How Do You Find Someone Who Doesn’t Want to be Found?


Identity is a subject that has fascinated humans for ages. Who am I? Who are you? While no one can easily answer these philosophical quandaries, identity is an important part of many fraud investigations — especially when someone is trying to hide it.

In his virtual session “The John Smith Problem: Forensic Identity Resolution in Global Investigations,” at the 31st Annual ACFE Global Fraud Conference, Robert Sinex, CFE, walked attendees through some of the ways they could find identities and use them to further investigations. Sinex, who is a solutions engineer at Dun & Bradstreet, explained that identity is made up of not only attributes, like a name and telephone number, but also behavior, like hobbies and routines.

“Identity does not always have to be a person,” he said. “Identity could be a business, or it could be sussing out the identity of an email address.” He recommended that fraud examiners look beyond just the attributes part of an identity and include behaviors. “That gives us more things to hold on to when we need to make those associations,” he said. “It’s not just as simple as matching things together; it’s a multidimensional problem.”

He explained that the more attributable and behavioral data you can gather about an identity helps create a solid foundation to understand the identity in question, and therefore helps investigators have context about who, or what, they’re dealing with. It can also help predict future behavior.

When collecting data about an identity — whether it is information about a shell company or tracking an individual you believe is connected to fraud in an organization — he warned attendees to be aware of four major factors that could influence their investigation. The first hurdle is bias.

“Bias is probably the most challenging thing we have to confront as investigators,” he said. Bias can come in the form of confirmation bias, which can happen when an investigator already has evidence that sways them into believing a certain party is guilty or involved in wrongdoing. Convenience sampling is another form of bias where investigators look at the data they have to draw conclusions instead of asking, “What data do I not have that could create a more complete picture of this?”

Source bias is another area of concern, which is when investigators lean too heavily on individual sources without asking how the source got their data or if the source has an agenda. Even nonhuman sources like certain databases may show only partial data that may be tied to advertising or other motivations.

Another major factor that can cause issues in ascertaining identities is when an individual or entity intentionally obfuscates part, or all, of their identity. They may use shell or shelf companies, the dark web or cryptocurrency to hide their transactions, location or name. They also can hide identities using adversarial manipulation, which is when they show false or misleading information instead of obfuscating their activities. “Understanding your source helps alleviate some of these things,” he said. Ultimately you don’t want to waste time going on a wild goose chase.

The final factor that can influence an identity investigation is data accuracy. While many investigators focus on new data, or data that can be verified as accurate, he told attendees that they should keep their minds open to all types of information. “Don’t just discount data because it’s inaccurate or old,” he said. “We don’t want to overlook the fact that many times inaccurate data, or old data, can be extremely valuable.”

Sinex used the example of how one of the founders of Silk Road was unmasked when investigators found a thread that was five or six years old in which he asked for tech help and provided an email address. They were able to use that old email address to tie a number of things back to him.

He also used GDPR as an example of a time when old data might be useful. “Privacy [regulations are] something that’s going to be a challenge for us,” he said. However, if you can access historical data before GDPR was enacted, that might provide a good lead on an identity.

Since many fraud examiners may be searching for identities that are international, Sinex also addressed things to keep in mind with cross-border investigations involving identities. The biggest piece of advice he gave was for investigators to remember that different countries and cultures have different naming conventions, and that names are often not exact translations of what you may have. “Many times with companies there isn’t a literal translation of the name,” he said. “What you end up with is something that sounds phonetically correct.”

Local dialects and different rules for incorporations can change how the same company may be registered in different countries. For domestic Chinese companies, business names usually start with registered location followed by the given name, what the company does and the company type. He used the example of Latin American naming conventions for how an individual’s name can change too. They often have three or four given names that can be shortened or used in a variety of ways, and middle names are sometimes used as first names. “What we would see is in the U.S., they’d use different combinations of the same name,” he said.

Sinex left attendees with a few overarching tips for investigating identities:

  • Don’t rely too heavily on any single attribute or behavior.

  • Understand your sources.

  • Don’t discount the value of old or inaccurate information.

  • Understand the operating environment of the target.

When fraud examiners keep all these factors in mind, they’re more likely to be able to accurately track identities in their investigations.