Rebate Tracking OSINT Techniques

On my show this week, I discussed my recent experiences with online rebate tracking. The episode can be heard HERE. I find this technique more "interesting" than valuable to an investigation, but you might locate a nugget of information which assists you. As an example, let's look at Menards. Menards is an American home improvement company which pushes rebates in order to make products appear low-priced. When you buy a product, you can retrieve a rebate slip and mail it off. In a few weeks, numerous checks in small amounts begin arriving at your home. This game provides small discounts, but at what risk? This is where the online rebate center comes in.

Let's start with a visit to https://rebateinternational.com/RebateInternational/tracking.do. This page allows you to enter a first initial, last name, numeric portion of an address, and postal code of your target. This result appears similar to the following.

We now see the purchased items, purchase dates, rebate amounts, and payment details. This gives us a glimpse into the shopping habits of the target and could lead to patterns of behavior which might expose someone's routines. It could also provide pretext value. I could initiate an email phishing attack focused on a specific purchased item announcing a problem with the rebate. That would be so targeted that the recipient would probably click whatever link I sent. This rebate service even stores all purchases within a static URL which is prone to abuse. If my name were Michael Smith and I lived at 1212 Main Street in Houston, Texas, my URL would be the following.

https://rebateinternational.com/RebateInternational/trackResults/M/Smith/1212/77089

Note that this URL does not require any credentialing and is open to brute-force scraping. Next, let's take a look at Lowe's home improvement. They offer a rebate confirmation website at https://lowes-rebates.com/en-us/RebateStatus which allows entry of a cellular number or home address, as follows.

This allows us to potentially translate an unknown cell number into a name and address or vice-versa, as well as obtain shopping history of the target. These two examples are only a small selection of the possibilities. On the show, I explained how I tracked shoppers through the portals for Micro Center, Budweiser, Miller, Kohls, Auto Stores, and other retail establishments. I have found the following three Google searches to assist with finding companies which offer similar options.

https://www.google.com/search?q=intitle:"rebate center"
https://www.google.com/search?q=“track+my+rebate”
https://www.google.com/search?q=“track+your+rebate”

The Privacy, Security, & OSINT Show – Episode 218

EPISODE 218-Rebate Tracking (Privacy & OSINT)

This week, I discuss the privacy concerns and OSINT benefits of rebate tracking portals. You might be surprised at the wealth of details exposed when we request rebates from stores.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Rebate Tracking

UPDATES:

OSIP Certification:
https://www.inteltechniques.net/
https://inteltechniques.com/blog/2021/05/25/new-osip-certification/

REBATE TRACKING (PRIVACY & OSINT) :

https://inteltechniques.com/blog/2021/05/28/rebate-tracking-osint-techniques/

Menards
https://rebateinternational.com/RebateInternational/tracking.do#track-rebate

Lowes
https://lowes-rebates.com/en-us/RebateStatus

Parago
https://rebatetrack.com/promocenter/parago/track.html
http://rebateshq.com/promocenter/rebateshq/track.html
Microcenter: https://rebatetrack.com/quick/track/microcenter
Miller: https://rebatetrack.com/quick/track/miller_lite
Kohls: https://rebatetrack.com/quick/track/kohls

PFC/GPG
http://rewardsbymail.com/
https://rapid-rebates.com/tracking/Content/NewSearch.aspx

Patriot RAM
https://patriotmem.4myrebate.com/Claim/TrackaRebate

McAfee
https://mcafee.4myrebate.com/Claim/TrackaRebate

Verizon
https://www.yourdigitalrebatecenter.com//#!/track

Advance Auto
https://advanceautoparts.4myrebate.com/Claim/TrackaRebate

Napa
https://www.naparebates.com/track-your-reward.aspx

Budweiser
https://www.myabrebates.com/track/

Sirius
http://siriusxmrebates.com/promocenter/siriusxm/track.html

Mobil
https://mobil.rebateresearch.com/

Scotts
http://osmocoterebates.com/promocenter/scotts/track.html

Lessons:
OSINT can identify previous purchases
Exposes patterns of behavior
Provides pretext for a call/email phish
Rebates carry risk
Alias names/addresses don't work
Misspellings may help

OSINT:

https://www.google.com/search?q=intitle:"rebate center"
https://www.google.com/search?q=“track+my+rebate”
https://www.google.com/search?q=“track+your+rebate”


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH


New OSIP Certification

When I started teaching Open Source Intelligence (OSINT) in 1999, I had no idea it would become such a popular topic. This led to the IntelTechniques online video training in 2013 and transition to Jason Edison's new online training in 2020. Today, we are officially announcing the next phase. We now offer the official IntelTechniques Open Source Intelligence Professional (OSIP) Certification. This is much more than taking a course and passing a test. It is a complex process of detailed training, monitored examination, and a lengthy final report. This allows us to vouch for your skills. We have much more information at the links below.

IntelTechniques Training: https://inteltechniques.net

Training FAQ: https://inteltechniques.com/training-faq.html

OSIP Details: https://inteltechniques.com/training-osip.html

The Privacy, Security, & OSINT Show – Episode 217

EPISODE 217-Extreme Privacy 3 & New VOIP Strategies

This week I present my latest book, Extreme Privacy 3rd Edition, and discuss the updates, changes, and overall differences from the previous editions. Plus, I offer my new VOIP strategies and an important OSINT tip for those using Virtual Machines.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

None

UPDATES:

None

EXTREME PRIVACY 3RD EDITION:
https://inteltechniques.com/book7.html

NEW WORKBOOKS:
https://inteltechniques.com/links.html
https://inteltechniques.com/blog/2021/05/14/my-experience-with-privacybot/

NEW VOIP STRATEGIES:
https://www.twilio.com/referral/9FGpxr
https://refer.telnyx.com/refer/zrfmo
Number Porting

OSINT:
VM Updates
https://inteltechniques.com/blog/2021/05/10/important-osint-vm-update/


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail Encrypted Email: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
Fastmail Business Email: https://ref.fm/u14547153
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH


Infected PDF Copies of Extreme Privacy Have Arrived

That didn't take long. Today, I received the following email:

"I just downloaded your latest book and now my computer says it is infected! What the F(redacted) man? I thought you were tryin to help people?"

First, I don't offer eBooks. Second, complaining to authors after downloading illegal copies of books is a bit ironic. I was curious, so I responded. The person sent me a file via Tresorit titled "Extreme.Privacy.3.PDF". Virus Total immediately identified it as infected:

The PDF did not contain any content from the book. It was hosted on a well-known eBook piracy website and was just a ruse to convince someone to download a copy in order to infect a machine. His computer was not infected from it, as his A/V caught it and quarantined it. This was a fairly amateur attempt. I suspect soon we will see more targeted infection campaigns with more successful documents. Be careful out there.