BLOG
OSINT & fraud investigation insights
Guides, research, and analysis on OSINT, identity resolution, and fraud investigation.
How to Run an OSINT Investigation From Only an Email Address
A walkthrough of an email-only OSINT investigation — the three layers an address reveals, how to pivot from them, and how DefenceCore resolves an identity graph with sourced, confidence-scored findings in seconds.
How to Investigate a Suspicious Email Address for Fraud
The full process for investigating a suspicious email — mail infrastructure, account enumeration, breach exposure, and iterative pivoting to resolve who is behind the address — done manually, then by an agent in minutes.
How to Find Who Is Behind a Username
Resolving a username to a real person: enumerate the handle across platforms, separate the people who share it, pivot to hard identifiers, and resolve with confidence — the manual method, then automated.
How to Investigate a Fake Signup
A step-by-step method for deciding whether a flagged signup is a real customer or a constructed identity — inventory the signals, test their consistency, pivot for the ring, and resolve with a defensible decision.
Synthetic Identity Fraud: The Red Flags Investigators Look For
Synthetic identities pass checklist verification because each field is valid — they fail only when you try to resolve them into a coherent, historied person. The red flags that surface a manufactured identity under investigation.
How Fraud Teams Triage Signups
How mature fraud teams structure signup triage — the automated/review/escalation funnel, what a defensible decision weighs, and why the review queue becomes a rubber stamp when investigation costs an analyst-hour per case.
VoIP and Burner Number Fraud Signals
How fraudsters use VoIP and burner numbers to clear phone verification, the signals that distinguish a disposable number from a real mobile, and why line type should reweight a case rather than decide it alone.
What Is an Autonomous OSINT Investigation?
An autonomous OSINT investigation moves the pivoting from the analyst to an agent: you provide the signals, the agent runs the checks a trained investigator would, and returns a sourced identity graph, defined risk signals, and a recommended action.
Identity Graphs and Entity Resolution in Fraud Investigation
Entity resolution decides which scattered signals belong to the same person; an identity graph is the scored, sourced result. A guide to both, and why confidence on every link is what makes a graph usable as evidence.
How to Investigate a Crypto Wallet Address
A wallet address is one signal in a broader identity picture. How on-chain analysis surfaces cluster proximity, why proximity is a risk signal and not an attribution, and how wallet evidence should be weighed in a fraud or compliance case.
How Investigators Use Reverse Phone Lookup, Phone OSINT, and Data Enrichment
A detailed breakdown of how OSINT investigators, private investigators, and security analysts use reverse phone lookup, phone number lookup, and data enrichment to build subject profiles, verify identities, and uncover fraud.
Phone Number Risk Scoring for Fraud Teams: How It Works
How phone number risk scoring works — the signals behind the score (line type, SIM-swap, breach exposure, linked accounts, fraud history), how to read it, and where it fits in a fraud workflow.
OSINT Tools for Trust & Safety Teams
How trust & safety teams use OSINT to verify accounts, detect fake signups, and investigate abuse — the tool categories, what to look for, and where identifier enrichment fits the workflow.
How to Investigate a Smishing Campaign
A step-by-step workflow for investigating a smishing campaign — collecting artifacts, enriching sender numbers, analyzing links, clustering the campaign, and containing it.
Phone-to-Social Pivoting: Turning a Number Into Linked Accounts
Phone-to-social pivoting uses a phone number to discover the social and messaging accounts registered to it. Learn how the OSINT technique works, what it surfaces, and how to read the results.
What Is Data Enrichment in Fraud Investigation?
Data enrichment expands a single identifier — a phone number, email, or username — into linked accounts, breach exposure, carrier data, and risk signals. Learn what it adds and why fraud teams rely on it.
What Is Identity Exposure? (And Why It Matters for Fraud Teams)
Identity exposure is how much can be assembled about a person from one identifier — linked accounts, breaches, and footprint. Learn what it measures and why it matters for fraud teams.
Twilio Lookup Alternatives for Fraud & OSINT Teams
Twilio Lookup validates numbers but stops at carrier and line type. Here are the alternatives for fraud and OSINT investigators who need linked accounts, breach exposure, and fraud signals in one query.
Best Phone Number OSINT Tools for Investigators (2026)
A practical breakdown of the phone number OSINT tools investigators use — carrier/HLR APIs, breach engines, free checkers, and all-in-one platforms — with criteria for choosing the right one.
How to Enrich a Phone Number in a Fraud Investigation
The step-by-step workflow for enriching a phone number in a fraud investigation — line type, SIM-swap signals, breach correlation, linked accounts, and fraud history — and how to do it in one query.
I Gave a Scammer My Phone Number — Now What?
Gave a scammer your phone number? Here's exactly what they can and can't do with it, the warning signs to watch for, and how to check the number that contacted you.
Got a Verification Code You Didn't Request?
A login or verification code you didn't request usually means someone has your password and is trying to break into your account. Here's what it means and what to do.
Why Is My Own Phone Number Calling Me?
Getting a call from your own number means a scammer is spoofing your caller ID. Here's why it happens, whether your phone is hacked, and what to do about it.
“Package Couldn’t Be Delivered” Text: Scam or Real?
Got a text about a missed package delivery with a link or a fee? It's almost always a smishing scam. Here's how to tell, and how to check the number that sent it.
How to Verify a Phone Number's Real Owner
A practical guide for investigators on verifying who actually owns and controls a phone number — covering subscriber vs. user attribution, line-type validation, spoofing caveats, and how to assign a confidence level to your conclusion.
Fraud Investigation Checklist: What to Gather First
A complete fraud investigation checklist covering the evidence, contact data, and phone OSINT records to gather before you begin. Built for victims, investigators, and fraud analysts who need a documented starting point.
Romance Scam Phone Number Investigation
Learn how investigators use phone number OSINT to expose romance scammers — from VoIP detection and carrier lookup to breach correlation and social enumeration. A step-by-step guide for victims and fraud investigators.
What Is Phone Number OSINT? A Complete Guide for Investigators and Security Professionals
Phone number OSINT uses open-source intelligence to trace, verify, and profile any phone number. Learn the techniques, tools, and legal framework used by investigators worldwide.
Phone Scams Are Getting Smarter in 2026 — Here's How to Protect Yourself
Phone scams cost consumers billions each year. Learn how modern scams work, how to identify a suspicious number before you answer, and how OSINT tools like DefenceCore protect you.
The Stages of a Fraud Investigation
The phases of a fraud investigation — detection, triage, evidence collection, analysis, attribution, containment, reporting, and review — and how identifiers like phone numbers tie cases together.
Phone Number Reputation Data: A Useful Signal for SOC Teams
How SOC, fraud, and threat intel teams use phone number reputation data — VoIP detection, SIM swap signals, and linkage — to triage smishing, vishing, MFA, and BEC.
Who Called Me? How to Do a Reverse Phone Lookup in 2026
Got a call from an unknown number? Learn how to run a reverse phone lookup using OSINT tools like DefenceCore to identify unknown callers, avoid scams, and protect yourself.