular ones here (pre-warn they are all charged websites bar one):
- Find That Email (https://findthat.email/)
- Finder Expert (https://finder.expert/)
- Snov.io (https://snov.io/)
- voila Norbert (https://www.voilanorbert.com/)
- Email Finder (https://hunter.io/email-finder)
- FindThatLead (https://findthatlead.com/en)
- Email-Prospector Pro (https://www.egrabber.com/emailprospector/)
- FindEmails (https://www.findemails.com/)
- UserSearch (https://www.usersearch.org – Free)
3) How to Dork / Hack Google for emails?
For those not familiar with the term Google Dorking, don’t be alarmed. Google hacking is known within the private investigator world as simply entering very specific keyword terms into google, to retrieve data that has been indexed by the Google bot, but would not typically be presented in search listings.
We could write an entire article on Google Hacking, many have (there is quite a comprehensive article at osintguro.com). However, for the purpose of finding emails, Dorking can sometimes show databases of websites, or leaked databases, which include usernames and email address’s. This is a handy way of finding out where an email has or had been, at the time of the database breach. The most extensive resource for finding out what terms can be used in Google can be found at exploit-db.com.
4) Find emails in hacked database dumps
In the united states, they saw 1,244 recorded data breaches in 2018 and had 446.5 million exposed records. The key words in that statement are recorded data breaches. How many companies hide these exploits under the carpet to save fines and imbarismnet?
Every few months we see major data leaks in the news. These data leaks typically contain usernames, emails, passwords and personal banking details, address, the whole lot sometimes. So, wouldn’t it be useful if you could some how scan all these data dumps for your target email address and find out what sites they have been on? Well a very clever chap called Troy Hunt already thought of this, and provides exactly that service. Due to the usefulness to our users, we actually pay to access their API ourselves.
As a result, we include their data as a search on our site. When on our our main page, click the tab ‘Have I Been Hacked?’. It will then list to you all the reported data dumps an email address has been included in a hack. There are quite a few dating sites in that list.
5) Website hiding their email address? no problem.
Some websites have a ‘contact us’ page, but do not actually advertise their email address. This can be for a number of reasons, such as reducing their own email spam, or for security reasons they do not want their email account to be publicly known. Smaller organisations may not actually have a business email and you’ll find when you fill in a ‘contact us’ form, it goes direct to someones personal email address. Want to find that email they are hiding? its not too difficult.
All websites are built in code, at there most basic, its HTML. In order to build a form, HTML is needed. There will be an ‘action=’ code snitbit within the code somewhere. After the ‘=’ symbol, you’ll find the email address your contact form is sent too. So, to find this, simply right click on the form in question and select ‘view source’. You’ll see something like this:
Please dont be intimated by what you see, if your not vamilear with code, it will look like a foreighn launguage.
No code knowlage needed
With us being coders, we know one of the least common symbols that is used in coding would be the ‘@’ symbol. So, all you need to do is click ‘CTRL + F’ at the same time. This will bring up a search bar, which you just need to enter the @ symbol and search. If the email address is hidden somewhere within the HTML, you’ll find it.
If you don’t fancy accessing the HTML and searching for the @ symbol, but there is a tool that will pull out any hidden emails from within the HTML for you. All you need to do is enter the URL that you want to check and click go. Simply this main page and select the ‘Email Extractor’ tab. This check for hidden emails does not have to be on contact forms only, it can be on any page where you suspect emails may exist, such as a really long chat forum and you don’t have the time to check all the messages.
5) How to use Google to find an email?
You may sigh, back to google again, but not Dorking this time. Were going to tell you how to use Google, the Private Investigator way.
Google accepts highly complex search operators, which literally sifts false positives very efficiently. It also allows you to perform eagle-eye focused searches for emails. You may have an email address, but your not coming up with much by just placing it in google. What you want to do next is just use the first portion of the email address prior the @ and try in google. However, don’t just enter it on its own. Use the information you have gained from checking data dumps, to focus your search on known websites your email address has been associated with. Here is how you can do that:
- site:companywebsite.com + [name] + email
- site:companywebsite.com + [name] + contact
- site:companywebsite.com + firstname.lastname [at] companyname.com
- site:companywebsite.com + firstnamelastname [at] companyname.com
- site:companywebsite.com + firstname [at] companyname.com
- site:companywebsite.com + firstname_lastname [at] companyname.com
Using combinations like this, you can come across old profiles that were once available on google, that are no longer available. Using this method in google, as a final evaluation after checking hacked data dumps, can quite often prove very fruitful.
There we have it, 5 methods, quite commonly used by private investigators, to find the person behind the email address. Also, you now know how to find further associated accounts by email address. You also have a number of reverse email search tools that you could try, should you wish to pay.
We hope that this knowledge can be used for good, perhaps track down that nuisance spammer, or track down a scammer who may have exploited someone you know. Have a great story to tell us? email in.