Table of Contents
- What is OSINT?
- How Does OSINT Work?
- Who Uses OSINT?
- OSINT & Financial Fraud
- Why is OSINT Important?
- Advantages of OSINT
- Disadvantages of OSINT
- Are OSINT Investigations Legal?
- OSINT Techniques
- What Does an OSINT Investigator Do?
- A Note on OpSec
- How Can OSINT Help with Fraud Detection and Prevention?
When starting in the field of fraud fighting, one of the first acronyms to learn is OSINT. Short for Open Source Intelligence, OSINT is not just a field, but also a mindset. It is about utilising publicly available data to make sense of a given situation. In this comprehensive guide, we will walk you through the core principles of OSINT, the most common techniques used, and provide tried and tested tips to help you fight fraud effectively using OSINT.
What is OSINT?
Open Source Intelligence refers to the practice of gathering publicly available data from the Internet, social media, and traditional sources such as TV, newspapers, and journals. The purpose of OSINT is to assess a case or situation by gathering information in various formats, including text, images, videos, and profiles. This information is then processed, assessed, and stored according to the analyst’s end goal. OSINT data can be used in a wide range of applications, including fraud prevention and detection, customer due diligence, and website visitor segmentation for marketing and security purposes.
At Opsimathy, we leverage the power of over 50 OSINT sources to accurately assess the intentions of people who engage with our customers. This allows us to effectively fight fraud and reduce chargebacks. As the CIA’s website states, “Information does not have to be secret to be valuable.”
How Does OSINT Work?
OSINT tools collect and aggregate information from a variety of publicly available sources to provide a more detailed overview of a particular user or company. These sources can include blogs, forums, social media sites, traditional media (TV, radio, publications), research papers, government records, academic journals, and more. In the context of fraud detection and prevention, OSINT is used to gather information on a customer or case to determine their identity, intentions, or any fraudulent activities they may be involved in. It is especially useful in verifying whether a user and the cardholder are the same person. OSINT also plays a role in analysing entities involved in complex fraud cases, such as suspicious users or affiliate fraudsters.
Who Uses OSINT?
OSINT is utilised by a variety of professionals and solution providers who require additional information on specific individuals or topics. It is commonly used in the following fields:
- Law enforcement
- Risk and fraud management
- Human resources
- Military operations
From businesses handling financial transactions to law enforcement agencies, OSINT can support any type of investigation and intelligence gathering.
OSINT & Financial Fraud
In the case of financial fraud and FinCrime, OSINT can be a valuable tool. Many financial fraud schemes rely on social engineering, confidence scams, and fake identities. OSINT investigations can start with limited data, such as someone’s likeness, social media profile pictures, or commonly used email addresses, to shed light on the true identity and intentions of individuals involved in fraud. For example, Opsimathy’s data enrichment solution starts with an email address, phone number, or IP to create a comprehensive profile based on the individual’s digital footprint, which is difficult to fake.
Why is OSINT Important?
The importance of OSINT depends on its purpose and usage. Some reasons why OSINT is important include:
- Identifying data breaches
- Conducting customer due diligence (CDD)
- Uncovering vulnerabilities
- Supporting decision-making processes
- Staying up to date with news and trends
Advantages of OSINT
OSINT offers several advantages in fraud detection and prevention. It adds an extra layer of security and improves knowledge of potential users without requiring their input, thus not impacting the user journey. This extra layer can improve decision-making processes at a lower cost, as many OSINT tools are available for free. Additionally, OSINT data is often live and updated regularly, as public information is constantly added to the Internet.
Disadvantages of OSINT
While OSINT has many advantages, there are also some disadvantages to be aware of. Due to the vast amount of information available on the Internet, filtering through the noise can be challenging and time-consuming. Without specialised tools, teams may spend a significant amount of time sifting through irrelevant information. Additionally, OSINT requires human input to verify the information collected. There are not many plug-and-play tools available for analysing OSINT data, and validation is crucial to avoid analysing false or useless information.
Are OSINT Investigations Legal?
OSINT investigations involve collecting and sharing publicly available data without breaking laws or policies. They do not require a warrant or involve shady practices. However, it is important to handle the gathered and stored information in a compliant manner. It is worth noting that doxxing, the practice of unveiling anonymous Internet users by combining publicly available information, can be illegal depending on the actions taken with that information and local legislation.
OSINT techniques refer to the methodology of acquiring information from various sources. These techniques are crucial for effectively conducting OSINT investigations. Some common OSINT techniques include:
- Search Engines: Using search engines like Google, DuckDuckGo, and Bing to gather information from websites, social media platforms, and other online sources.
- Advanced Search Operators: Mastering advanced search operators to filter search results by file type, language, domain, and other specific criteria.
- Specialised Search Engines: Utilising specialised search engines designed for people searches, leaked databases, and other specific use cases.
- Social Media Monitoring: Monitoring social media platforms for publicly available information related to individuals or topics of interest.
- Web Scraping: Using automated tools to extract data from websites and online sources.
- Data Aggregation Tools: Leveraging tools like Maltego, Skopenow, Netwatch, and Effect Group to collect and analyse OSINT data from multiple sources.
- Digital Footprint Analysis: Analysing an individual’s digital footprint, including their device metadata, IP address, email address, and phone number, to identify patterns and connections.
- Entity Analysis: Examining interconnected users and entities within a system to uncover relationships and potential fraud rings.
- Archiving and Note-taking: Capturing and storing evidence and notes from OSINT investigations using tools like archive.is, archive.org, and Hunchly to ensure data integrity and preserve information.
What Does an OSINT Investigator Do?
An OSINT investigator is responsible for gathering, analysing, and extracting knowledge from the information collected. The investigator follows a systematic approach, which typically includes the following steps:
- Collecting information from open sources: The investigator starts by searching their sources using available information such as emails, phone numbers, usernames, addresses, etc. to build a comprehensive file on the case.
- Filtering: The investigator filters out irrelevant or mismatched information to focus on the relevant data for the investigation.
- Analysis of information: The investigator analyses the collected data using bottom-up logic and builds a theory based on their findings, working towards actionable insights.
- Gaining insights: At the final stage, the investigator presents their findings and recommendations based on the information analysed. It is good practice to involve another investigator to avoid bias and ensure a thorough assessment.
In essence, OSINT investigations involve the analysis of information and intelligence to make informed decisions.
A Note on OpSec
Operational Security (OpSec) is crucial in OSINT investigations to ensure that the target of the investigation is not alerted to the investigator’s activities. Investigators must be vigilant about the traces they leave behind and take steps to investigate anonymously if necessary. This may involve using virtual machines or other tools to protect their identity and avoid detection.
How Can OSINT Help with Fraud Detection and Prevention?
OSINT plays a significant role in fraud detection and prevention. It is often used in manual reviews when automated security systems are unable to make a correct assessment. OSINT provides additional intelligence and information to help fraud analysts determine the true identity of individuals and assess their intentions. It is particularly useful in verifying whether a user is who they claim to be and in identifying suspicious activities or fraudulent entities. By analysing publicly available information and cross-referencing it with internal data, fraud analysts can uncover connections, patterns, and potential fraud rings. OSINT also helps fraud managers stay up to date with emerging fraud trends and prepare for new threats.
Open Source Intelligence (OSINT) is a powerful tool in the fight against fraud. By gathering and analysing publicly available data, fraud analysts can gain valuable insights into the true identity and intentions of individuals involved in fraudulent activities. Mastering OSINT techniques requires a combination of technical skills, analytical thinking, and attention to detail. While there are automated tools available, the mindset and ability to handle information in the appropriate context are crucial for effective OSINT investigations. By leveraging OSINT, businesses and organisations can enhance their fraud detection and prevention efforts and stay one step ahead of cybercriminals.