WEBVTT 00:00.870 --> 00:05.070 In this video, we're going to be talking about unmasking users with Google Docs. 00:05.400 --> 00:10.170 Now, this is actually a pretty simple trick and it's something they really didn't think about until 00:10.170 --> 00:13.620 I read a Twitter post about this recently. 00:13.950 --> 00:21.510 So the idea is if we have a Google user and we want to try and unmask them, well, how do we do that? 00:21.870 --> 00:28.890 When we email someone with a with the Google account or we get a Google account email, we'll just see 00:28.890 --> 00:33.900 whatever the name on the email is, say dispo games at gmail.com. 00:35.560 --> 00:37.860 You know, some random user at gmail.com. 00:37.860 --> 00:38.310 ET cetera. 00:38.310 --> 00:41.040 It doesn't actually give us the actual user name. 00:41.310 --> 00:48.420 Well, one way we can potentially unmask that is if we create a Google doc and we click on the share 00:48.420 --> 00:49.140 button. 00:50.430 --> 00:56.910 We put the person's username in their whatever their email address is, and we also make sure we uncheck 00:56.910 --> 01:01.290 the notify people box before we actually send the document. 01:02.290 --> 01:07.450 And we want to do this because we don't want them to know that we're sharing a document with them. 01:07.600 --> 01:13.450 So once we do that, we click the share button and now we're sharing a document which should technically 01:13.450 --> 01:14.580 be a blank document. 01:14.590 --> 01:17.770 Don't use a document that that's something important just in case. 01:17.770 --> 01:19.690 For some reason they find it. 01:20.630 --> 01:27.090 So once that's set up, go back into the shared document and take a look at who has access to it. 01:27.110 --> 01:31.190 You're, of course, going to be able to see yourself, but we'll be able to see also the person we 01:31.190 --> 01:35.000 shared the the document with their Gmail account. 01:35.000 --> 01:38.480 And we'll be able to see the the name associated with that account. 01:39.100 --> 01:45.940 Now, if you're lucky that that name won't be different from the actual email address or it will be 01:45.940 --> 01:46.810 a real name. 01:48.140 --> 01:53.780 Now, there's no guarantee it's going to be a actual name for someone they could have put a bogus name 01:53.780 --> 01:54.170 in. 01:55.160 --> 01:59.780 Which we all do if we're creating the SOC Pub and Gmail accounts, for example. 01:59.780 --> 02:03.560 But it is some information that we can potentially use and run with. 02:05.440 --> 02:11.440 So again, it's a really simple process to kind of figure that out and it can help you with your investigation. 02:12.090 --> 02:17.700 So when we're doing this, of course, make sure you're using a sock puppet account when you're running 02:17.700 --> 02:18.630 these things. 02:19.320 --> 02:21.390 Preferably have your VPN on. 02:21.630 --> 02:28.830 For example, run a VPN multi hop for the VPN with a internet kill switch. 02:28.830 --> 02:30.300 It might VPN drops. 02:31.110 --> 02:33.570 Don't use an important document for this. 02:33.570 --> 02:39.090 You don't want to have an important document like say your investigation document and you're sharing 02:39.090 --> 02:41.400 it with a person that you're investigating. 02:41.400 --> 02:45.090 And for some reason maybe you forget to uncheck the box that says. 02:46.060 --> 02:50.950 Do not alert this person that, hey, I'm sharing this document with. 02:51.190 --> 02:55.330 So use a blank document that's always the same as saying use a blank document. 02:56.080 --> 02:59.050 And once we have the name, of course, we could try doing Google Docs. 02:59.050 --> 03:06.760 We could do regular Google searches, we could feed that name into Mr. Holmes, Sherlock Holmes, etc.. 03:07.090 --> 03:10.570 And of course, this trick only works with Google users. 03:10.570 --> 03:17.860 People with Gmail accounts for people that have Outlook or Hotmail, for example, You might be able 03:17.860 --> 03:19.540 to use something like Skype. 03:20.800 --> 03:21.610 Type the name. 03:21.640 --> 03:26.440 Type their email address into Skype and you might be able to get a actual name from that. 03:26.770 --> 03:28.270 So I hope this helps. 03:28.660 --> 03:34.390 Again, it's a very simple way to potentially pull names from Gmail accounts. 03:35.290 --> 03:36.540 I thought it was pretty useful. 03:36.550 --> 03:38.500 It has been very useful for me. 03:39.990 --> 03:44.300 Do an investigation on scammers and whatnot, and I hope you enjoy it. 03:44.310 --> 03:45.400 Thank you for watching. 03:45.420 --> 03:46.710 I'll see you in the next video.