Cash App & Zelle OSINT
Exploiting Ubiquitous Human Behaviors
Ubiquitous: Constantly encountered, widespread.
During an OSINT investigation, every piece of information is important, and often times when tasked with locating someone, you start off with a small amount of information. After locating a potential phone number you might try whitepages or a the common website like cellrevealer.com found in every researcher’s tool bag.
You might use the phone number to search the dark web for data leaks, or maybe you use a linux tool to scrape the web. Before you spend hours trying to tap into satellites and geolocate someone, plug that phone number into these two applications…
Let us never overlook two apps many of us have used at one point or another.
Two power tools for us are Cash App & Zelle.
Anything with a search bar becomes a valuable tool for the researcher. Both of these apps allow you to search with an email or phone number. Cash app also allows you to search with a username as well.
The Reality:
Your target may have been smart enough to avoid using that number as contact info for their light bill or insurance bill, but maybe they used it for a verification code and never took it down as a search method. You’ll want to exploit bad opsec practices especially when the target is potentially not an expert in online privacy tactics.
One of the first things we do before an investigation starts is identify the level of sophistication/capability of the target. Who are we up against? This will help in understanding where to look first. If your target is former NSA/CIA, then most likely what you find on cash app is a false trail.
In OSINT we see usernames that are commonly shared across applications and that extends to bank apps and money transfer apps.
Banks you are probably familiar with… Wells Fargo, Bank of America, Chase, Truist, American Express, etc. Any bank that partners with Zelle will let you search by phone number to locate the recipient for your transaction.
Keep in mind that people are more likely to give a bank verified and up to date information that extends to a working email address, working phone number, full Legal name…Because nobody wants to be accused of fraud and they want access to their money NOW.
You might also find business names used which offers a good pivot point for you.
Using Zelle, you can attempt to send $1 to your target and right before the final review of the transaction it will ask if you’d like to send $1 to… ** Insert Name **.
A large percentage of my targets 35 years old and under had a cash app associated with their phone number. Some had their actual names, some used a fake name. Most people used a well dressed photo of themselves which you could easily do a reverse image search on and locate a PLETHORA of other websites they’re found on.
As a privacy tip, through cash app you can set up an account with just a debit card and an email address. Phone number can be bypassed, but be careful with setting up too many accounts because cash app won’t let you use the same debit/credit cards across multiple accounts, too many times. Try using privacy.com instead of your personal checking account.
Sometimes cash app will request your name and last 4 of social for verification purposes at their discretion, if they find anything suspicious.
In intelligence, every piece of data can be instrumental in locating your target. Remember to never overlook tools like these which can save you hours during your investigation.
#OSINT for the win!
Stay Vigilant.
