Book Chapters 

How to Find who Views our Facebook Profile the Most?
 

To find the person who views our Facebook profile the most: 

  • Log-in to the Facebook account  
  • Open the profile page 
  • Right click on the mouse 
  • From the options, choose “View page source”
  • It opens “text only view” of the page source 
  • Search for “InitialChatFriendList” with Ctrl + F 

The large numbers shown after InitialChatFriendsList, are the user numbers of different Facebook profiles. The number which appear at first, is the person who views our Facebook profile the most! In fact, the numbers are arranged in the descending order. i.e., the number which appears at second place, is the second most frequent visitor of our Facebook profile.

To see the actual profile of the person, copy the large number before - 2 part. Then, navigate to https://www.facebook.com/user-number/, to view the actual profile.   
 

Relevant Add-ons:
 

Fireshot Add-On:
Many Facebook users become victim of “cyber harassment”, “cyber bullying” etc. This often involves sending threatening or lewd messages on Facebook, “defaming” a person through comments, “malicious” comments on random Facebook pages etc. 

In these cases, the victim must lodge a complaint with the local police. Also, to facilitate the conviction of the accused, the victim should record all the evidences, which includes taking screen-shots of the comment, likes, posts etc. 

Fireshot is the best add-on for screen-shots capture. After installation, a blue square with letter “S” appears within the Firefox. Tapping the icon provides the following options:

  • Capture entire page
  • Capture visible part
  • Capture selection
  • Options

“Options” allow us to save the file as JPG or PNG. However, better choice is “Capture entire page” and “Save to PDF”. 


URL: https://addons.mozilla.org/en-US/firefox/addon/fireshot/

Social Fixer Add-on:
Social Fixer add-on enhances the Facebook experience by:

  • Removing obnoxious political posts
  • Tracking people who un-friend us
  • Hiding sponsored posts

An alternative add-on is FB Purity.


URL: https://addons.mozilla.org/en-US/firefox/addon/socialfixer/?src=search/

Chapter 10: Email Addresses:
 

"Governing the internet is trying to govern human nature".
-    Jack Ma, founder, Alibaba

Email address holds a unique place in our lives. The social networks, bank accounts, subscriptions, commercial services, health services, applications, domains, device backups etc. are all linked to it. Thus, an exposed and compromised email account can potentially compromise all the linked accounts and services. This in turn can ruin one’s personal and professional life. For example, a hacker or malicious element after gaining access to a person’s email account can cause:

Reputational damage: 
The intruder may log into the social network accounts like Facebook, Twitter etc. Then he/ she may – 

  • Modify the “personal details” negatively
  • Send lewd or threatening messages 
  • Post vulgar comments etc 

Any of these can cause irreparable damage to one’s reputation. 

Financial damage:
By impersonating the owner to – 

  • Buy online products 
  • Perform financial transactions etc.

Thus, the intruder robs the owner of hard earned money.

Criminal activities:
By using the hacked email account to commit criminal activities like:

  • Phishing 
  • Extortion 
  • Fraud etc.

Others: 
The compromised email account can be used to:

  • Create accounts on vulgar or illegal sites like porn sites 
  • Facilitate terrorist activities like covert communication 

In these cases, the owner shall appear liable for such unlawful and illegal activities. 

As seen, the dangers with a compromised email accounts are enormous. Hence, one should never post personal email address in the public domain, as it may lead to one 's account being compromised.

The dangers are graver because the email address is a unique identifier, unlike names. Even searching a fairly unique name like “Arushi Parikh” produces multiple people’s profiles, phone numbers etc. However, there is only one arushiexample@gmail.com. Searching such an email address within the quotation marks on the major search engines and Facebook, as explained earlier, can reveal many interesting information. Thus, someone’s email address can expose much faster and much accurate personal details. So, we must secure our email addresses. 

This chapter explains how malicious elements operate. This knowledge will help users safeguard their email addresses in a better way. Also, the methods enlisted below will help police and law enforcement officials investigate the cyber cases in a more professional manner. 

Email Confirmation Sites:
 

Once a hacker, scammer, private detective etc. has our email address, they generally confirm it because:

  • Wrong email address might have been posted in the public domain
  • The email address might have been deleted recently

Now, we shall list down the sites used to verify whether a given email address is presently valid or not. All of them should ideally provide the identical results. 

Verify Email:
The service “Verify Email” (https://www.verify-email.org/) identifies if a given email address is presently valid or not. 


You may also use their fast API feature, whose link can be found at the bottom of the page. 
 
Email Hippo:
Email Hippo (https://tools.verifyemailaddress.io/) is another excellent website to check the validity of a known email address. However, it provides an additional feature. As we validate the target address, the responses appear at the bottom of the page. 

The “Export option” then allows us to download the results as a Word document, PDF document or an Excel spread-sheet. However, this website allows only up to 20 free searches per day. 

Email Finding Tools:

The above tools help a person to validate a known email address. However, few tools and techniques even help find new potential email addresses of a person. The following section explains the process. 

Email Format:
Email Format (https://www.email-format.com/) tool is used by both law enforcement officials and criminals alike, to identify the potential email addresses. All we need, is a domain name. The website then identifies the email structure of the employees working there.  


 
For example, if we provide a domain name of “Microsoft.com”, it identifies several confirmed accounts with that domain and also provides details of possible email formats along with their probabilities.

For example, the potential email formats in their decreasing order of probabilities for the domain “Microsoft.com” are:

  • First_name last_name
  • First_name last_initial
  • First_initial last_name
  • Last_name first_initial
  • First_name
  • Last_name 

Thus, if our target name is “Ramesh Kumar” then the potential email addresses are:

  • rameshkumar@microsoft.com
  • rameshk@microsoft.com
  • rkumar@microsoft.com
  • kumarr@microsoft.com
  • ramesh@microsoft.com
  • kumar@microsoft.com

The potential email address of an employee can be used to - 

  • Seek employment 
  • Redress the grievances
  • Opt-out of their public database etc

Email Assumptions:
At times, we know a person’s email address, but wish to know his/ her other email addresses. Then the email service provider can be changed to assume other potential email addresses. For example, if our target’s email address is "luccku121@gmail.com",then the email provider is Google mail. Now, we can assume same email address on other popular domains as:

luccku121@hotmail.com
luccku121@yahoo.com
luccku121@gmx.com
luckku121@mail.com
luccku121@yandex.com
luccku121@live.com
luccku121@me.com
luccku121@outlook.com
luccku121@hushmail.com
luccku121@tutanota.com

We should use the email verification services mentioned above like “Email Hippo” and “Verify Email” to confirm the above presumed email addresses. However, even after confirmation, it’s not necessary that the confirmed mail address belongs to the target. It’s quite possible that the same email address on other email service provider is being used by some other person. 

Similarly, Twitter handle can be used to assume potential valid email address. This is because, people tend to use the part of the email address before the domain name as “Twitter handle”. For example, a user with email address "luccku@121gmail.com",may choose “luccku121” as the Twitter handle. So, it can reveal a potential email address!
 

Compromised Accounts:
 

Email addresses are compromised on a regular basis, for example, Facebook, Yahoo or Ashley Madison hacks. Hackers often post the breached email addresses and their corresponding passwords on websites such as Paste-bin. 

We can search such websites manually too, but it will be very cumbersome and most likely we shall miss many relevant details available there. So many online services have sprung up to aid these types of searches. We should consider using these websites, which automate the process and provide much faster and accurate results.  

These services provide free services of different levels, and most have paid versions too. The free details provided may include the sites where the account was compromised, the corresponding complete or redacted password and date of breach among others. 

At least, all these services disclose whether a given e-mail address appears within publicly known hacked email database or not. This information itself is very crucial to one’s privacy. Most of us use the same password across websites. Thus, email address compromised on one site can potentially compromise other websites too. More so because very few of us change our passwords on a regular basis. 

This is one of the reasons, why we should use different login credentials for different accounts and change the password if found already compromised. Now, we shall discuss the services that aid these types of searches.

Have I Been Pwned:
Have I Been Pwned (https://www.haveibeenpwned.com/) is considered the gold standard for these searches. The site allows the users to search via: 

  • Email address
  • Domain name

 

The results include description of breaches that contains the provided email address. The description shows the type of services associated with the breaches.
The second option “Notify me” enables user provide an email address, for HIPB to notify us personally if our email address gets compromised in a future pwnage. The fourth option, “Who’s been pawned” lists all the breached websites. 

Pwned Password:
This option enables users to find if the current or proposed password, has already been exposed in the data breaches. It then says, “This exposure makes them unsuitable for on-going use as they’re at much greater risk of being used to take over other accounts”. In such a situation, change the password as soon as possible. 

 

Pipl, Domain Connections and Imitation:

Pipl:
The Pipl website (https://pipl.com/) takes an email address as input and presents all the available related information. The user-name option often provides new details like associated subjects/ friends. For a more detailed report, we should use the API version of Pipl. 

Domain Connections:
Every domain name registration always requires an email address, be it Go Daddy, BigRock or any other website. Though privacy services help users hide the personal details, but this is not always the case. 

Fortunately, many free services collect this registration information and provide details for the current and archived domain registration data. This can identify the domain names registered with the target’s email address. This also works on the domain names that no longer exist. 
Law enforcement agencies should check these sites especially when a tech savvy target is involved. It helps identify additional websites registered by the target with the same email address. Some of the free services that provide different details are: 

Whoxy:
URL: 
https://www.whoxy.com/reverse-whois/
Whoxy website allows searches via email address, owner name, company name and the domain keyword. We can also search using its APIs.

Details Provided:

  • Full name
  • Home Address
  • Telephone Number
  • Domain Names
  • Registrars and Hosts

Domain Big Data:
URL: 
https://domainbigdata.com/
This can be used to find registrant details and the domain names owned by the target using his/ her email address. Thus, it’s another website for reverse whois lookup. 

Details Provided:

  • Full Name
  • Home Address
  • Telephone Number
  • Domain Names

Imitation:
If we have a confirmed email address, we can find the online accounts and activities of the target through imitation process. 

In this process, we try to create an online account with different service providers like Facebook, Twitter, Amazon etc. If it says, the user already exists, then we know his/ her online account on that particular service. But take precautions to never fully execute any account creation process, else he/ she will be notified. Examples:

Instagram Password Reset Link - https://www.instagram.com/accounts/password/reset/
Twitter Password Reset - https://twitter.com/account/begin_password_reset
Facebook Password Reset - https://www.facebook.com/login/identify?ctx=recover/
LinkedIn Password Reset - https://www.linkedin.com/uas/request-password-reset?trk=help-feature-launcher/
Pinterest Password Reset - https://www.pinterest.de/password/reset/
YouTube Password Reset - https://www.youtube.com/account_recovery/
Dropbox Password Reset - https://www.dropbox.com/forgot/
Microsoft Password Reset - https://account.live.com/ResetPassword.aspx?/
Ebay Password Reset - https://fyp.ebay.de/EnterUserInfo?/

We can also use it to find the approximate location of the target by trying to create an account with a local service provider. Similarly, we can find the device information like iOS or Android by trying to create an account with iOS/ Android service providers. 

Chapter 11: User Names:

“The Internet is not a luxury, it is a necessity”.
- Barack Obama, former President, USA

Active internet users are generally present across multiple social networks such as Facebook, Twitter, Instagram, Tumblr, MySpace, LinkedIn etc. Each of them require a user name, thus an active internet user has potentially multiple user names. For a human being, it’s very difficult to remember unique user name for each individual website. Hence, most of us tend to have the same user name across different platforms. For example, the user “arushi12” on Twitter maybe the same user “arushi12” on MySpace. So, once we have a confirmed user name for an online service, we probably have much more data about that user. 

Similarly, a confirmed email address of a target can potentially provide “user name” of that target. This is because most of us tend to use the prefix before the domain name of the email provider as our user name. For example, if a user has a valid email address of arushiexample@gmail.com, then most likely she will use “arushiexample” as her user name across multiple social networks. 

Sites like email format (https://www.email-format.com/) may be used to predict potential email address, which in turn can predict the potential user name. We can then manually search for that “user name” across different social networks. 

However, today there are hundreds of social networks, so it’s near impossible to search each of them manually. Therefore, different services now automate these “user name” searches across hundreds of social networks. Some of these service providers have been listed below:

KnowEm:
KnowEm (https://www.knowem.com/) is the most comprehensive website for “user name” searches. A search for the “user name” through the search field on the main page, immediately checks its presence across the 25 most popular social networks. These include:

  • Facebook
  • Twitter
  • MySpace 
  • Tumblr
  • Instagram
  • Vimeo
  • Blogger
  • Flickr
  • Imgur
  • Pinterest
  • Reddit
  • YouTube
  • LinkedIn etc

In the search results, if the network’s name is slightly transparent and the word “available” is stricken, it means that a subject with that user name is present on that website. On the contrary, when the website is not transparent and the word “available” is orange and underlined, it means there is no subject with that user name on that network. 

Also, there is a link in the lower left corner of the result’s page “Click here to search over 500 more social networks”. Tapping this link opens a new page which searches over 500 social networks for the supplied user name. The searches are completed by category and the “Blogging” category is searched automatically. 

Scrolling down the page presents 14 additional categories with a button next to each category titled “Check this category”. The categories include:

  • Bookmarking
  • Business 
  • Community 
  • Design
  • Entertainment 
  • Photo etc

Name Chk, Name Checkr and Pipl:
 

Name Chk (https://www.namechk.com/) is a similar kind of service. It checks fewer sites than KnowEm, but covers almost all the popular social networks. We can enter a “user name” in the search bar at top of the page. The site then identifies the presence of that “user name” across 118 popular social networks. 

A green background indicates that no subject with that user name is present on that site. On the other hand, a dark background indicates the vice - versa. 
The site also allows users to download the results.  

Name Checkr:
Name Checkr (https://www.namecheckr.com/) also conducts similar type of searches as the previous options. However, it's advantages include:

  • The search is completed faster than the other two sites
  • We also get live hyperlinks to navigate directly to any identified accounts of the person of interest 

We can enter the desired “user name” in the search bar at the top of the page. NameCheckr then searches for the given “user name” across multiple social networks. When we scroll down the page, we find “Load More Options”. User can tap on it to search for some additional social networks and domains. 

Pipl: 
Pipl (https://www.pipl.com/) is the best site to locate any Indian by his/ her user-name. Searching for a “user name” in the search field, displays the subjects using that “user name” on different social networks. 

It also attempts to discover personal information about the user including age, location, interest, employer etc and displays a small image associated with the user’s account. 
 

Custom Search Engines:
 

Unlike Google, they are meant to excel in particular kind of searches. They provide a quick and through search of both popular and lesser known sites. 

Social Searcher:
Social searcher (https://social-searcher.com/) takes a user name as input, in the search bar at the middle of the page. It subsequently does real time search of 12 sources, and provides the most recent results from Facebook, Twitter, Google + and the overall web. The site also notifies users when a new content matching their query appears, through free email alerts.  

Social Mention:
Social Mention (www.socialmention.com/) provides real time social media search and analysis. Once we type the user name in the search bar in the middle of the page, we get the relevant results. It allows to sort the result by date or source and by time ranging from last hour to anytime. 

The site also displays the sentiments (positive, negative and neutral), top keywords, top users, top hash-tags and the sources for the “user name” searched. Besides, it allows to create an email alert and download the results in CSV/ Excel file format.   

We can also see the passion and sentiment reading in the upper hand left corner of the website. 

Conclusion:
This chapter gave exposure to information that can be obtained using a specific user name. The readers are advised to check their own username to figure out what digital fingerprints they are leaving. It will also help identify their fake profiles and thus, flag possible identity theft cases.