Hot Tips You Should Know from a Private Investigator
JANUARY 2023
Google review awareness:
When someone writes a Google review, their GPS coordinates at the time of posting can be pulled out of the URL. For example (in bold):
I don't know if this is an oversight slip or a measure to prevent fake reviews; regardless, Google is a little sneaky getting you to consent to this in the fine print.
Write reviews! Small businesses need them. :) But consider using an alternate account or posting them while not at your home.
Hotel travel:
Keep in mind that at any given time, there are several people who have access to your room (the front desk, housekeeping..).
1. Dead bolt the door when you are inside.
2. Decline housekeeping. Put up the Do Not Disturb door hanger. Or, put up a sign that says something like, "Quarantining Person- no housekeeping please," or "Recording in Progress - Do Not Enter."
On the flip side, don't steal anything from your hotel room. Theft creates such an expense for hotels that some have started putting microchips in their towels!
Phone charging:
Think of USB charging cables as data exchange cables. In other words, anything you plug your phone into, such as a work computer, or airport charging station, has the opportunity to view your personal info, or install malware/spyware.
Avoid this by only charging your devices via electrical outlet or a trusted computer port.
Encrypted messaging:
There always seems to be some debate about which platform ( Signal, WhatsApp, Telegram) keeps your messages the most secure.
1. There's a digital record of everything ever transmitted, and then there's screenshots. So behave as if nothing is sacred, because it’s not.
2. If you were in a position of needing secret communication, there is a trick utilized by savvy terrorist groups that the former director of the CIA borrowed when having an affair with his biographer. The communication method between the two was a mutual junk Gmail account that they both had password access to. One would write a note to the other and save it in the Drafts folder. The other would sign in, read the “draft”, delete it upon reading, and write back, again, saving it in the Drafts. Since nothing leaves the drafts folder, no data is transmitted, and it can’t be intercepted.
Hackers usually don't hack sites, they hack people.
One could access a building by picking a lock and defeating the alarm system, but it's much easier to just ask someone to let you in. Bad actors, (or good investigators), might get someone to hold a locked door open for them by choreographing an approach; carrying a big box of donuts, carrying a ladder, wearing a jumpsuit and backpack with a sprayer attachment, wearing a uniform (most corporate uniforms are for sale for less than $10 on eBay.), on crutches, pushing a wheelchair, etc.
And so on.. I hate to discourage people from being nice. Just take a closer look, a second glance, and be aware that both online and in person, some people will try to engineer you to breach your own security.
Email Tracing
Here’s a free way to get “read” notifications on your sent emails. You can know if and at what time someone opened an email you sent, and how many times they open it.
1. Go to getnotify.com and sign up for a free account.
2. Go to your regular email. Send an email to your intended recipient, but add .getnotify.com at the end of their address. For example, if I’m emailing sara@gmail.com, I’m going to write it as sara@gmail.com.getnotify.com. The recipient will not be able to see this, and it will come across as a normal email.
3. Once sent, sign in to your GetNotify account and click on “Outbox.” It will show you all the emails you’ve sent along with the delivery/read status.
*Note – the IP address and geolocation suggested of the recipient is not correct information –it’s just the information of a server.
Apple/Stalking
Apple got a lot of bad press after stalkers (or people with other ill intentions), were using Airtags to track the whereabouts of unsuspecting victims. Apple has countered this potential by updating the design so that both iPhones and Android phones will notify their users within 1-2 hours that they are being tracked by an Airtag, and they can request it to play a sound to help find it.
However, one can just as easily use the "Find my" feature to locate/track any Apple device, and the victim receives no such notification.
An iPhone 4, or old pair of Airpods, sell for about $20 on eBay; cheaper than a new Airtag. The battery on a device is going to be limited compared to an Airtag, but, "accidentally" leaving a pair of Airpods in someone's car is a lot less suspicious than leaving a device that's only design is to track location.
The point here is, consider the possibility of nefarious intent if you find any device that isn't yours in your car or belongings.
AUGUST 2022
Social Media security
I do background checks and surveillance for a living. It’s astounding to me how many people have public social media accounts and a trove of information is easily gathered.
-Consider making your profile private.
- If a company asks me to look into a potential job candidate, usually the candidate is anticipating this, and they’ve cleaned up their social media appearance accordingly. So the first place I go to look for dirt is the tagged photos. Be aware what other people are posting about you!
- Using an alias will not protect you from being discovered on the internet. I use facial recognition software that, with one example photo, uncovers all the other photos of that person online. I’ve found more than one subject in an adult film or site under an alias. I even located a missing person who was due a legal settlement by finding her live webcam alias and messaging her while she was online! The point is, find the controversial content that exists of you online, and request it’s removal before a potential job or partner finds it.
Scrap your go-to password. Embrace the password manager.
Do yourself a giant favor and free up your brain bandwidth and reduce your chances of getting hacked.
-Memorizing a strong and unique password for every account you have is just not realistic! To counter this, people tend to recycle their passwords. The problem is, technology is growing at a faster pace than there is security to protect it. Hackers break into sites and sell the information they obtain (Run your email account on haveibeenpwned.com to see how many data breaches your info has been in.). If say, Hulu has a data breach and your password is leaked, this might not be a big deal on it’s own. But hackers are going to try that same password with Paypal, Bank of America, Facebook.. you get the picture.
-As an experiment and knowing where to look, I ran about 10 email addresses (of consenting friends obviously,) to see if I could find the password. I very easily obtained about 5 of them right off the bat; some of them for sale on dark net-adjacent sites for less than $2. Breached info is a commodity and that includes passwords, credit card numbers, medical records, credit reports; basically everything you thought was sacred is actually for sale. (Sorry.)
-Use a password manager but not a free password manager. Paid sites are a lot more incentivized to protect your information. Highly rated programs use a “zero-knowledge architecture”, and your master password is not stored (therefore cannot be hacked or leaked.) Here’s an article that explains the basics: allthingssecured.com/identity-protection/how-do-password-managers-work/
-Rethink your security questions to all of your accounts. Information like your mother’s maiden name, the street you grew up on, and your high school mascot can be looked up in a matter of seconds.
Create extra steps to access your personal info
-Consider limiting access to your social media profile to people you know personally, but especially a Strava profile! Investigators LOVE a public Strava, it’s a goldmine of information! We can figure out where you live, where you work, and what your routines are.
-Shred your mail/sensitive documents, AND pour something gross on them. Dedicated grifters will use software programs to reconstruct shredded documents.
Sign up for free trials with abandon without getting billed when they run out
Most people have heard of burner phones. Let me introduce you to burner credit cards!
-Use a checking account to set up an account with privacy.com . This vetted banking site connects you with disposable credit cards and they are an absolute gamechanger. Once you get the hang of it and download the phone app, it’s seamless.
-For free trials requiring a credit card, create a one-time card with a limit of $.99 on it and copy the card info over to the trial sign-up. The site will only recognize that it’s an active card, they won’t know there’s a .99 limit. No need to remember to cancel on time, you can’t be charged more than 0.99 and you are not responsible for the charge. You won’t even have to pay the .99 cents because the company can only charge the subscription fee or nothing at all; nothing in between.
-Similarly, say you pay $9.99/month for Hulu. You can create a monthly “merchant” card locked to your Hulu account that is approved for $9.99/month. If Hulu quietly decides to start charging $15/month, the charge won’t go through, giving you the option of increasing your monthly limit without finding out the hard way that Hulu raised their fees.
-”Virtual” card keeps your buying habits anonymous, and also protect your information in a data breach.
Don’t wait to get hacked to get your info off the internet
-People are largely pretty sloppy with their personal info, at least, until it gets hijacked. Michael Bazzell, privacy expert and former FBI agent, has a free workbook on his website that lists all the sites you should request your info be removed from (this is usually just a few clicks process). Check it out here: inteltechniques.com/workbook.html
-Yes, it’s tedious. If you don’t have time to do it, then you really won’t have time to untangle the dozen lines of credit opened in your name! However, in a pinch, requesting your info to be removed from these sites will have a trickle-down effect, as other sites tend to get their information from these top 10:
Spokeo, Mylife, Radaris, Whitepages, Intelius, BeenVerified, Acxiom, Infotracer, Lexis Nexis, TruePeopleSearch
-Your info is constantly being mined and sold by data brokers, so, unfortunately, removing your info and expecting it to stay removed is about as effective as brushing your teeth once and for all. Plan on making this an annual habit at minimum.
Before you pay your medical bills in full..
Most hospitals are non-profit, which means that they are mandated to have financial assistance, or “charity care” policies. This means if you make under a certain amount of money, the hospital is legally obligated to forgive 50-100% of your medical bills. (They will not tell you this!)
-Google the hospital name + financial assistance.
-Go to the top site that comes up. Scan the page for a link to “Financial Assistance Sliding Scale.”
-The scale shows what % of your bills can be forgiven based on your income and family size.
Access articles behind a paywall
You know how sometimes you click on a really interesting article and start reading it, but then you get a pop-up saying that you have to buy a subscription to read the rest? Nonsense. Solutions, in order of effort:
-Try pasting the headline in Google.
-Try opening the article in an incognito window.
-Go to webtopdf.com/ and paste the url in the convert box.
-Tap on the url and insert “archive.is” or “archive.ph” at the beginning. For example, https://archive.ph/https://www.wsj.com/articles/youre-not-just-binge-watching-netflix-youre-having-an-experience-11582297230. This should provide you with an accessible link.
-If all else fails, sign in to your library’s website using your card number, and look under periodicals.