Email permutators and the browser extension LinkedIn Sales Navigator have been on the market for quite a while. Both are among the basic tools of trade for marketing and sales. Combined, they make a powerful OSINT tool for email verification.
Let’s imagine the following white-collar crime scenario. We are investigating a fraud case and screen one of the suspects: Fritz Marchow. He has a LinkedIn profile but what we do not know is his email address.
Most people use rather unsophisticated email addresses based on a variation of variables such as firstname, lastname, middle and nickname or the respective initials and use a common email provider. Therefore, it is not rocket science to guess these combinations.
An email permutator will do most of the work and, hence, save us a lot of time. Our tool of choice is Email Permutator+, since it allows us to permutate addresses for three domains at the same time.
We fill in the information we have: our suspect’s first- and lastname. We choose the domains manually. We start with gmail.com and yahoo.com and pick outlook.de as the third option, since our case is set in Germany. The tool permutates 102 email addresses, waiting to be copied to our clipboard.
We have already installed the LinkedIn Sales Navigator for Gmail Lite browser extension from the chrome web store. Now all we have to do is open our Gmail account and paste the copied list in the ‘to’ field of an email that we are composing. While we hover over the addresses with the cursor, we see the details appear in the Sales Navigator sidebar on the right.
It’s a match! Hovering over firstname.lastname@example.org the Sales Navigator shows the LinkedIn profile that belongs to this address. We now have our suspect’s confirmed email address. If there is no matching LinkedIn profile for one of the addresses we are hovering over, the Sales Navigator will show that.
On a side note: Hovering over any Gmail address will also reveal a corresponding Google account with first- and lastname and the profile picture or an initial in case no picture has been added. This is an easy method for verifying gmail addresses. Sometimes this also works for other email providers as well, such as Hotmail.
In our case, we have another match hovering over email@example.com. Recognizing the same profile picture he used for LinkedIn we now have a second email address that can be attributed to our suspect.
Email permutation has its limitations. It can only use a number of preset variables. As with most OSINT tools: Combined with the LinkedIn Sales Navigator it will most likely not solve your case. However, it adds another puzzle piece. In the end, many of those make up an overall picture.
It is worth mentioning that this tool ONLY uses publicly available data and it cannot help finding the email address of people who want to keep it hidden.
Sebastian Schramm / 16.11.2018