A founder (Mr Zhao) of a boutique company reached out to us with urgency. His business was getting tarnished by unknown person. He/She (The cyber criminal) was creating fictitious email accounts and was sending abusive emails claiming to be victim of the company. Seemingly unrelated to this a business associated had filed a complaints with the authorities claiming his dues were not paid. While Mr Zhao suspected it to be of the same person, he didn’t know how to prove it and take the matter with authorities.
Thats where we stepped in. With the help of our knowledge/frameworks, we set upon to prove three aspects.
1. Analyze all the emails (fictitious and right ones) and check for digital footprint (ISP, ip addresses, macs if any). Unfortunately in this case, it turned out to be the cyber criminal was smart and he was using a proxie(s) or VPN or spoofed ids. Note if the criminal is using public networks it would be hard to trace them.
2) We analyzed the writing content for any similarities in styles. Unfortunately here also the abusive emails were intentionally written badly and official emails were well officious.
It was almost looked like these mails were unconnected and that is when we decided to try the email tracking tools to see if the emails were coming from the same location. Using these tools we sent a reply to the abusive emails as well as official emails. And true to the suspicion it turned out that all the emails were opened at the same location, thus providing us enough data to correlate these. Armed with this the founder went to the authorities and was able to quash the claims as well as convict the person of these crimes.