By Rachel Kronenfeld, Hg’s Manager of Investigations

In business, one often hears the classic query: “How did you hear about us?”  The ways in which people find a business have expanded over time, from word of mouth, the media, company websites, social media, or a phishing email. While all these forms of advertisement can be used to market a legitimate business, they can just as easily be used to market fraudulent businesses, even shell companies.

When a client comes to you wanting to know whether a business is legitimate, they may have an abundance of identifiers to provide you or maybe just a parcel of information, such as a friend’s recommendation, or a business card swapped on a flight between two seat mates. To help answer the questions about a real, or not real, enterprise, the investigative instinct is to gather more identifiers, ask more questions, and understand the purpose of the company for their investigation. Yet, sometimes that ready data isn’t available. To solve for lacking given information—and to stretch our critical research ability—we offer a fresh approach.

This approach reviews a variety of ways in which, despite being given limited information, you may be able to quickly determine if a company is a truly established business. Granted, when going into an investigation, the more information had ahead of time will allow for quicker fact checking. However, researchers are accustomed to working with little information, smaller budgets, and impossible deadlines.

In this 4-part series, we present four research routes when conducting due diligence investigations with little data on hand: Email, company website, social media, and business name. The following vet-by-data approach, handled by professionals, will give you an advantage to researching your client’s potential new lead. This week, we provide the Email Checklist to help you determine the possible legitimacy of a correspondence.


Perhaps your investigation starts from an email your client received, which they are not sure is legitimate. There are several red flags which can be identified within the email itself, before moving onto your broader due diligence. Before anything else, start by reading the email. If the email is supposed to be coming from a company, do they have a company email address? Does the email address match the sender address? Are there typos and grammar errors? These are a few immediate red flags.

A next easy step would be to search the context of the email online. The sender may have sent the same email to several other people, which may have already been exposed and reported by others. Also search the email address online to see where else it may appear.

If there are no red flags flying already, you can also search the original IP address of the sender. The IP address can be found within the original email header and can be searched by using many freely available tools online such as If, for example, the email is coming from another country or an individual clearly not affiliated with the alleged company, it is likely the email is a phishing scam.

Are you an analyst or investigator looking for advanced training on due diligence? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your OSINT skills.


Are you interested in working with a company but unsure if it’s legitimate? As veteran investigators in due diligence, Hg understands the business world and the legal and regulatory frameworks in which corporations and privately held companies operate. Our skilled analysts excel at exposing financial risks, reputational issues, criminal activity, and legal actions detrimental to your personal and business stability. Learn how our team can arm you with the data you need.


Rachel Kronenfeld joined Hetherington Group in 2016 and is Hg’s Manager of Investigations and lead investigator. As a skilled and diverse analyst, she monitors current events and information on the Internet, identifies security threats, and conducts online risk assessment analyses for Hg’s clients. Ms. Kronenfeld conducts trainings for investigators and is a contributing writer to Hg’s newsletter, Data2Know. Her professional research specialty is Open Source Intelligence (OSINT) techniques.