Scam emails aren’t random. The recipient fields already tell you a lot. 📥 TO, CC & BCC Explained TO: You’re the main target Your email is openly listed. They contacted you directly. CC: Everyone can see each other If strangers are CC’d, it’s a bulk blast from a scraped or leaked list. BCC: You don’t appear anywhere You’ll receive the email, but your address won’t show in To/CC. Classic sign of mass phishing campaigns. If you see “To: (empty)” or the sender’s own address → you were BCC’d. 🔍 How to Track Where Your Email Leaked ✔ Plus Addressing Use aliases like: name+amazon@… name+instagram@… If spam arrives on that alias → you know exactly who leaked or sold it. ✔ Have I Been Pwned Check if your email appeared in a breach. Turn on notifications so you get alerts immediately. ✔ Email Headers (advanced) or click: “<> Show original” in the menu with the three dots if you use G Mail. Look at return path, server, and SPF/DKIM/DMARC. If it doesn’t match the claimed sender → scam. We’ll take a deep dive into this in an advanced E-mail course. What can you do moving forward? 🛡️ Protect Your Inbox - Use aliases or +addressing - Turn on HIBP alerts https://haveibeenpwned.com - Unique passwords + app-based MFA - Don’t click links! Open sites manually

Last week Candace Owens discussed the reported Charlie Kirk assassination incident and highlighted one important digital-forensics detail: On September 10, the day of the reported event at Utah Valley University, ➡️ 12 personal cell phones registered in Israel were allegedly detected onsite. ➡️ These were real Israeli accounts, not VPN traffic. ➡️ And the presence of these devices reportedly alerted NSA officials, Kash Patel, and people inside the current administration. Whether this claim is fact or theory, the lesson for every investigator is the same: 📡 Your SIM card is a tracking beacon. Your phone’s origin will expose you before anything else.** Your SIM tells a story: - The country where it was issued - The network it belongs to - The registration metadata tied to it - The IMEI behavior patterns If you stand in a crowd of 2,000 domestic devices while carrying a foreign SIM, you stick out like a flare gun in network telemetry. That’s why governments and investigators routinely analyze: ✔️ MCC/MNC (country & carrier) ✔️ Roaming events ✔️ Tower handshakes ✔️ Device-SIM mismatches ✔️ Local vs foreign subscriber profiles 🛰️ Pro Tip: Use a local E-SIM to blend in when traveling If you care about operational privacy—whether you’re: - An OSINT researcher - A journalist - A private investigator - A risk-exposed professional - A corporate compliance analyst working abroad your phone should not betray your location or origin. 🔥 Tools like Revolut E-SIMs let you download a local profile instantly, choosing the country you’re in so you don’t stand out in cell-network metadata. Just download the app so you can set up an account to use when you go abroad. Advantages: - You appear as a local device, not a foreign visitor - No physical SIM swap required - Fast activation from your phone - Reduces metadata anomalies that draw attention - Helps avoid “Why is this device from X country here today?” problems - No need to use public WiFi. Please don’t ever.

When you share a post straight from Instagram, TikTok, Facebook, or X, the link carries your fingerprint. If anyone forwards that link, the next person can see that YOU were the original sender or WHO, you got it from. . This is bad for normal people. But for a double spy? It’s catastrophic. 🎯 Why This Is Dangerous for a Double Agent A double spy lives between two sides that must never know the other exists. Picture this: You send a link to Side A. Someone in Side A forwards it to Side B. Side B opens the link… and sees that YOU were the original sharer. Instantly, Side B knows: - You’re communicating privately with Side A - You’re active on both fronts - You shared content across the lines - You’re not loyal to only them - Your cover is blown This is not paranoia, this is how operatives get: - exposed - interrogated - cut off - or worse All because of one shared link. 🔍 OSINT Explanation: What the Link Reveals When you hit “Share,” the platform often embeds: - Your user ID - A share token tied to your account - A referral code marking your link - A timestamp of when you shared it - Sometimes your device type - Sometimes regional or language tags When that link circulates, the metadata stays. Whoever opens the forwarded link can see: - It originated from your app session - It was shared by your account - And the person who forwarded it wasn’t the source, YOU were That’s enough to expose: - your movements - your loyalties - your private communications - your entire operational position 🧠 The Rule If you’re in any sensitive role such as an investigator, journalist, operative or double spy, you never share directly from the platform. You always: - copy the raw URL - strip tracking - send the clean link OR - screenshot (metadata removed) - describe the content ⚡ Final Warning A post shared the wrong way can expose the right person. In espionage terms: A single link can burn an entire operation.

Want free unlimited account aliases without creating a new account or separate inbox? Use plus-addressing: add +tag to your email (e.g. yourname+skool@example.com). All mail still arrives in your main mailbox, but each signup gets a unique address you can track, filter and revoke. Like this you can keep track of who leaked your email, if you for example receive spam. This is also a great way to keep your inbox organized. If you go to the settings of your inbox you can created filters to apply to that specific email address or +tag. For example to delete if it was made for temporary use only. There are many more benefits and applications for plus-addressing. Just keep in mind that this is a productivity tip and not a security feature. It also does nothing in terms of security or anonymity. If thats what you are looking for you should actually use a temporary email address provider and follow the basics of anonymous browsing. Stay tuned. Anonymity 101 course dropping next month (november). Images 101 course is live.