Do Not Forward or Copy!

Do you want more control over what recipients can do with your email and attachments?

I have decided to put together a quick blog, nothing fancy on how you might want to have more control over how emails and attachments are treated by the recipient. I welcome any feedback if people have other tricks of the trade. I am simply going to use tools we already have available, no need to buy extra software.

I won’t generally sent a Word document as an attachment, I will convert it to a PDF. Once converted I will enable the PDF Protection so that it can not be edited or copied.

Open the PDF document that you want to protect and then go to the navigation bar on the right hand side and scroll down until you find the following Protect icon: –

Click on the icon and this will then open up the below option at the top of the document: –

Click on the above Protect Using Password and you will be presented with the below: –

Select, Editing and choose a password. Then finish by pressing Apply.

If you really want to lock the document down we can take it to the next level by encrypting it. This means that not only can it not be edited or copied, it cannot be saved or printed either. There are two ways to this.

Where we originally chose Editing you can also select Advanced Options: –

From the above image you can select Advanced Options and you will see that there is a drop down menu. Here you can select Encrypt with Password, which will bring up the below image: –

Here you can select whether the document needs a password to open it or you can stop people from printing or saving it again using a password.

The other way is to choose the Advanced Option tab at the top of the document when you enable security measures by clicking the Protect icon: –

This time we will select the Advanced Options: –

This will bring you to the menu as above where you can choose to set a password to open the document or you can require a password to enable the document to be saved or printed.

The next  step is to make sure that the recipient(s) cannot forward, print, or copy the content of your email. I will use Outlook Office 365 as my example as this is widely used. Depending on your version of Outlook the instructions can vary.

Click – New Email: –

Then the select the Options Tab: –

Lastly click the drop down menu under the Encrypt icon and select – Do Not Forward

All done. This will stop a person from forwarding, printing, or copying the content of the email.

Email to Username

It has been a while now since my last blog post, so I thought it was time I got the keyboard out. I hadn’t realised how long it had actually been until I started migrating my Medium content to my own website.

I want to write a small blog on how we can use an email address to pivot onto a username and how we can expand our search capabilities.

The three tools I am going to use are, haveibeenpwned.com, epieos.com and whatsmyname.app. I accept that other tools are available and that this is not an exhaustive list. I would always verify and aggregate any results. The reason for choosing these particular three, are that they return clear easy to digest results, without the need to create and log into an account.

I find some of the other Username sites a bit cluttered and not easy to initially assess with the different traffic lights they use, whatsmyname.app simply tells you what it finds as well as providing a view of the URL, plus its supported by @webBreacher and @osintcombine so, nuff said. Dehashed is another tool that I use for checking emails and usernames that I like. Which sites you use is personal preference, it is as much about the methodology and mindset as it is the tools.

Sometimes our starting point for OSINT, is simply, a name, or a mobile telephone number, a username perhaps, or even an email address.

My starting point is an email address, a Gmail one in fact, I have deliberately redacted a lot of detail for privacy reasons but I can guarantee you the end results reflects my starting point.

As you can see below, my first port of call is, haveibeenpwned.com. You can see that the email address has been in 2 data breaches. Are any of them of use to us though?

Clearly we have the possibility to go looking through breached data sites to see what else we can find about this email address. That is outside the scope of this blog however. What it does confirm is that we have an email address that appears to be a verified account.

Now I wasn’t over excited about what I found on this email address. There wasn’t many pivot points to be honest.

I decided I would play about with the email address, so I removed the full stop. Lets see if this makes any difference. Gmail does not recognise dots (.) in an email address. If johndoe@gmail.com was your email address you own all the dotted versions of your address, for example:-

john.doe@gmail.com

j.o.h.n.d.o.e@gmail.com

This potentially allows an individual the ability to created multiple user accounts on a single platform but they only need to ever log into the one email account.

This was in far more breaches and revealed potentially some interesting pivot points, one being the LinkedIn breach.

What we can also do is alter the email domain further to see if the altered address is in any breaches too. We can continue doing this as long as we want. We could also use an email permutator site to give us some ideas of the different versions we could use. What I tend to look for are accounts where further OSINT is possible, Linkedin as discussed, or MyFitnessPal, this may indicate someone is using Strava.

At this point I have found three email addresses that have been breached, these were the only three permutations I tried and you will see later when I use whatsmyname.app that there was potentially a fourth email address permutation I could have used.

I will now move onto a really useful site https://tools.epieos.com/ Recently when the site went down, it forced me to install the cmd line versions of the tools used on the site from GitHub. This I would recommend, just in case the site goes down again or disappears forever, so that you have resilience. The Google account research has certainly come on since @Sector035 first posted about what he had discovered.

https://github.com/mxrch/GHunt

https://github.com/megadose/holehe

As I am using a Gmail account we get the extra functionality of GHunt, however even without GHunt we can still use the tool and methodology to research over email domains.

The original email that I started with which included the (.) I got the following result, a name and a profile photo. Not a bad start.

The second email also provides me with the same profile photo too, the Google Ids also match. I now feel confident that the two email addresses are linked to the same person.