There is this silly idea that OSINT and investigating stuff is this cerebral game of cat and mouse, and sure, sometimes it can have those Holmesian (is that a word?) moments; but dumb luck often plays a huge role. This is one of those moments.

So a client of ours receives an anonymous email, and we get tasked with finding out who sent it. Can’t get into specifics, you know the drill.

Now, the email was a Gmail account. It was connected to a long dead Facebook account that was deactivated years prior. Based upon that information, I was able to extract two digits from a redacted (***-***-**XX) phone number. Alas, no other emails were connected to these accounts.

The email did not show up in breach data, so that was a dead end. The “username’’ portion of the email (the stuff before the @ sign) was also a dead end.

I was about five minutes in, but decided to take a break. I’m my own boss. I can do what I want.

I decided that, at this exact moment, I wanted a Coke Zero. As I retrieved this delicious beverage (and no, Coke is not a sponsor or affiliated with us in any way), I received one of those scam texts to my phone. It was sent by some “eduardo94bonkacxyiu” at a Hotmail address. According to the tale sent by this spammer, my “Canada Post delivery has arrived at the warehouse but it could not be delivered” due to to shipping fees, etc etc. To correct this issue, I needed to log into my PayPal account, and they generously provided me with a link!

How kind.

I deleted the text.

But then, for a brief moment, as I sipped my Coke Zero, I thought to myself, “I wonder…”

I logged into a PayPal account. Now, I knew this was a long shot…

I clicked on “Send.”

I suppose it could work. I mean, most people made their PayPal accounts ages ago, and just kind of return to it from time to time when they need to send money.

I highlighted the anonymous email address and hit CTRL-C.

If this works, this is one of those Daniel Craig from Glass Onion “it’s so dumb” moments.

I hovered and clicked into the “Send money” bar.

CTRL-V.

I couldn’t believe it. A name. I wish I could take credit for some slick gumshoeing here, some brilliant move that led to a checkmate. In all honesty, I would have eventually found the PayPal account, but when I run through my vectors, PayPal and other similar pay apps run about halfway down.

No. This was just dumb. It was a slip-up on their part, and a spam text message that came in at just the right time, and activated that little grey cell fuelled by caffeine from a Coke.

With a name in hand, and two digits of a phone number, it took another five minutes to track this person down, get a home address, other emails, criminal records, active social media accounts, photos, and even a VIN number to their shitty 2007 Buick.

There’s a lesson in here somewhere. Anyway, I need a Coke Zero.