SpyCloud Investigations


SpyCloud Helps Bring an Identity Thief to Justice

After Three Years of Identity Theft and Financial Fraud, An Executive Turns to SpyCloud for Help

SpyCloud’s core mission is to significantly disrupt the cybercriminal economy to eliminate the loss of money, time, and reputation due to online fraud – ultimately making the internet a safer place for individuals and businesses.

Due to the depth of our investigations experience and breadth of our breach asset database, we’re often brought in to assist customers with investigations, and frequently partner with law enforcement to bring criminals to justice.

This is the story of one such investigation, which was recently brought to a satisfying conclusion.

Background on the Case

We were put in touch with an executive who had been the victim of identity theft and financial fraud by an unidentified attacker for close to three years — a leader at a nationally-recognized technology solutions firm. 

Using a combination of stolen credentials and social engineering, the attacker perpetrated a string of crimes, including:

  • Opening numerous bank accounts in the executive’s name, leveraging his Social Security number
  • Opening various credit cards in his name
  • Accessing his utility bills and even shutting his utility services off
  • Accessing his actual bank account and wiring funds
  • Unlocking the credit hold the victim put in place as a stopgap

Based upon the duration and types of activities performed by the attacker, it was clear that not only were we dealing with a tenacious and determined bad actor, but that the attack was highly targeted. 

Targeted attacks, though time-consuming, are highly effective, difficult to stop and can lead to huge losses – as this victim experienced.

The victim had one clue as to the identity of the perpetrator: a check had been issued from his real bank account to an unknown person – possibly the attacker.

Enter: SpyCloud

Investigators at SpyCloud were asked to look into the suspected attacker’s digital footprint to stitch together a profile, reveal possible alternate identities, and potentially attribute other crimes. Investigators often begin with only one piece of information – an email address or phone number, or in this case, a name. At the outset, we reviewed publicly available information tied to the suspect’s name, such as known addresses and phone numbers. We then leveraged OSINT to collect additional PII, and were able to identify four pertinent email addresses that guided our next steps.

Using Maltego, we dove into SpyCloud’s datalake of nearly 100 billion breach assets: decades worth of digital breadcrumbs that can be used to locate and unmask criminals (like the rest of us, criminals use online accounts that are subject to data breaches). 

Pivoting off the email addresses, we found numerous identities under which the suspect was performing illegal activities — email addresses or user IDs that had either been stolen on the internet or created to impersonate other victims. Various other identities tied to an original known email address is a strong indicator that a person is engaging in criminal enterprise. 

Based upon IP addresses, we were able to geolocate the suspect’s residence and drop off points. We identified another criminal at the suspect’s address: his sister, who was also committing financial fraud. We also found many phone numbers attributed to the suspect — both land lines and burner phones. 

Finally, using SpyCloud data, we were able to locate an address for the suspect that was tied to a previous arrest record in a neighboring county.

The Arrest

Everything we learned was provided to the local police department. Along with information the detective compiled, the SpyCloud report was used to help curate the warrant for the suspect’s arrest.

During the arrest, evidence was collected from the suspect’s house showing the victim’s name, utility and cable TV account numbers written on a piece of paper.

The suspect is currently facing multiple felony charges. SpyCloud is proud to have helped put an end to the technology executive’s victimization.

With SpyCloud data acting as a roadmap to unmask and bring criminals to justice, we regularly offer our customers and partners assistance with investigations, and cooperate with law enforcement to take criminals of all types off the streets.

SpyCloud partners with law enforcement to investigate and take down cybercriminals committing online fraud, identity theft, and other illegal activities.

Transform Your Investigations

Whether you begin with a name, email or phone number, SpyCloud Investigations – backed by 50+ Maltego transforms and over 100 billion searchable breach assets – makes it faster and more efficient to take down those attempting to harm to individuals and businesses.

Learn More About SpyCloud Investigations

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Download the PDF version of the case study to print or share with others.