All kinds of people pretend to be someone they're not on the internet, including scammers, people attempting to wind others up, hackers and web predators. Almost all of these people will leave bases uncovered and they're all easy to expose when you understand how to. Here are my favorite ways of finding out when somebody is lying quickly.
A common mistake made by imposters is sending you an image of a person or location straight from a search engine, which are easy to spot using Google's search by image tool. The search by image tool is accessed by going to Google Images and clicking on the small camera icon in the search bar, shown in this image:
After you click on the camera icon you will be presented with this window:
The process from here is fairly self explanatory, if no results or only one or two results show up it's possible it is the sender's image. However, it could still belong to someone else whom doesn't show up on Google. If there are lots of results you can be fairly sure the person who sent you the image is lying. Other tools can do the same thing as Google's search by image feature, for example, TinEye is a useful tool for the same purpose and often returns different results.
When an image is captured a lot of details are recorded, including the camera make, time taken and even details like exposure. If the image is taken using a high quality camera or a phone which "GeoTags" photos, then the images' Exif data can include GPS coordinates that tell you instantly where an image was taken. This can help identify someone in several ways, for example, if they say they live in England yet an image that is supposedly of them was taken in Australia, then there's a high chance they're lying to you about their location or who they really are. Of course, they could have sent you a holiday shot, but that's up to you to decide.
Viewing Exif data is quite easy on Windows, and probably on other operating systems, however I've never tried myself so I won't be talking about those in this article. On Windows you can just right-click the image in Windows Explorer, click properties and go onto the details tab; this will give you some information (but often not all of the information available) in a window like this:
To get more information, you would need some third party software. I personally use the free version of Opanda IExif, although plenty of alternatives are available if you don't like this freeware tool. Opanda IExif is fairly easy to use. You run the program, click on the open button and can see all of the Exif data using the tabs on the top-left of the window. IExif can also be used to edit Exif data if you want to, so don't always count Exif data as reliable. Here's a screenshot of IExif in action:
Exif data is not available on every image. A few image hosting services and social networks remove all Exif data when the image is uploaded, for example Facebook removes Exif data.
This is a bit more complicated than using Exif data to find the location of somebody and often a lot less accurate, especially in the UK where a lot of people use proxies to hide their location without knowing they are. However, in some parts of the US this process can be accurate down to a postcode.
For this article, I will use Omegle to demonstrate, but it will work with Skype, MSN and almost any live video chat program. You will need network analysis software, but it doesn't need to be complex. I use Wireshark, but any should work. Here's how to trace somebody using their webcam:
Run Wireshark and click on "Capture Options" (1). You will be presented with a new window (2). In this new window you should set the 1st interface option to local (3) and select your interface in the next box (4). If you don't know this, you may need to use trial and error. Once you start the capture, if you don't have the right interface, normally nothing will be found. You should make sure the "Update list of packets in real time" box is ticked (5). Then click "Start" (6).
I use this website because it is simple and reliable depending on the ISP of the IP address you're attempting to trace. Using this service is quite easy; you enter the IP address into the box next to the "Track IP, host or website" button and click on that button, which will provide you with the information about this IP address.
Make sure the person you want to trace is transmitting and/or receiving video and be sure you have enough time to trace the person. The first time tracing can take around a minute, but as you get more experienced you can lower this to around 10 seconds. This doesn't seem like long, but on a website like Omegle, it can be hard to find someone who'll stay that long and that you don't want to disconnect from instantly.
When you start the capture you should see your screen filled with IP addresses, most of them are unimportant to us and until you start the video call nothing will stand out.
One good thing about tracing via video is that they don't have to be sending, only receiving or vice versa. Once the video call is in progress, two addresses will stand out. One will usually be 192.168.#.##, this is your local IP address and unimportant in this process, the other will be repeated a lot in the source column, destination column or both depending on who is sending and receiving. This IP address is the one of the other person involved in the call.
If more than one IP address is repeated a lot, this could be due to a download or video streaming on your computer. This is an example of how the IP address should stand out:
If you don't see any IP address which stands out then other ways to identify the target address include typing "UDP" in the filter box, because this is normally the protocol used for video calls, or looking for the ports you would usually send and receive video through.
Go back to the IP Tracing webpage, enter the IP address you want to trace and click the "Track IP, host or website" button. You should be presented with the location of the IP address. In my experience, the country this website gives is almost always correct, however, in some places the city is not. In some American states, if you are lucky the trace can be narrowed down to a postcode, however, this is normally a little off in my experience.
You now have the location of the IP address you are in a video call with. If this doesn't match where the person claims to be from, they're probably lying. In case you don't believe in the accuracy of this tool, here is an example from my attempts on Omegle. The website doesn't provide the right city every time, but when it does, this clearly has an effect on the person you're speaking to.
The knowledge of someone's location is enough to make them believe a lot, even though my webcam showed me (not very masculine but none the less male), they believed I was named Abi and lived 2 doors down the road from them. It didn't seem to matter that I had never met them and had no evidence other than a ZIP code near them, not even theirs.
This shows how easy making somebody feel they know you is, and even though this person would (I hope) realize I wasn't called Abi, it doesn't take much to make somebody believe you are who you say you are without asking many questions, and shows you should be careful about how much evidence you need before you believe somebody is who they claim to be.
This is one of the most basic yet effective ways of finding out if somebody is who they say they are. I find it best to drop questions subtly into the conversation, for example, ask them if they know of a completely made-up street in their town. If they say they do, you should be a little more suspicious.
Another example if they say they live in the same area as you is to ask them something most people in your area have heard about, for example, a small news story or well-known person that isn't easy to find out about on the internet. If they know, it's likely that they genuinely do know the area, but if not, this is yet another reason to be suspicious.
If you ask them about something one day and say you dislike it, they agree and then in a few days you tell them you do like it and they once again agree, then you know they're only saying what you want to hear, again arousing suspicion.
The chances of you meeting someone over the internet from your area who has something you want, whether this is friendship, a "business opportunity" or some way to earn money, are slim, however not non-existent.
On that note, it is very important to closely scrutinize new internet acquaintances but not disregard them altogether immediately, and it's important you realize everything in this article can be faked, so even if somebody seems legit based on this article, you should still be cautious.
If you have any tips on this subject, then please share them in the comments.
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.